add access control

H2-invent · Jan 11, 2024 · c3079f8 · c3079f8
1 parent 6e8226b
commit c3079f8
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/Controller/TeamController.php b/src/Controller/TeamController.php
@@ -469,9 +469,11 @@ public function setPresetIgnored(
         UrlGeneratorInterface  $urlGenerator,
         TeamRepository         $teamRepository,
         EntityManagerInterface $em,
-        InheritanceService     $inheritanceService
+        InheritanceService     $inheritanceService,
+        SecurityService        $securityService
     ): RedirectResponse
     {
+        $user = $this->getUser();
         $team = $request->get('team');
         $preset = $request->get('preset');
         $type = $request->get('type');
@@ -485,6 +487,10 @@ public function setPresetIgnored(
             $preset = $em->getRepository($type)->find($preset);
         }
 
+        if ($securityService->adminCheck($user, $team) === false) {
+            return $this->redirectToRoute('dashboard');
+        }
+
         if ($team && $preset) {
             $inheritanceService->setIgnored($preset, $team, $ignored);
             $em->persist($preset);