Mirrors/Part-DB-server
2
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-04 06:25:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added permissions to control access to info providers and oauth tokens

Browse Source
This commit is contained in:
Jan Böhmer
2023-07-16 20:33:24 +02:00
parent 7bbf612394
commit b3b205cd6e
9 changed files with 72 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Controller/OAuthClientController.php
View File

@@ -43,6 +43,8 @@ class OAuthClientController extends AbstractController
#[Route('/{name}/connect', name: 'oauth_client_connect')]
public function connect(string $name): Response
{
$this->denyAccessUnlessGranted('@system.manage_oauth_tokens');
return $this->clientRegistry
->getClient($name) // key used in config/packages/knpu_oauth2_client.yaml
->redirect();
@@ -51,6 +53,8 @@ class OAuthClientController extends AbstractController
#[Route('/{name}/check', name: 'oauth_client_check')]
public function check(string $name, Request $request): Response
{
$this->denyAccessUnlessGranted('@system.manage_oauth_tokens');
$client = $this->clientRegistry->getClient($name);
$access_token = $client->getAccessToken();