Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-cvjj-grfv-f56w
Add @adminsecurity annotations
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents cd2219d + 05b2e17 commit f9f442c
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 10 deletions.
Expand Up @@ -26,6 +26,7 @@

namespace PrestaShopBundle\Controller\Admin;

use PrestaShopBundle\Security\Annotation\AdminSecurity;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;

Expand All @@ -37,10 +38,12 @@ class AttachementProductController extends FrameworkBundleAdminController
/**
* Manage form add product attachment.
*
* @AdminSecurity("is_granted(['create', 'update'], 'ADMINPRODUCTS_')")
*
* @param int $idProduct
* @param Request $request
*
* @return string
* @return JsonResponse
*/
public function addAction($idProduct, Request $request)
{
Expand Down
14 changes: 12 additions & 2 deletions src/PrestaShopBundle/Controller/Admin/CombinationController.php
Expand Up @@ -27,11 +27,19 @@
namespace PrestaShopBundle\Controller\Admin;

use PrestaShopBundle\Form\Admin\Product\ProductCombination;
use PrestaShopBundle\Security\Annotation\AdminSecurity;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Response;

class CombinationController extends FrameworkBundleAdminController
{
/**
* Generate combination
*
* @AdminSecurity("is_granted(['create', 'update'], 'ADMINPRODUCTS_')")
*
* @return Response
*/
public function generateCombinationFormAction($combinationIds)
{
$response = new Response();
Expand Down Expand Up @@ -62,11 +70,13 @@ public function generateCombinationFormAction($combinationIds)
}

/**
* get All Combinations for a product.
* Get all Combinations for a product.
*
* @AdminSecurity("is_granted(['read'], 'ADMINPRODUCTS_')")
*
* @param int $idProduct The product id
*
* @return string Json
* @return JsonResponse
*/
public function getProductCombinationsAction($idProduct)
{
Expand Down
25 changes: 18 additions & 7 deletions src/PrestaShopBundle/Controller/Admin/SpecificPriceController.php
Expand Up @@ -28,10 +28,11 @@

use DateTime;
use Exception;
use PrestaShopBundle\Form\Admin\Product\ProductSpecificPrice as SpecificPriceFormType;
use PrestaShopBundle\Security\Annotation\AdminSecurity;
use PrestaShop\PrestaShop\Adapter\Product\AdminProductWrapper;
use PrestaShop\PrestaShop\Core\Foundation\Database\EntityDataInconsistencyException;
use PrestaShop\PrestaShop\Core\Foundation\Database\EntityNotFoundException;
use PrestaShopBundle\Form\Admin\Product\ProductSpecificPrice as SpecificPriceFormType;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
Expand All @@ -43,11 +44,13 @@
class SpecificPriceController extends FrameworkBundleAdminController
{
/**
* get specific price list for a product.
* Get specific price list for a product.
*
* @AdminSecurity("is_granted(['read'], 'ADMINPRODUCTS_')")
*
* @param $idProduct The product ID
*
* @return string JSON
* @return JsonResponse
*/
public function listAction($idProduct)
{
Expand Down Expand Up @@ -86,9 +89,11 @@ public function listAction($idProduct)
/**
* Add specific price Form process.
*
* @AdminSecurity("is_granted(['create', 'update'], 'ADMINPRODUCTS_')")
*
* @param Request $request The request
*
* @return string
* @return JsonResponse
*/
public function addAction(Request $request)
{
Expand All @@ -111,6 +116,8 @@ public function addAction(Request $request)
*
* @Template("@PrestaShop/Admin/Product/ProductPage/Forms/form_specific_price.html.twig")
*
* @AdminSecurity("is_granted(['create', 'update'], 'ADMINPRODUCTS_')")
*
* @param int $idSpecificPrice
*
* @return array
Expand Down Expand Up @@ -157,10 +164,12 @@ public function getUpdateFormAction($idSpecificPrice)
/**
* Update specific price Form process.
*
* @AdminSecurity("is_granted(['create', 'update'], 'ADMINPRODUCTS_')")
*
* @param int idSpecificPrice
* @param Request $request
*
* @return string
* @return JsonResponse
*/
public function updateAction($idSpecificPrice, Request $request)
{
Expand All @@ -185,10 +194,12 @@ public function updateAction($idSpecificPrice, Request $request)
/**
* Delete a specific price.
*
* @AdminSecurity("is_granted(['delete'], 'ADMINPRODUCTS_')")
*
* @param int $idSpecificPrice The specific price ID
* @param Request $request The request
*
* @return string
* @return JsonResponse
*/
public function deleteAction($idSpecificPrice, Request $request)
{
Expand Down Expand Up @@ -253,7 +264,7 @@ private function formatSpecificPriceToPrefillForm($id, $price)
/**
* @param string $dateAsString
*
* @return string|null If date is 0000-00-00 00:00:00, null is returned
* @return JsonResponse|null If date is 0000-00-00 00:00:00, null is returned
*
* @throws \PrestaShopDatabaseExceptionCore if date is not valid
*/
Expand Down

0 comments on commit f9f442c

Please sign in to comment.