[Bug]: Add permission checks in AdminController actions #108

kingjia90 · 2025-12-17T11:49:58Z

The button is protected on frontend but not on backend from unauthorized access

web2print-tools/src/Resources/public/js/Web2Print/bundle.js

Lines 35 to 53 in 1c5251d

    
           if (user.isAllowed('web2print_web2print_favourite_output_channels')) { 
        
               const navigationItem = { 
        
                   text: t('web2print_favorite_outputdefinitions'), 
        
                   iconCls: 'bundle_outputdataconfig_nav_icon', 
        
                   handler: this.openFavouriteOutputChannel 
        
               }; 
        
               if(e.type === pimcore.events.preMenuBuild){ 
        
                   let menu = e.detail.menu.settings; 
        
                   menu.items.push(navigationItem); 
        
               } 
        
               if(e.type === pimcore.events.pimcoreReady){ 
        
                   let menu = pimcore.globalmanager.get('layout_toolbar').settingsMenu; 
        
                   menu.add(navigationItem); 
        
               } 
        
           }

Removed permission check from favorite output definitions actions.

sonarqubecloud · 2025-12-18T10:09:52Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Add permission checks in AdminController actions

e73e12c

kingjia90 self-assigned this Dec 17, 2025

kingjia90 added Bug Pimcore:Priority labels Dec 17, 2025

kingjia90 added this to the 5.2.2 milestone Dec 17, 2025

kingjia90 added 2 commits December 17, 2025 15:06

fix typo

34cfdc2

it seems intended that these 2 are always allowed

8459eee

Removed permission check from favorite output definitions actions.

kingjia90 merged commit 7714452 into 5.2 Jan 13, 2026
6 of 8 checks passed

kingjia90 deleted the permission-fix branch January 13, 2026 08:20

github-actions bot locked and limited conversation to collaborators Jan 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: Add permission checks in AdminController actions #108

[Bug]: Add permission checks in AdminController actions #108

Uh oh!

kingjia90 commented Dec 17, 2025 •

edited

Loading

Uh oh!

sonarqubecloud bot commented Dec 18, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

	if (user.isAllowed('web2print_web2print_favourite_output_channels')) {
	const navigationItem = {
	text: t('web2print_favorite_outputdefinitions'),
	iconCls: 'bundle_outputdataconfig_nav_icon',
	handler: this.openFavouriteOutputChannel
	};

	if(e.type === pimcore.events.preMenuBuild){
	let menu = e.detail.menu.settings;

	menu.items.push(navigationItem);
	}

	if(e.type === pimcore.events.pimcoreReady){
	let menu = pimcore.globalmanager.get('layout_toolbar').settingsMenu;

	menu.add(navigationItem);
	}
	}

[Bug]: Add permission checks in AdminController actions #108

[Bug]: Add permission checks in AdminController actions #108

Uh oh!

Conversation

kingjia90 commented Dec 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sonarqubecloud bot commented Dec 18, 2025

Quality Gate passed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

kingjia90 commented Dec 17, 2025 •

edited

Loading