groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-05-07 13:49:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check for good measure again, that a user is able to edit an entity in an admin form

Browse source 
issue #1283
This commit is contained in:
Jan Böhmer 2026-03-04 23:05:21 +01:00
parent 32a666f6c3
commit 2137eecddf
2 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/AdminPages/BaseAdminController.php
View file

@ -195,6 +195,8 @@ abstract class BaseAdminController extends AbstractController
$this->commentHelper->setMessage($form['log_comment']->getData());
//In principle, the form should be disabled, if the edit permission is not granted, but for good measure, we also check it here, before saving changes.
$this->denyAccessUnlessGranted('edit', $entity);
$em->persist($entity);
$em->flush();
$this->addFlash('success', 'entity.edit_flash');