From 2878b3b46a7930fab56f95e8bede0d70e4a2c8ab Mon Sep 17 00:00:00 2001 From: JiaJia Ji Date: Mon, 8 Jan 2024 12:54:30 +0100 Subject: [PATCH] add permission check --- src/Controller/ConfigController.php | 6 ++++++ src/Controller/FindologicController.php | 6 ++++++ src/Controller/IndexController.php | 7 +++++++ src/Controller/VoucherController.php | 2 ++ 4 files changed, 21 insertions(+) diff --git a/src/Controller/ConfigController.php b/src/Controller/ConfigController.php index 9e76378c9..61f62ae50 100644 --- a/src/Controller/ConfigController.php +++ b/src/Controller/ConfigController.php @@ -18,6 +18,7 @@ use Pimcore\Controller\UserAwareController; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\ControllerEvent; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\RouterInterface; @@ -40,6 +41,11 @@ public function __construct(private RouterInterface $router) $this->router = $router; } + public function onKernelControllerEvent(ControllerEvent $event): void + { + $this->checkPermission('bundle_ecommerce_back-office_order'); + } + /** * @Route("/js-config", name="pimcore_ecommerceframework_config_jsconfig", methods={"GET"}) * diff --git a/src/Controller/FindologicController.php b/src/Controller/FindologicController.php index 372770aff..d022f1153 100644 --- a/src/Controller/FindologicController.php +++ b/src/Controller/FindologicController.php @@ -19,6 +19,7 @@ use Pimcore\Controller\FrontendController; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\ControllerEvent; /** * Class FindologicController @@ -29,6 +30,11 @@ */ class FindologicController extends FrontendController { + public function onKernelControllerEvent(ControllerEvent $event): void + { + $this->checkPermission('bundle_ecommerce_back-office_order'); + } + /** * create xml output for findologic */ diff --git a/src/Controller/IndexController.php b/src/Controller/IndexController.php index 4a815e6cd..298cb9fb7 100644 --- a/src/Controller/IndexController.php +++ b/src/Controller/IndexController.php @@ -24,6 +24,7 @@ use Symfony\Component\EventDispatcher\GenericEvent; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Event\ControllerEvent; use Symfony\Component\Routing\Annotation\Route; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; use Symfony\Contracts\Translation\TranslatorInterface; @@ -39,6 +40,12 @@ class IndexController extends UserAwareController { use JsonHelperTrait; + public function onKernelControllerEvent(ControllerEvent $event): void + { + $this->checkPermission('bundle_ecommerce_back-office_order'); + } + + /** * @Route("/get-filter-groups", name="pimcore_ecommerceframework_index_getfiltergroups", methods={"GET"}) * diff --git a/src/Controller/VoucherController.php b/src/Controller/VoucherController.php index 7a1e7e340..cdf3f53fe 100644 --- a/src/Controller/VoucherController.php +++ b/src/Controller/VoucherController.php @@ -55,6 +55,8 @@ public function __construct(TokenStorageUserResolver $tokenStorageUserResolver, public function onKernelControllerEvent(ControllerEvent $event): void { + $this->checkPermission('bundle_ecommerce_pricing_rules'); + // set language $user = $this->tokenResolver->getUser();