Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-4wxg-33h3-3w5r
Add @adminsecurity annotation on AttributeController
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents 27e49d8 + e6fd58d commit fc1d796
Showing 1 changed file with 16 additions and 5 deletions.
21 changes: 16 additions & 5 deletions src/PrestaShopBundle/Controller/Admin/AttributeController.php
Expand Up @@ -27,6 +27,7 @@
namespace PrestaShopBundle\Controller\Admin;

use Product;
use PrestaShopBundle\Security\Annotation\AdminSecurity;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;

Expand All @@ -38,7 +39,9 @@ class AttributeController extends FrameworkBundleAdminController
/**
* get All Attributes as json.
*
* @return string
* @AdminSecurity("is_granted(['read'], 'ADMINPRODUCTS_')")
*
* @return JsonResponse
*/
public function getAllAttributesAction()
{
Expand Down Expand Up @@ -79,9 +82,11 @@ public function getAllAttributesAction()
/**
* Attributes generator.
*
* @AdminSecurity("is_granted(['create', 'update'], 'ADMINPRODUCTS_')")
*
* @param Request $request The request
*
* @return string
* @return JsonResponse
*/
public function attributesGeneratorAction(Request $request)
{
Expand Down Expand Up @@ -195,10 +200,12 @@ public function ensureProductHasDefaultCombination(Product $product, array $comb
/**
* Delete a product attribute.
*
* @AdminSecurity("is_granted(['delete'], 'ADMINPRODUCTS_')")
*
* @param int $idProduct The product ID
* @param Request $request The request
*
* @return string
* @return JsonResponse
*/
public function deleteAttributeAction($idProduct, Request $request)
{
Expand Down Expand Up @@ -230,10 +237,12 @@ public function deleteAttributeAction($idProduct, Request $request)
/**
* Delete all product attributes.
*
* @AdminSecurity("is_granted(['delete'], 'ADMINPRODUCTS_')")
*
* @param int $idProduct The product ID
* @param Request $request The request
*
* @return string
* @return JsonResponse
*/
public function deleteAllAttributeAction($idProduct, Request $request)
{
Expand Down Expand Up @@ -268,10 +277,12 @@ public function deleteAllAttributeAction($idProduct, Request $request)
/**
* get the images form for a product combinations.
*
* @AdminSecurity("is_granted(['read'], 'ADMINPRODUCTS_')")
*
* @param int $idProduct The product id
* @param Request $request The request
*
* @return string Json
* @return JsonResponse
*/
public function getFormImagesAction($idProduct, Request $request)
{
Expand Down

0 comments on commit fc1d796

Please sign in to comment.