Skip to content

Added security-check for collections in media controller #4056

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 16, 2018
Merged

Added security-check for collections in media controller #4056

merged 4 commits into from
Jul 16, 2018

Conversation

wachterjohannes
Copy link
Member

@wachterjohannes wachterjohannes commented Jul 5, 2018
edited
Loading

Q A
Bug fix? no
New feature? no
BC breaks? no
Deprecations? no
Fixed tickets none
Related issues/PRs none
License MIT
Documentation PR none

What's in this PR?

This PR add the security check for media cget action when no collection is passed.

Why?

Medias in a secured area will be displayed in the overview of medias.

To Do

  • Tests

@wachterjohannes wachterjohannes force-pushed the hotfix/media-collection-permissions branch from 8c98778 to b673f76 Compare July 5, 2018 11:25
@wachterjohannes wachterjohannes changed the title WIP: Added security-check for collections in media cget controller WIP: Added security-check for collections in media controller Jul 5, 2018
@wachterjohannes wachterjohannes force-pushed the hotfix/media-collection-permissions branch 3 times, most recently from 245980b to 269c548 Compare July 5, 2018 12:15
@wachterjohannes wachterjohannes changed the title WIP: Added security-check for collections in media controller Added security-check for collections in media controller Jul 5, 2018
@wachterjohannes wachterjohannes requested a review from chirimoya July 5, 2018 12:15
@wachterjohannes wachterjohannes force-pushed the hotfix/media-collection-permissions branch 2 times, most recently from 52813cb to efe1c70 Compare July 9, 2018 08:00
chirimoya
chirimoya requested changes Jul 11, 2018
View reviewed changes
src/Sulu/Component/Rest/ListBuilder/Doctrine/DoctrineListBuilder.php Outdated
/**
* {@inheritdoc}
*/
public function setPermissionCheck(UserInterface $user, $permission, $entityName = null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$securedEntityName

@chirimoya chirimoya requested a review from danrot July 11, 2018 07:34
@wachterjohannes wachterjohannes added this to the Release 1.6 milestone Jul 11, 2018
@wachterjohannes wachterjohannes force-pushed the hotfix/media-collection-permissions branch from efe1c70 to c11cf86 Compare July 11, 2018 09:11
@wachterjohannes wachterjohannes changed the base branch from master to release/1.5 July 11, 2018 09:12
@wachterjohannes wachterjohannes force-pushed the hotfix/media-collection-permissions branch from c11cf86 to 0fadbe8 Compare July 11, 2018 09:12
@wachterjohannes wachterjohannes force-pushed the hotfix/media-collection-permissions branch from 2d206c2 to b28f089 Compare July 11, 2018 09:47
@danrot danrot merged commit f72cf21 into sulu:release/1.5 Jul 16, 2018
danrot pushed a commit to danrot/sulu that referenced this pull request Jul 16, 2018
@wachterjohannes @danrot
Added security-check for collections in media controller (sulu#4056)
5608211 
* added security-check for collections in media cget controller

* fixed postgres tests

* fixed review comments
@wachterjohannes wachterjohannes deleted the hotfix/media-collection-permissions branch August 6, 2018 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chirimoya chirimoya chirimoya requested changes

+1 more reviewer

@danrot danrot danrot approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@danrot danrot

Labels
None yet
Projects
None yet
Milestone
Release 1.6
Development

Successfully merging this pull request may close these issues.
3 participants
@wachterjohannes @danrot @chirimoya