[Admin] Fix product in taxon (and variant) positions

This commit is contained in:
Michał Pysiak 2024-09-27 10:39:58 +02:00
parent 5c66672fec
commit 54a2a5cc65
No known key found for this signature in database
GPG key ID: 9C1F2D0F99830187
2 changed files with 10 additions and 6 deletions

View file

@ -29,11 +29,13 @@ class ProductTaxonController extends ResourceController
{
public function updateProductTaxonsPositionsAction(Request $request): Response
{
$data = json_decode($request->getContent(), true);
$configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
$this->validateCsrfProtection($request, $configuration);
$this->validateCsrfProtection($data['_csrf_token'] ?? [], $configuration);
$this->isGrantedOr403($configuration, ResourceActions::UPDATE);
$productTaxonsPositions = $request->request->all('productTaxons');
$productTaxonsPositions = $data['productTaxons'] ?? [];
$productTaxonsPositions = array_combine(
array_column($productTaxonsPositions, 'id'),
array_column($productTaxonsPositions, 'position'),
@ -98,9 +100,9 @@ class ProductTaxonController extends ResourceController
return $this->repository->count(['taxon' => $productTaxon->getTaxon()]) - 1;
}
private function validateCsrfProtection(Request $request, RequestConfiguration $configuration): void
private function validateCsrfProtection(string $csrfToken, RequestConfiguration $configuration): void
{
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-taxon-position', (string) $request->request->get('_csrf_token'))) {
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-taxon-position', $csrfToken)) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
}
}

View file

@ -28,11 +28,13 @@ class ProductVariantController extends ResourceController
*/
public function updatePositionsAction(Request $request): Response
{
$data = json_decode($request->getContent(), true);
$configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
$this->isGrantedOr403($configuration, ResourceActions::UPDATE);
$productVariantsToUpdate = $request->request->all('productVariants');
$productVariantsToUpdate = $data['productVariants'] ?? [];
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-variant-position', (string) $request->request->get('_csrf_token'))) {
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-variant-position', $data['_csrf_token'] ?? '')) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
}