Skip to content

Commit

Permalink
Merge pull request #209 from vtsykun/fix/acl-ref
Browse files Browse the repository at this point in the history
Check ACL for all version with the same reference
  • Loading branch information
vtsykun authored Dec 27, 2023
2 parents e90da30 + f26beef commit 2dcc873
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
7 changes: 5 additions & 2 deletions src/Controller/ZipballController.php
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,11 @@ public function zipballAction(#[Vars('name')] Package $package, string $hash): R
return $this->createNotFound();
}

$version = $package->getVersionByReference($reference);
if (!$this->isGranted('ROLE_FULL_CUSTOMER', $version) && !$this->isGranted('VIEW_ALL_VERSION', $package)) {
$isGranted = $this->isGranted('VIEW_ALL_VERSION', $package);
foreach ($package->getAllVersionsByReference($reference) as $version) {
$isGranted |= $this->isGranted('ROLE_FULL_CUSTOMER', $version);
}
if (!$isGranted) {
return $this->createNotFound();
}

Expand Down
9 changes: 9 additions & 0 deletions src/Entity/Package.php
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,15 @@ public function getVersionByReference(string $reference): ?Version
return $this->versions->findFirst(fn($k, $v) => $v->getReference() === $reference);
}

/**
* @param string $reference
* @return Version[]
*/
public function getAllVersionsByReference(string $reference): array
{
return $this->versions->filter(fn(Version $v, $k) => $v->getReference() === $reference)->toArray();
}

public function getVersion($normalizedVersion)
{
if (null === $this->cachedVersions) {
Expand Down

0 comments on commit 2dcc873

Please sign in to comment.