mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-22 01:49:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Hide trees in sidebar, if user does not have permission to show them (and protect the JSON endpoints)

Browse source
This commit is contained in:
Jan Böhmer 2022-10-31 22:47:45 +01:00
parent 10a035fcea
commit d0f7949bc9
5 changed files with 52 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

35
src/Controller/TreeController.php
View file

@ -84,7 +84,11 @@ class TreeController extends AbstractController
*/
public function categoryTree(?Category $category = null): JsonResponse
{
$tree = $this->treeGenerator->getTreeView(Category::class, $category, 'list_parts_root');
if ($this->isGranted('@parts.read') && $this->isGranted('@categories.read')) {
$tree = $this->treeGenerator->getTreeView(Category::class, $category, 'list_parts_root');
} else {
return new JsonResponse("Access denied", 403);
}
return new JsonResponse($tree);
}
@ -95,8 +99,11 @@ class TreeController extends AbstractController
*/
public function footprintTree(?Footprint $footprint = null): JsonResponse
{
$tree = $this->treeGenerator->getTreeView(Footprint::class, $footprint, 'list_parts_root');
if ($this->isGranted('@parts.read') && $this->isGranted('@footprints.read')) {
$tree = $this->treeGenerator->getTreeView(Footprint::class, $footprint, 'list_parts_root');
} else {
return new JsonResponse("Access denied", 403);
}
return new JsonResponse($tree);
}
@ -106,7 +113,11 @@ class TreeController extends AbstractController
*/
public function locationTree(?Storelocation $location = null): JsonResponse
{
$tree = $this->treeGenerator->getTreeView(Storelocation::class, $location, 'list_parts_root');
if ($this->isGranted('@parts.read') && $this->isGranted('@storelocations.read')) {
$tree = $this->treeGenerator->getTreeView(Storelocation::class, $location, 'list_parts_root');
} else {
return new JsonResponse("Access denied", 403);
}
return new JsonResponse($tree);
}
@ -117,7 +128,11 @@ class TreeController extends AbstractController
*/
public function manufacturerTree(?Manufacturer $manufacturer = null): JsonResponse
{
$tree = $this->treeGenerator->getTreeView(Manufacturer::class, $manufacturer, 'list_parts_root');
if ($this->isGranted('@parts.read') && $this->isGranted('@manufacturers.read')) {
$tree = $this->treeGenerator->getTreeView(Manufacturer::class, $manufacturer, 'list_parts_root');
} else {
return new JsonResponse("Access denied", 403);
}
return new JsonResponse($tree);
}
@ -128,7 +143,9 @@ class TreeController extends AbstractController
*/
public function supplierTree(?Supplier $supplier = null): JsonResponse
{
$tree = $this->treeGenerator->getTreeView(Supplier::class, $supplier, 'list_parts_root');
if ($this->isGranted('@parts.read') && $this->isGranted('@suppliers.read')) {
$tree = $this->treeGenerator->getTreeView(Supplier::class, $supplier, 'list_parts_root');
}
return new JsonResponse($tree);
}
@ -139,7 +156,11 @@ class TreeController extends AbstractController
*/
public function deviceTree(?Device $device = null): JsonResponse
{
$tree = $this->treeGenerator->getTreeView(Device::class, $device, 'devices');
if ($this->isGranted('@devices.read')) {
$tree = $this->treeGenerator->getTreeView(Device::class, $device, 'devices');
} else {
return new JsonResponse("Access denied", 403);
}
return new JsonResponse($tree);
}