mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-25 11:18:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improved permission checking for certain controllers.

Browse source
This commit is contained in:
Jan Böhmer 2022-11-05 23:49:53 +01:00
parent a30b67e328
commit 78d1dff40f
3 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/WebauthnKeyRegistrationController.php
View file

@ -18,6 +18,8 @@ class WebauthnKeyRegistrationController extends AbstractController
*/
public function register(Request $request, TFAWebauthnRegistrationHelper $registrationHelper, EntityManagerInterface $em)
{
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
//If form was submitted, check the auth response
if ($request->getMethod() === 'POST') {