MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 32 Wiki Activity

fix(security) : add ROLE_USER security on all read endpoints

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
THOLOT DECHENE Matthieu
2026-03-15 19:21:19 +01:00
parent edc441f363
commit 63febbea45
10 changed files with 21 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Entity/TimeEntry.php
View File

@@ -24,15 +24,16 @@ use Symfony\Component\Serializer\Attribute\Groups;
#[ApiResource(
operations: [
new GetCollection(),
new GetCollection(security: "is_granted('ROLE_USER')"),
new GetCollection(
name: 'active_time_entry',
uriTemplate: '/time_entries/active',
provider: ActiveTimeEntryProvider::class,
description: 'Get the active timer for the current user',
paginationEnabled: false,
security: "is_granted('ROLE_USER')",
),
new Get(),
new Get(security: "is_granted('ROLE_USER')"),
new Post(security: "is_granted('ROLE_USER')"),
new Patch(security: "is_granted('ROLE_ADMIN') or object.getUser() == user"),
new Delete(security: "is_granted('ROLE_ADMIN') or object.getUser() == user"),