groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-21 18:39:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check permissions for time travel and element undo.

Browse source
This commit is contained in:
Jan Böhmer 2020-03-07 20:49:52 +01:00
parent 254d4e6c69
commit 8a61b465d0
23 changed files with 370 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/Security/Voter/UserVoter.php
View file

@ -57,11 +57,11 @@ class UserVoter extends ExtendedVoter
*/
protected function supports($attribute, $subject)
{
if ($subject instanceof User) {
if (is_a($subject, User::class, true)) {
return in_array($attribute, array_merge(
$this->resolver->listOperationsForPermission('users'),
$this->resolver->listOperationsForPermission('self')),
false
false
);
}
@ -89,10 +89,11 @@ class UserVoter extends ExtendedVoter
return $tmp;
}
}
//Else just check users permission:
if ($this->resolver->isValidOperation('users', $attribute)) {
return $this->resolver->inherit($user, 'users', $attribute) ?? false;
}
}
//Else just check users permission:
if ($this->resolver->isValidOperation('users', $attribute)) {
return $this->resolver->inherit($user, 'users', $attribute) ?? false;
}
return false;