mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-06-24 02:38:50 +02:00
Hide trees in sidebar, if user does not have permission to show them (and protect the JSON endpoints)
This commit is contained in:
Jan Böhmer
parent
10a035fcea
commit
d0f7949bc9
5 changed files with 52 additions and 21 deletions
|
|
@ -84,7 +84,11 @@ class TreeController extends AbstractController
|
|||
*/
|
||||
public function categoryTree(?Category $category = null): JsonResponse
|
||||
{
|
||||
$tree = $this->treeGenerator->getTreeView(Category::class, $category, 'list_parts_root');
|
||||
if ($this->isGranted('@parts.read') && $this->isGranted('@categories.read')) {
|
||||
$tree = $this->treeGenerator->getTreeView(Category::class, $category, 'list_parts_root');
|
||||
} else {
|
||||
return new JsonResponse("Access denied", 403);
|
||||
}
|
||||
|
||||
return new JsonResponse($tree);
|
||||
}
|
||||
|
|
@ -95,8 +99,11 @@ class TreeController extends AbstractController
|
|||
*/
|
||||
public function footprintTree(?Footprint $footprint = null): JsonResponse
|
||||
{
|
||||
$tree = $this->treeGenerator->getTreeView(Footprint::class, $footprint, 'list_parts_root');
|
||||
|
||||
if ($this->isGranted('@parts.read') && $this->isGranted('@footprints.read')) {
|
||||
$tree = $this->treeGenerator->getTreeView(Footprint::class, $footprint, 'list_parts_root');
|
||||
} else {
|
||||
return new JsonResponse("Access denied", 403);
|
||||
}
|
||||
return new JsonResponse($tree);
|
||||
}
|
||||
|
||||
|
|
@ -106,7 +113,11 @@ class TreeController extends AbstractController
|
|||
*/
|
||||
public function locationTree(?Storelocation $location = null): JsonResponse
|
||||
{
|
||||
$tree = $this->treeGenerator->getTreeView(Storelocation::class, $location, 'list_parts_root');
|
||||
if ($this->isGranted('@parts.read') && $this->isGranted('@storelocations.read')) {
|
||||
$tree = $this->treeGenerator->getTreeView(Storelocation::class, $location, 'list_parts_root');
|
||||
} else {
|
||||
return new JsonResponse("Access denied", 403);
|
||||
}
|
||||
|
||||
return new JsonResponse($tree);
|
||||
}
|
||||
|
|
@ -117,7 +128,11 @@ class TreeController extends AbstractController
|
|||
*/
|
||||
public function manufacturerTree(?Manufacturer $manufacturer = null): JsonResponse
|
||||
{
|
||||
$tree = $this->treeGenerator->getTreeView(Manufacturer::class, $manufacturer, 'list_parts_root');
|
||||
if ($this->isGranted('@parts.read') && $this->isGranted('@manufacturers.read')) {
|
||||
$tree = $this->treeGenerator->getTreeView(Manufacturer::class, $manufacturer, 'list_parts_root');
|
||||
} else {
|
||||
return new JsonResponse("Access denied", 403);
|
||||
}
|
||||
|
||||
return new JsonResponse($tree);
|
||||
}
|
||||
|
|
@ -128,7 +143,9 @@ class TreeController extends AbstractController
|
|||
*/
|
||||
public function supplierTree(?Supplier $supplier = null): JsonResponse
|
||||
{
|
||||
$tree = $this->treeGenerator->getTreeView(Supplier::class, $supplier, 'list_parts_root');
|
||||
if ($this->isGranted('@parts.read') && $this->isGranted('@suppliers.read')) {
|
||||
$tree = $this->treeGenerator->getTreeView(Supplier::class, $supplier, 'list_parts_root');
|
||||
}
|
||||
|
||||
return new JsonResponse($tree);
|
||||
}
|
||||
|
|
@ -139,7 +156,11 @@ class TreeController extends AbstractController
|
|||
*/
|
||||
public function deviceTree(?Device $device = null): JsonResponse
|
||||
{
|
||||
$tree = $this->treeGenerator->getTreeView(Device::class, $device, 'devices');
|
||||
if ($this->isGranted('@devices.read')) {
|
||||
$tree = $this->treeGenerator->getTreeView(Device::class, $device, 'devices');
|
||||
} else {
|
||||
return new JsonResponse("Access denied", 403);
|
||||
}
|
||||
|
||||
return new JsonResponse($tree);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ abstract class ExtendedVoter extends Voter
|
|||
return false;
|
||||
}
|
||||
|
||||
// if the user is anonymous, we use the anonymous user.
|
||||
// if the user is anonymous (meaning $user is null), we use the anonymous user.
|
||||
if (!$user instanceof User) {
|
||||
/** @var UserRepository $repo */
|
||||
$repo = $this->entityManager->getRepository(User::class);
|
||||
|
|
|
|||
|
|
@ -247,7 +247,7 @@ class ToolsTreeBuilder
|
|||
$this->urlGenerator->generate('parts_show_all')
|
||||
))->setIcon('fa-fw fa-treeview fa-solid fa-globe');
|
||||
|
||||
if ($this->security->isGranted('read', new PartAttachment())) {
|
||||
if ($this->security->isGranted('@attachments.list_attachments')) {
|
||||
$show_nodes[] = (new TreeViewNode(
|
||||
$this->translator->trans('tree.tools.show.all_attachments'),
|
||||
$this->urlGenerator->generate('attachment_list')
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue