From 6262f933bc82fd6e973ab934a5aaa5ca529a996c Mon Sep 17 00:00:00 2001
From: Ramon Gutierrez <arcticzero@gmail.com>
Date: Tue, 27 Feb 2018 23:42:44 +0800
Subject: [PATCH] Add missing acl checks on list methods #30

---
 src/Controller/JobOrderController.php | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/Controller/JobOrderController.php b/src/Controller/JobOrderController.php
index 4b7c1b3d..4cc07c25 100644
--- a/src/Controller/JobOrderController.php
+++ b/src/Controller/JobOrderController.php
@@ -40,10 +40,7 @@ class JobOrderController extends BaseController
 {
     public function getJobOrders(Request $req)
     {
-        if (!$this->isGranted('jo_in.list')) {
-            $exception = $this->createAccessDeniedException('No access.');
-            throw $exception;
-        }
+        $this->denyAccessUnlessGranted('jo_in.list', null, 'No access.');
 
         // get search term
         $term = $req->query->get('search');
@@ -147,7 +144,6 @@ class JobOrderController extends BaseController
 
     public function incomingSubmit(Request $req, ValidatorInterface $validator, InvoiceCreator $ic)
     {
-        error_log(print_r($req->request->all(), true));
         $this->denyAccessUnlessGranted('jo_in.list', null, 'No access.');
 
         // initialize error list
@@ -342,6 +338,8 @@ class JobOrderController extends BaseController
 
     public function listAssigning()
     {
+        $this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.');
+
         $params = $this->initParameters('jo_assign');
 
         $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@@ -351,6 +349,8 @@ class JobOrderController extends BaseController
 
     public function listFulfillment()
     {
+        $this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
+
         $params = $this->initParameters('jo_fulfill');
 
         $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@@ -360,6 +360,8 @@ class JobOrderController extends BaseController
 
     public function listOpen()
     {
+        $this->denyAccessUnlessGranted('jo_open.list', null, 'No access.');
+
         $params = $this->initParameters('jo_open');
 
         $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@@ -370,6 +372,8 @@ class JobOrderController extends BaseController
 
     public function listAll()
     {
+        $this->denyAccessUnlessGranted('jo_all.list', null, 'No access.');
+
         $params = $this->initParameters('jo_all');
 
         $params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
@@ -852,11 +856,11 @@ class JobOrderController extends BaseController
 
     public function fulfillmentForm(MapTools $map_tools, $id)
     {
-        $this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.');
+        $this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
 
         $em = $this->getDoctrine()->getManager();
 
-        $params = $this->initParameters('jo_assign');
+        $params = $this->initParameters('jo_fulfill');
         $params['mode'] = 'update-fulfillment';
 
         // get row data
@@ -901,7 +905,7 @@ class JobOrderController extends BaseController
 
     public function fulfillmentSubmit(Request $req, ValidatorInterface $validator, $id)
     {
-        $this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.');
+        $this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
 
         // initialize error list
         $error_array = [];