groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-07 15:59:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Check that user has general access rights to partdb

Browse source 
See #1283
This commit is contained in:
Jan Böhmer 2026-03-04 23:37:59 +01:00
parent f15979ed11
commit af6ddffa1d
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/Controller/TypeaheadController.php
View file

@ -71,7 +71,10 @@ class TypeaheadController extends AbstractController
#[Route(path: '/builtInResources/search', name: 'typeahead_builtInRessources')]
public function builtInResources(Request $request, BuiltinAttachmentsFinder $finder): JsonResponse
{
$query = $request->get('query');
//Ensure that the user can access Part-DB at all
$this->denyAccessUnlessGranted('HAS_ACCESS_PERMISSIONS');
$query = $request->query->getString('query');
$array = $finder->find($query);
$result = [];