Skip to content

Commit

Permalink
[ApiToken] disables unused endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
@Elorfin
Elorfin committed Oct 11, 2023
1 parent c00fff8 commit bf4d9bf
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
5 changes: 5 additions & 0 deletions src/main/authentication/Controller/ApiTokenController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,11 @@ public function getName(): string
return 'apitoken';
}

public function getIgnore(): array
{
return ['exist', 'copyBulk', 'schema', 'find'];
}

protected function getDefaultHiddenFilters(): array
{
if (!$this->authorization->isGranted('IS_AUTHENTICATED_FULLY')) {
Expand Down
4 changes: 2 additions & 2 deletions src/main/authentication/Security/Voter/ApiTokenVoter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public function checkPermission(TokenInterface $token, $object, array $attribute
}
// no break
case self::CREATE:
case self::VIEW:
case self::OPEN:
$isAdmin = $this->hasAdminToolAccess($token, 'integration');
if ($isAdmin || (!empty($object->getUser()) && $object->getUser()->getUuid() === $token->getUser()->getUuid())) {
return VoterInterface::ACCESS_GRANTED;
Expand All @@ -52,6 +52,6 @@ public function getClass(): string

public function getSupportedActions(): array
{
return [self::VIEW, self::CREATE, self::EDIT, self::DELETE];
return [self::OPEN, self::CREATE, self::EDIT, self::DELETE];
}
}

0 comments on commit bf4d9bf

Please sign in to comment.