Skip to content

Commit af6ddff

Browse files
committed
Check that user has general access rights to partdb
See #1283
1 parent f15979e commit af6ddff

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

src/Controller/TypeaheadController.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,10 @@ public function __construct(
7171
#[Route(path: '/builtInResources/search', name: 'typeahead_builtInRessources')]
7272
public function builtInResources(Request $request, BuiltinAttachmentsFinder $finder): JsonResponse
7373
{
74-
$query = $request->get('query');
74+
//Ensure that the user can access Part-DB at all
75+
$this->denyAccessUnlessGranted('HAS_ACCESS_PERMISSIONS');
76+
77+
$query = $request->query->getString('query');
7578
$array = $finder->find($query);
7679

7780
$result = [];

0 commit comments

Comments
 (0)