consider adminOnly for isWriteable flag (#1754)

lukmzig · web-flow · commit cc4e6b60bd26 · 2026-04-16T08:34:34.000+02:00
diff --git a/src/Class/Service/SelectOptions/SelectOptionService.php b/src/Class/Service/SelectOptions/SelectOptionService.php
@@ -72,7 +72,7 @@ public function createSelectOption(CreateSelectOptionParameters $parameters): Se
     public function updateSelectOption(string $id, UpdateSelectOptionParameters $parameters): SelectOptionDetail
     {
         $config = $this->selectOptionRepository->getById($id);
-        $this->checkAdminAccess($config);
+        $this->validateAdminAccess($config);
 
         $this->validateSelectOptions($parameters->getSelectOptions());
 
@@ -100,7 +100,7 @@ public function updateSelectOption(string $id, UpdateSelectOptionParameters $par
     public function deleteSelectOption(string $id): void
     {
         $config = $this->selectOptionRepository->getById($id);
-        $this->checkAdminAccess($config);
+        $this->validateAdminAccess($config);
         $this->selectOptionRepository->delete($config);
     }
 
@@ -130,6 +130,9 @@ public function getSelectOptionUsages(string $id): array
     private function hydrateDetail(Config $config): SelectOptionDetail
     {
         $isWriteable = $this->selectOptionRepository->isWriteable($config);
+        if (!$this->hasAccess($config)) {
+            $isWriteable = false;
+        }
         $detail = $this->detailHydrator->hydrate($config, $isWriteable);
         $this->eventDispatcher->dispatch(new DetailEvent($detail), DetailEvent::EVENT_NAME);
 
@@ -160,10 +163,15 @@ private function validateSelectOptions(?array $selectOptions): void
     /**
      * @throws ForbiddenException
      */
-    private function checkAdminAccess(Config $config): void
+    private function validateAdminAccess(Config $config): void
     {
-        if ($config->getAdminOnly() && !$this->securityService->getCurrentUser()->isAdmin()) {
+        if ($this->hasAccess($config) === false) {
             throw new ForbiddenException('Restricted to admin users');
         }
     }
+
+    private function hasAccess(Config $config): bool
+    {
+        return !($config->getAdminOnly() && !$this->securityService->getCurrentUser()->isAdmin());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ public function createSelectOption(CreateSelectOptionParameters $parameters): Se`
`72`	`72`	`public function updateSelectOption(string $id, UpdateSelectOptionParameters $parameters): SelectOptionDetail`
`73`	`73`	`{`
`74`	`74`	`$config = $this->selectOptionRepository->getById($id);`
`75`		`- $this->checkAdminAccess($config);`
	`75`	`+ $this->validateAdminAccess($config);`
`76`	`76`
`77`	`77`	`$this->validateSelectOptions($parameters->getSelectOptions());`
`78`	`78`
`@@ -100,7 +100,7 @@ public function updateSelectOption(string $id, UpdateSelectOptionParameters $par`
`100`	`100`	`public function deleteSelectOption(string $id): void`
`101`	`101`	`{`
`102`	`102`	`$config = $this->selectOptionRepository->getById($id);`
`103`		`- $this->checkAdminAccess($config);`
	`103`	`+ $this->validateAdminAccess($config);`
`104`	`104`	`$this->selectOptionRepository->delete($config);`
`105`	`105`	`}`
`106`	`106`
`@@ -130,6 +130,9 @@ public function getSelectOptionUsages(string $id): array`
`130`	`130`	`private function hydrateDetail(Config $config): SelectOptionDetail`
`131`	`131`	`{`
`132`	`132`	`$isWriteable = $this->selectOptionRepository->isWriteable($config);`
	`133`	`+ if (!$this->hasAccess($config)) {`
	`134`	`+ $isWriteable = false;`
	`135`	`+ }`
`133`	`136`	`$detail = $this->detailHydrator->hydrate($config, $isWriteable);`
`134`	`137`	`$this->eventDispatcher->dispatch(new DetailEvent($detail), DetailEvent::EVENT_NAME);`
`135`	`138`
`@@ -160,10 +163,15 @@ private function validateSelectOptions(?array $selectOptions): void`
`160`	`163`	`/**`
`161`	`164`	`* @throws ForbiddenException`
`162`	`165`	`*/`
`163`		`- private function checkAdminAccess(Config $config): void`
	`166`	`+ private function validateAdminAccess(Config $config): void`
`164`	`167`	`{`
`165`		`- if ($config->getAdminOnly() && !$this->securityService->getCurrentUser()->isAdmin()) {`
	`168`	`+ if ($this->hasAccess($config) === false) {`
`166`	`169`	`throw new ForbiddenException('Restricted to admin users');`
`167`	`170`	`}`
`168`	`171`	`}`
	`172`	`+`
	`173`	`+ private function hasAccess(Config $config): bool`
	`174`	`+ {`
	`175`	`+ return !($config->getAdminOnly() && !$this->securityService->getCurrentUser()->isAdmin());`
	`176`	`+ }`
`169`	`177`	`}`