Add missing acl checks on list methods #30
This commit is contained in:
Ramon Gutierrez
parent
0b193947c5
commit
6262f933bc
1 changed files with 12 additions and 8 deletions
|
|
@ -40,10 +40,7 @@ class JobOrderController extends BaseController
|
||||||
{
|
{
|
||||||
public function getJobOrders(Request $req)
|
public function getJobOrders(Request $req)
|
||||||
{
|
{
|
||||||
if (!$this->isGranted('jo_in.list')) {
|
$this->denyAccessUnlessGranted('jo_in.list', null, 'No access.');
|
||||||
$exception = $this->createAccessDeniedException('No access.');
|
|
||||||
throw $exception;
|
|
||||||
}
|
|
||||||
|
|
||||||
// get search term
|
// get search term
|
||||||
$term = $req->query->get('search');
|
$term = $req->query->get('search');
|
||||||
|
|
@ -147,7 +144,6 @@ class JobOrderController extends BaseController
|
||||||
|
|
||||||
public function incomingSubmit(Request $req, ValidatorInterface $validator, InvoiceCreator $ic)
|
public function incomingSubmit(Request $req, ValidatorInterface $validator, InvoiceCreator $ic)
|
||||||
{
|
{
|
||||||
error_log(print_r($req->request->all(), true));
|
|
||||||
$this->denyAccessUnlessGranted('jo_in.list', null, 'No access.');
|
$this->denyAccessUnlessGranted('jo_in.list', null, 'No access.');
|
||||||
|
|
||||||
// initialize error list
|
// initialize error list
|
||||||
|
|
@ -342,6 +338,8 @@ class JobOrderController extends BaseController
|
||||||
|
|
||||||
public function listAssigning()
|
public function listAssigning()
|
||||||
{
|
{
|
||||||
|
$this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.');
|
||||||
|
|
||||||
$params = $this->initParameters('jo_assign');
|
$params = $this->initParameters('jo_assign');
|
||||||
|
|
||||||
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
||||||
|
|
@ -351,6 +349,8 @@ class JobOrderController extends BaseController
|
||||||
|
|
||||||
public function listFulfillment()
|
public function listFulfillment()
|
||||||
{
|
{
|
||||||
|
$this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
|
||||||
|
|
||||||
$params = $this->initParameters('jo_fulfill');
|
$params = $this->initParameters('jo_fulfill');
|
||||||
|
|
||||||
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
||||||
|
|
@ -360,6 +360,8 @@ class JobOrderController extends BaseController
|
||||||
|
|
||||||
public function listOpen()
|
public function listOpen()
|
||||||
{
|
{
|
||||||
|
$this->denyAccessUnlessGranted('jo_open.list', null, 'No access.');
|
||||||
|
|
||||||
$params = $this->initParameters('jo_open');
|
$params = $this->initParameters('jo_open');
|
||||||
|
|
||||||
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
||||||
|
|
@ -370,6 +372,8 @@ class JobOrderController extends BaseController
|
||||||
|
|
||||||
public function listAll()
|
public function listAll()
|
||||||
{
|
{
|
||||||
|
$this->denyAccessUnlessGranted('jo_all.list', null, 'No access.');
|
||||||
|
|
||||||
$params = $this->initParameters('jo_all');
|
$params = $this->initParameters('jo_all');
|
||||||
|
|
||||||
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
$params['table_refresh_rate'] = $this->container->getParameter('job_order_refresh_interval');
|
||||||
|
|
@ -852,11 +856,11 @@ class JobOrderController extends BaseController
|
||||||
|
|
||||||
public function fulfillmentForm(MapTools $map_tools, $id)
|
public function fulfillmentForm(MapTools $map_tools, $id)
|
||||||
{
|
{
|
||||||
$this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.');
|
$this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
|
||||||
|
|
||||||
$em = $this->getDoctrine()->getManager();
|
$em = $this->getDoctrine()->getManager();
|
||||||
|
|
||||||
$params = $this->initParameters('jo_assign');
|
$params = $this->initParameters('jo_fulfill');
|
||||||
$params['mode'] = 'update-fulfillment';
|
$params['mode'] = 'update-fulfillment';
|
||||||
|
|
||||||
// get row data
|
// get row data
|
||||||
|
|
@ -901,7 +905,7 @@ class JobOrderController extends BaseController
|
||||||
|
|
||||||
public function fulfillmentSubmit(Request $req, ValidatorInterface $validator, $id)
|
public function fulfillmentSubmit(Request $req, ValidatorInterface $validator, $id)
|
||||||
{
|
{
|
||||||
$this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.');
|
$this->denyAccessUnlessGranted('jo_fulfill.list', null, 'No access.');
|
||||||
|
|
||||||
// initialize error list
|
// initialize error list
|
||||||
$error_array = [];
|
$error_array = [];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue