Nodarx/server
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

implemented operation based permissions

Browse Source
This commit is contained in:
root
2025-12-24 19:22:20 -05:00
parent a9afa7ce13
commit 3d6aa856b4
18 changed files with 578 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
core/lib/Controllers/UserProfileController.php
View File

@@ -22,7 +22,12 @@ class UserProfileController extends ControllerAbstract
*
* @return JsonResponse Profile data with editability metadata
*/
#[AuthenticatedRoute('/user/profile', name: 'user.profile.read', methods: ['GET'])]
#[AuthenticatedRoute(
'/user/profile',
name: 'user.profile.read',
methods: ['GET'],
permissions: ['user.profile.read']
)]
public function read(): JsonResponse
{
$userId = $this->userIdentity->identifier();
@@ -50,7 +55,12 @@ class UserProfileController extends ControllerAbstract
*
* @return JsonResponse Updated profile data
*/
#[AuthenticatedRoute('/user/profile', name: 'user.profile.update', methods: ['PUT', 'PATCH'])]
#[AuthenticatedRoute(
'/user/profile',
name: 'user.profile.update',
methods: ['PUT', 'PATCH'],
permissions: ['user.profile.update']
)]
public function update(array $data): JsonResponse
{
$userId = $this->userIdentity->identifier();