done

há 4 anos · 26771dbe92
--- a/httpdocs/config/services.yaml
+++ b/httpdocs/config/services.yaml
@@ -38,9 +38,9 @@ services:

    # add more service definitions when explicit configuration is needed
    # please note that last definitions always *replace* previous ones
    App\EventListener\BackendMenuListener:
      arguments:
        - "@router"
        - "@request_stack"
      tags:
        - { name: kernel.event_listener, event: contao.backend_menu_build, method: onContaoBackendMenuBuild, priority: -255 }
 #    App\EventListener\BackendMenuListener:
 #      arguments:
 #        - "@router"
 #        - "@request_stack"
 #      tags:
 #        - { name: kernel.event_listener, event: contao.backend_menu_build, method: onContaoBackendMenuBuild, priority: -255 }
--- a/httpdocs/src/Controller/BackendController.php
+++ b/httpdocs/src/Controller/BackendController.php
@@ -2,6 +2,7 @@
 namespace App\Controller;


 use Contao\BackendUser;
 use Doctrine\DBAL\Connection;
 use Onurb\Bundle\ExcelBundle\Factory\ExcelFactory;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -13,7 +14,6 @@ use Symfony\Component\HttpKernel\KernelInterface;
 use Symfony\Component\Routing\Annotation\Route;
 use Twig\Environment as TwigEnvironment;
 use Terminal42\ServiceAnnotationBundle\Annotation\ServiceTag;
 use function Ramsey\Uuid\v1;

 /**
 * @Route("/contao/key-data",
@@ -36,6 +36,10 @@ class BackendController extends AbstractController
        $GLOBALS['TL_JAVASCRIPT'][] = 'assets/jquery/js/jquery.js';
        $this->twig = $twig;
        $this->kernel = $kernel;

        if (!BackendController::hasRightsToImport()) {
            throw new \Exception('invalid rights');
        }
    }

    /**
@@ -161,4 +165,10 @@ class BackendController extends AbstractController
    {
        return $request->cookies->get($this->kernel->getEnvironment() === 'dev' ? 'csrf_contao_csrf_token' : 'csrf_https-contao_csrf_token');
    }

    public static function hasRightsToImport()
    {
        $objUser = BackendUser::getInstance();
        return $objUser->isAdmin || in_array(2, $objUser->groups, false);
    }
 }
--- a/httpdocs/src/EventListener/BackendMenuListener.php
+++ b/httpdocs/src/EventListener/BackendMenuListener.php
@@ -4,9 +4,11 @@
 namespace App\EventListener;

 use App\Controller\BackendController;
 use Contao\BackendUser;
 use Contao\CoreBundle\Event\MenuEvent;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Security;
 use Terminal42\ServiceAnnotationBundle\Annotation\ServiceTag;

 /**
@@ -34,6 +36,10 @@ class BackendMenuListener
            return;
        }

        if (!BackendController::hasRightsToImport()) {
            return;
        }

        $contentNode = $tree->getChild('content');

        $node = $factory