ilhooq/ai-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correction bug Autorisation dans AdminController

Browse Source
This commit is contained in:
Sylvain Philip 2024-10-03 19:56:16 +02:00
parent 3013d2768c
commit b0af05880b
1 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/user/controllers/AdminController.php
View File

@ -11,9 +11,11 @@ namespace app\modules\user\controllers;
use Piko\HttpException;
use function Piko\I18n\__;
use Piko\User as PikoUser;
use app\modules\user\Module;
use app\modules\user\models\Role;
use app\modules\user\models\User;
use app\modules\user\models\Permission;
use Piko\Controller\Event\BeforeActionEvent;
/**
* User admin controller
@ -36,21 +38,15 @@ class AdminController extends \Piko\Controller
$db = $app->getComponent('PDO');
assert($db instanceof \PDO);
$this->db = $db;
}
/**
* {@inheritDoc}
* @see \piko\Controller::runAction()
*/
public function runAction($id)
{
assert($this->module instanceof \app\modules\user\Module);
$this->on(BeforeActionEvent::class, function () {
$module = $this->module;
assert($module instanceof Module);
if (!$this->user->can($this->module->adminRole)) {
throw new HttpException('Not authorized.', 403);
}
return parent::runAction($id);
if (!$this->user->can($module->adminRole)) {
throw new HttpException(403, 'Not authorized.');
}
});
}
/**