Mirrors/Part-DB-server
2
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-14 11:19:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check for good measure again, that a user is able to edit an entity in an admin form

Browse Source 
issue #1283
This commit is contained in:
Jan Böhmer
2026-03-04 23:05:21 +01:00
parent 32a666f6c3
commit 2137eecddf
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Controller/AdminPages/BaseAdminController.php
View File

@@ -195,6 +195,8 @@ abstract class BaseAdminController extends AbstractController
$this->commentHelper->setMessage($form['log_comment']->getData());
//In principle, the form should be disabled, if the edit permission is not granted, but for good measure, we also check it here, before saving changes.
$this->denyAccessUnlessGranted('edit', $entity);
$em->persist($entity);
$em->flush();
$this->addFlash('success', 'entity.edit_flash');