From c3079f8895f802f9ad8572cfa64c4416474d4fbe Mon Sep 17 00:00:00 2001
From: kayliz <kaywinnet.liz@gmail.com>
Date: Thu, 11 Jan 2024 15:28:21 +0100
Subject: [PATCH] add access control

---
 src/Controller/TeamController.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Controller/TeamController.php b/src/Controller/TeamController.php
index 27bb8106..b1c380e7 100644
--- a/src/Controller/TeamController.php
+++ b/src/Controller/TeamController.php
@@ -469,9 +469,11 @@ public function setPresetIgnored(
         UrlGeneratorInterface  $urlGenerator,
         TeamRepository         $teamRepository,
         EntityManagerInterface $em,
-        InheritanceService     $inheritanceService
+        InheritanceService     $inheritanceService,
+        SecurityService        $securityService
     ): RedirectResponse
     {
+        $user = $this->getUser();
         $team = $request->get('team');
         $preset = $request->get('preset');
         $type = $request->get('type');
@@ -485,6 +487,10 @@ public function setPresetIgnored(
             $preset = $em->getRepository($type)->find($preset);
         }
 
+        if ($securityService->adminCheck($user, $team) === false) {
+            return $this->redirectToRoute('dashboard');
+        }
+
         if ($team && $preset) {
             $inheritanceService->setIgnored($preset, $team, $ignored);
             $em->persist($preset);