Skip to content

Commit fc1d796

Browse files
Merge pull request from GHSA-4wxg-33h3-3w5r
Add @adminsecurity annotation on AttributeController
2 parents 27e49d8 + e6fd58d commit fc1d796

File tree

1 file changed

+16
-5
lines changed

1 file changed

+16
-5
lines changed

Diff for: src/PrestaShopBundle/Controller/Admin/AttributeController.php

+16-5
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
namespace PrestaShopBundle\Controller\Admin;
2828

2929
use Product;
30+
use PrestaShopBundle\Security\Annotation\AdminSecurity;
3031
use Symfony\Component\HttpFoundation\JsonResponse;
3132
use Symfony\Component\HttpFoundation\Request;
3233

@@ -38,7 +39,9 @@ class AttributeController extends FrameworkBundleAdminController
3839
/**
3940
* get All Attributes as json.
4041
*
41-
* @return string
42+
* @AdminSecurity("is_granted(['read'], 'ADMINPRODUCTS_')")
43+
*
44+
* @return JsonResponse
4245
*/
4346
public function getAllAttributesAction()
4447
{
@@ -79,9 +82,11 @@ public function getAllAttributesAction()
7982
/**
8083
* Attributes generator.
8184
*
85+
* @AdminSecurity("is_granted(['create', 'update'], 'ADMINPRODUCTS_')")
86+
*
8287
* @param Request $request The request
8388
*
84-
* @return string
89+
* @return JsonResponse
8590
*/
8691
public function attributesGeneratorAction(Request $request)
8792
{
@@ -195,10 +200,12 @@ public function ensureProductHasDefaultCombination(Product $product, array $comb
195200
/**
196201
* Delete a product attribute.
197202
*
203+
* @AdminSecurity("is_granted(['delete'], 'ADMINPRODUCTS_')")
204+
*
198205
* @param int $idProduct The product ID
199206
* @param Request $request The request
200207
*
201-
* @return string
208+
* @return JsonResponse
202209
*/
203210
public function deleteAttributeAction($idProduct, Request $request)
204211
{
@@ -230,10 +237,12 @@ public function deleteAttributeAction($idProduct, Request $request)
230237
/**
231238
* Delete all product attributes.
232239
*
240+
* @AdminSecurity("is_granted(['delete'], 'ADMINPRODUCTS_')")
241+
*
233242
* @param int $idProduct The product ID
234243
* @param Request $request The request
235244
*
236-
* @return string
245+
* @return JsonResponse
237246
*/
238247
public function deleteAllAttributeAction($idProduct, Request $request)
239248
{
@@ -268,10 +277,12 @@ public function deleteAllAttributeAction($idProduct, Request $request)
268277
/**
269278
* get the images form for a product combinations.
270279
*
280+
* @AdminSecurity("is_granted(['read'], 'ADMINPRODUCTS_')")
281+
*
271282
* @param int $idProduct The product id
272283
* @param Request $request The request
273284
*
274-
* @return string Json
285+
* @return JsonResponse
275286
*/
276287
public function getFormImagesAction($idProduct, Request $request)
277288
{

0 commit comments

Comments
 (0)