Improved permission checking for certain controllers.

src/Controller/AttachmentFileController.php

@@ -131,7 +131,7 @@ class AttachmentFileController extends AbstractController
      */
     public function attachmentsTable(Request $request, DataTableFactory $dataTableFactory, NodesListBuilder $nodesListBuilder)
     {
-        $this->denyAccessUnlessGranted('read', new PartAttachment());
+        $this->denyAccessUnlessGranted('@attachments.list_attachments');
 
         $formRequest = clone $request;
         $formRequest->setMethod('GET');

src/Controller/TypeaheadController.php

@@ -156,6 +156,11 @@ class TypeaheadController extends AbstractController
     public function parameters(string $type, EntityManagerInterface $entityManager, string $query = ""): JsonResponse
     {
         $class = $this->typeToParameterClass($type);
+
+        $test_obj = new $class();
+        //Ensure user has the correct permissions
+        $this->denyAccessUnlessGranted('read', $test_obj);
+
         /** @var ParameterRepository $repository */
         $repository = $entityManager->getRepository($class);
 
@@ -169,6 +174,8 @@ class TypeaheadController extends AbstractController
      */
     public function tags(string $query, TagFinder $finder): JsonResponse
     {
+        $this->denyAccessUnlessGranted('@parts.read');
+
         $array = $finder->searchTags($query);
 
         $normalizers = [

src/Controller/WebauthnKeyRegistrationController.php

@@ -18,6 +18,8 @@ class WebauthnKeyRegistrationController extends AbstractController
      */
     public function register(Request $request, TFAWebauthnRegistrationHelper $registrationHelper, EntityManagerInterface $em)
     {
+        //When user change its settings, he should be logged  in fully.
+        $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
 
         //If form was submitted, check the auth response
         if ($request->getMethod() === 'POST') {