From 997a0974b5253e12097f88df68cf5ecbd91108c0 Mon Sep 17 00:00:00 2001 From: JiaJia Ji Date: Mon, 8 Jan 2024 14:16:01 +0100 Subject: [PATCH] [Task]: Improve permission check (#149) * add permission check * add permission check * add permission check * replace with UserAwareController * remov eextra break line --- src/Controller/AdminOrderController.php | 2 ++ src/Controller/ConfigController.php | 9 ++++++++- src/Controller/FindologicController.php | 11 +++++++++-- src/Controller/IndexController.php | 9 ++++++++- src/Controller/PricingController.php | 5 +---- src/Controller/VoucherController.php | 6 ++++-- 6 files changed, 32 insertions(+), 10 deletions(-) diff --git a/src/Controller/AdminOrderController.php b/src/Controller/AdminOrderController.php index 89f8c57b4..7da7a6482 100644 --- a/src/Controller/AdminOrderController.php +++ b/src/Controller/AdminOrderController.php @@ -68,6 +68,8 @@ public function __construct(protected TranslatorInterface $translator) public function onKernelControllerEvent(ControllerEvent $event): void { + $this->checkPermission('bundle_ecommerce_back-office_order'); + // set language $user = $this->tokenResolver->getUser(); diff --git a/src/Controller/ConfigController.php b/src/Controller/ConfigController.php index 9e76378c9..9c22a7f63 100644 --- a/src/Controller/ConfigController.php +++ b/src/Controller/ConfigController.php @@ -16,8 +16,10 @@ namespace Pimcore\Bundle\EcommerceFrameworkBundle\Controller; +use Pimcore\Controller\KernelControllerEventInterface; use Pimcore\Controller\UserAwareController; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\ControllerEvent; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\RouterInterface; @@ -28,7 +30,7 @@ * * @internal */ -class ConfigController extends UserAwareController +class ConfigController extends UserAwareController implements KernelControllerEventInterface { /** * ConfigController constructor. @@ -40,6 +42,11 @@ public function __construct(private RouterInterface $router) $this->router = $router; } + public function onKernelControllerEvent(ControllerEvent $event): void + { + $this->checkPermission('bundle_ecommerce_back-office_order'); + } + /** * @Route("/js-config", name="pimcore_ecommerceframework_config_jsconfig", methods={"GET"}) * diff --git a/src/Controller/FindologicController.php b/src/Controller/FindologicController.php index 372770aff..30ddf52f6 100644 --- a/src/Controller/FindologicController.php +++ b/src/Controller/FindologicController.php @@ -16,9 +16,11 @@ namespace Pimcore\Bundle\EcommerceFrameworkBundle\Controller; -use Pimcore\Controller\FrontendController; +use Pimcore\Controller\KernelControllerEventInterface; +use Pimcore\Controller\UserAwareController; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\ControllerEvent; /** * Class FindologicController @@ -27,8 +29,13 @@ * * @internal */ -class FindologicController extends FrontendController +class FindologicController extends UserAwareController implements KernelControllerEventInterface { + public function onKernelControllerEvent(ControllerEvent $event): void + { + $this->checkPermission('bundle_ecommerce_back-office_order'); + } + /** * create xml output for findologic */ diff --git a/src/Controller/IndexController.php b/src/Controller/IndexController.php index 4a815e6cd..8df65ee07 100644 --- a/src/Controller/IndexController.php +++ b/src/Controller/IndexController.php @@ -19,11 +19,13 @@ use Pimcore\Bundle\EcommerceFrameworkBundle\Event\AdminEvents; use Pimcore\Bundle\EcommerceFrameworkBundle\Factory; use Pimcore\Bundle\EcommerceFrameworkBundle\IndexService\ProductList\ProductListInterface; +use Pimcore\Controller\KernelControllerEventInterface; use Pimcore\Controller\Traits\JsonHelperTrait; use Pimcore\Controller\UserAwareController; use Symfony\Component\EventDispatcher\GenericEvent; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Event\ControllerEvent; use Symfony\Component\Routing\Annotation\Route; use Symfony\Contracts\EventDispatcher\EventDispatcherInterface; use Symfony\Contracts\Translation\TranslatorInterface; @@ -35,10 +37,15 @@ * * @internal */ -class IndexController extends UserAwareController +class IndexController extends UserAwareController implements KernelControllerEventInterface { use JsonHelperTrait; + public function onKernelControllerEvent(ControllerEvent $event): void + { + $this->checkPermission('bundle_ecommerce_back-office_order'); + } + /** * @Route("/get-filter-groups", name="pimcore_ecommerceframework_index_getfiltergroups", methods={"GET"}) * diff --git a/src/Controller/PricingController.php b/src/Controller/PricingController.php index a4a4714e6..36d67add3 100644 --- a/src/Controller/PricingController.php +++ b/src/Controller/PricingController.php @@ -43,10 +43,7 @@ class PricingController extends UserAwareController implements KernelControllerE public function onKernelControllerEvent(ControllerEvent $event): void { // permission check - $access = $this->getPimcoreUser()->isAllowed('bundle_ecommerce_pricing_rules'); - if (!$access) { - throw new \Exception('this function requires "bundle_ecommerce_pricing_rules" permission!'); - } + $this->checkPermission('bundle_ecommerce_pricing_rules'); } /** diff --git a/src/Controller/VoucherController.php b/src/Controller/VoucherController.php index 7a1e7e340..09491f6dd 100644 --- a/src/Controller/VoucherController.php +++ b/src/Controller/VoucherController.php @@ -17,8 +17,8 @@ namespace Pimcore\Bundle\EcommerceFrameworkBundle\Controller; use Pimcore\Bundle\EcommerceFrameworkBundle\VoucherService\TokenManager\ExportableTokenManagerInterface; -use Pimcore\Controller\FrontendController; use Pimcore\Controller\KernelControllerEventInterface; +use Pimcore\Controller\UserAwareController; use Pimcore\Model\DataObject; use Pimcore\Model\DataObject\Localizedfield; use Pimcore\Model\DataObject\OnlineShopVoucherSeries; @@ -37,7 +37,7 @@ * * @internal */ -class VoucherController extends FrontendController implements KernelControllerEventInterface +class VoucherController extends UserAwareController implements KernelControllerEventInterface { protected TokenStorageUserResolver $tokenResolver; @@ -55,6 +55,8 @@ public function __construct(TokenStorageUserResolver $tokenStorageUserResolver, public function onKernelControllerEvent(ControllerEvent $event): void { + $this->checkPermission('bundle_ecommerce_pricing_rules'); + // set language $user = $this->tokenResolver->getUser();