From afaa918ce639614057fabb60b13f3de75ea3f177 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 9 Oct 2022 22:01:44 +0200
Subject: [PATCH] Check permissions to view parts on the parts list pagees

---
 src/Controller/PartListsController.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Controller/PartListsController.php b/src/Controller/PartListsController.php
index 7defc282..fdd01821 100644
--- a/src/Controller/PartListsController.php
+++ b/src/Controller/PartListsController.php
@@ -80,6 +80,8 @@ class PartListsController extends AbstractController
      */
     public function tableAction(Request $request, PartsTableActionHandler $actionHandler): Response
     {
+        $this->denyAccessUnlessGranted('@parts.edit');
+
         $redirect = $request->request->get('redirect_back');
         $ids = $request->request->get('ids');
         $action = $request->request->get('action');
@@ -137,6 +139,8 @@ class PartListsController extends AbstractController
      */
     protected function showListWithFilter(Request $request, string $template, ?callable $filter_changer = null, ?callable $form_changer = null, array $additonal_template_vars = [], array $additional_table_vars = []): Response
     {
+        $this->denyAccessUnlessGranted('@parts.read');
+
         $formRequest = clone $request;
         $formRequest->setMethod('GET');
         $filter = new PartFilter($this->nodesListBuilder);