mirror of
https://github.com/Sylius/Sylius.git
synced 2026-07-14 09:02:12 +00:00
[Admin] Fix product in taxon (and variant) positions
This commit is contained in:
parent
5c66672fec
commit
54a2a5cc65
2 changed files with 10 additions and 6 deletions
|
|
@ -29,11 +29,13 @@ class ProductTaxonController extends ResourceController
|
|||
{
|
||||
public function updateProductTaxonsPositionsAction(Request $request): Response
|
||||
{
|
||||
$data = json_decode($request->getContent(), true);
|
||||
|
||||
$configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
|
||||
$this->validateCsrfProtection($request, $configuration);
|
||||
$this->validateCsrfProtection($data['_csrf_token'] ?? [], $configuration);
|
||||
$this->isGrantedOr403($configuration, ResourceActions::UPDATE);
|
||||
|
||||
$productTaxonsPositions = $request->request->all('productTaxons');
|
||||
$productTaxonsPositions = $data['productTaxons'] ?? [];
|
||||
$productTaxonsPositions = array_combine(
|
||||
array_column($productTaxonsPositions, 'id'),
|
||||
array_column($productTaxonsPositions, 'position'),
|
||||
|
|
@ -98,9 +100,9 @@ class ProductTaxonController extends ResourceController
|
|||
return $this->repository->count(['taxon' => $productTaxon->getTaxon()]) - 1;
|
||||
}
|
||||
|
||||
private function validateCsrfProtection(Request $request, RequestConfiguration $configuration): void
|
||||
private function validateCsrfProtection(string $csrfToken, RequestConfiguration $configuration): void
|
||||
{
|
||||
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-taxon-position', (string) $request->request->get('_csrf_token'))) {
|
||||
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-taxon-position', $csrfToken)) {
|
||||
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,11 +28,13 @@ class ProductVariantController extends ResourceController
|
|||
*/
|
||||
public function updatePositionsAction(Request $request): Response
|
||||
{
|
||||
$data = json_decode($request->getContent(), true);
|
||||
|
||||
$configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
|
||||
$this->isGrantedOr403($configuration, ResourceActions::UPDATE);
|
||||
$productVariantsToUpdate = $request->request->all('productVariants');
|
||||
$productVariantsToUpdate = $data['productVariants'] ?? [];
|
||||
|
||||
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-variant-position', (string) $request->request->get('_csrf_token'))) {
|
||||
if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-variant-position', $data['_csrf_token'] ?? '')) {
|
||||
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue