From bf4d9bf23c1be583cb32126894efc9092ba11f78 Mon Sep 17 00:00:00 2001 From: Elorfin Date: Wed, 11 Oct 2023 08:52:41 +0200 Subject: [PATCH] [ApiToken] disables unused endpoints --- src/main/authentication/Controller/ApiTokenController.php | 5 +++++ src/main/authentication/Security/Voter/ApiTokenVoter.php | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/main/authentication/Controller/ApiTokenController.php b/src/main/authentication/Controller/ApiTokenController.php index 710f3ef5332..46bcf6b621c 100644 --- a/src/main/authentication/Controller/ApiTokenController.php +++ b/src/main/authentication/Controller/ApiTokenController.php @@ -49,6 +49,11 @@ public function getName(): string return 'apitoken'; } + public function getIgnore(): array + { + return ['exist', 'copyBulk', 'schema', 'find']; + } + protected function getDefaultHiddenFilters(): array { if (!$this->authorization->isGranted('IS_AUTHENTICATED_FULLY')) { diff --git a/src/main/authentication/Security/Voter/ApiTokenVoter.php b/src/main/authentication/Security/Voter/ApiTokenVoter.php index 8e9d329fb73..6a0069cc855 100644 --- a/src/main/authentication/Security/Voter/ApiTokenVoter.php +++ b/src/main/authentication/Security/Voter/ApiTokenVoter.php @@ -33,7 +33,7 @@ public function checkPermission(TokenInterface $token, $object, array $attribute } // no break case self::CREATE: - case self::VIEW: + case self::OPEN: $isAdmin = $this->hasAdminToolAccess($token, 'integration'); if ($isAdmin || (!empty($object->getUser()) && $object->getUser()->getUuid() === $token->getUser()->getUuid())) { return VoterInterface::ACCESS_GRANTED; @@ -52,6 +52,6 @@ public function getClass(): string public function getSupportedActions(): array { - return [self::VIEW, self::CREATE, self::EDIT, self::DELETE]; + return [self::OPEN, self::CREATE, self::EDIT, self::DELETE]; } }