From 2e318f9ea163ad3ac653dec892f8f880e76b4732 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <jan.h.boehmer@gmx.de>
Date: Tue, 24 Sep 2019 18:41:53 +0200
Subject: [PATCH] Disable attachments form if user is not allowed to edit the
 element.

---
 src/Form/AdminPages/BaseEntityAdminForm.php | 1 +
 src/Form/UserAdminForm.php                  | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Form/AdminPages/BaseEntityAdminForm.php b/src/Form/AdminPages/BaseEntityAdminForm.php
index 6356b1cd..044c0133 100644
--- a/src/Form/AdminPages/BaseEntityAdminForm.php
+++ b/src/Form/AdminPages/BaseEntityAdminForm.php
@@ -109,6 +109,7 @@ class BaseEntityAdminForm extends AbstractType
             'allow_add' => true,
             'allow_delete' => true,
             'label' => false,
+            'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity),
             'entry_options' => [
                 'data_class' => $options['attachment_class'],
             ],
diff --git a/src/Form/UserAdminForm.php b/src/Form/UserAdminForm.php
index 471f0e17..9a978943 100644
--- a/src/Form/UserAdminForm.php
+++ b/src/Form/UserAdminForm.php
@@ -198,7 +198,8 @@ class UserAdminForm extends AbstractType
             'entry_options' => [
                 'data_class' => $options['attachment_class'],
             ],
-            'by_reference' => false
+            'by_reference' => false,
+            'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity),
         ]);
 
         //Buttons