Skip to content

Commit 6080ba3

Browse files
tatevikg1tatevikg1
committed
ISSUE-345: check manage campaigns privilege
1 parent aff2abf commit 6080ba3

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

src/Messaging/Controller/CampaignController.php

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
namespace PhpList\RestBundle\Messaging\Controller;
66

77
use OpenApi\Attributes as OA;
8+
use PhpList\Core\Domain\Identity\Model\PrivilegeFlag;
89
use PhpList\Core\Domain\Messaging\Model\Filter\MessageFilter;
910
use PhpList\Core\Domain\Messaging\Model\Message;
1011
use PhpList\Core\Domain\Messaging\Service\MessageManager;
@@ -219,6 +220,9 @@ public function getMessage(
219220
public function createMessage(Request $request, MessageNormalizer $normalizer): JsonResponse
220221
{
221222
$authUser = $this->requireAuthentication($request);
223+
if (!$authUser->getPrivileges()->has(PrivilegeFlag::Campaigns)) {
224+
throw $this->createAccessDeniedException('You are not allowed to create campaigns.');
225+
}
222226

223227
/** @var CreateMessageRequest $createMessageRequest */
224228
$createMessageRequest = $this->validator->validate($request, CreateMessageRequest::class);
@@ -290,6 +294,9 @@ public function updateMessage(
290294
#[MapEntity(mapping: ['messageId' => 'id'])] ?Message $message = null,
291295
): JsonResponse {
292296
$authUser = $this->requireAuthentication($request);
297+
if (!$authUser->getPrivileges()->has(PrivilegeFlag::Campaigns)) {
298+
throw $this->createAccessDeniedException('You are not allowed to update campaigns.');
299+
}
293300

294301
if (!$message) {
295302
throw $this->createNotFoundException('Campaign not found.');
@@ -348,7 +355,10 @@ public function deleteMessage(
348355
Request $request,
349356
#[MapEntity(mapping: ['messageId' => 'id'])] ?Message $message = null
350357
): JsonResponse {
351-
$this->requireAuthentication($request);
358+
$authUser = $this->requireAuthentication($request);
359+
if (!$authUser->getPrivileges()->has(PrivilegeFlag::Campaigns)) {
360+
throw $this->createAccessDeniedException('You are not allowed to delete campaigns.');
361+
}
352362

353363
if (!$message) {
354364
throw $this->createNotFoundException('Campaign not found.');

0 commit comments

Comments
 (0)