mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-23 02:09:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Added permissions to control access to info providers and oauth tokens

Browse source
This commit is contained in:
Jan Böhmer 2023-07-16 20:33:24 +02:00
parent 7bbf612394
commit b3b205cd6e
9 changed files with 72 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/Controller/InfoProviderController.php
View file

@ -51,6 +51,8 @@ class InfoProviderController extends AbstractController
#[Route('/providers', name: 'info_providers_list')]
public function listProviders(): Response
{
$this->denyAccessUnlessGranted('@info_providers.create_parts');
return $this->render('info_providers/providers_list/providers_list.html.twig', [
'active_providers' => $this->providerRegistry->getActiveProviders(),
'disabled_providers' => $this->providerRegistry->getDisabledProviders(),
@ -60,6 +62,8 @@ class InfoProviderController extends AbstractController
#[Route('/search', name: 'info_providers_search')]
public function search(Request $request): Response
{
$this->denyAccessUnlessGranted('@info_providers.create_parts');
$form = $this->createForm(PartSearchType::class);
$form->handleRequest($request);
@ -82,6 +86,7 @@ class InfoProviderController extends AbstractController
public function createPart(Request $request, EntityManagerInterface $em, TranslatorInterface $translator,
AttachmentSubmitHandler $attachmentSubmitHandler, string $providerKey, string $providerId): Response
{
$this->denyAccessUnlessGranted('@info_providers.create_parts');
$new_part = $this->infoRetriever->createPart($providerKey, $providerId);