groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-08 08:19:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Check for good measure again, that a user is able to edit an entity in an admin form

Browse source 
issue #1283
This commit is contained in:
Jan Böhmer 2026-03-04 23:05:21 +01:00
parent 32a666f6c3
commit 2137eecddf
2 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/AdminPages/BaseAdminController.php
View file

@ -195,6 +195,8 @@ abstract class BaseAdminController extends AbstractController
$this->commentHelper->setMessage($form['log_comment']->getData());
//In principle, the form should be disabled, if the edit permission is not granted, but for good measure, we also check it here, before saving changes.
$this->denyAccessUnlessGranted('edit', $entity);
$em->persist($entity);
$em->flush();
$this->addFlash('success', 'entity.edit_flash');

1
src/Form/AdminPages/BaseEntityAdminForm.php
View file

@ -121,6 +121,7 @@ class BaseEntityAdminForm extends AbstractType
'label' => 'entity.edit.alternative_names.label',
'help' => 'entity.edit.alternative_names.help',
'empty_data' => null,
'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity),
'attr' => [
'class' => 'tagsinput',
'data-controller' => 'elements--tagsinput',