mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-24 02:38:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added permissions to control access to API and manage API tokens

Browse source
This commit is contained in:
Jan Böhmer 2023-08-26 22:57:50 +02:00
parent be14fe548c
commit 8fe3f4cf5c
7 changed files with 60 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/UserSettingsController.php
View file

@ -406,6 +406,8 @@ class UserSettingsController extends AbstractController
#[Route('/api_token/create', name: 'user_api_token_create')]
public function addApiToken(Request $request, EntityManagerInterface $entityManager): Response
{
$this->denyAccessUnlessGranted('@api.manage_tokens');
$token = new ApiToken();
$token->setUser($this->getUser());