Admin and full customer user must have access to all versions

vtsykun · Sep 14, 2024 · 4810b89 · 4810b89
1 parent 1d885f2
commit 4810b89
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -83,7 +83,7 @@ security:
         ROLE_UPDATE_PACKAGES: ~
         ROLE_DELETE_PACKAGES: ~
         ROLE_EDIT_PACKAGES: ~
-    
+
         ROLE_FULL_CUSTOMER: [ ROLE_USER ] # Access to all packages without ACL group restriction
         ROLE_MAINTAINER:  [ ROLE_FULL_CUSTOMER, ROLE_USER, ROLE_UPDATE_PACKAGES ]
         ROLE_ADMIN:       [ ROLE_MAINTAINER, ROLE_EDIT_PACKAGES, ROLE_DELETE_PACKAGES ]

diff --git a/src/Controller/ZipballController.php b/src/Controller/ZipballController.php
@@ -91,7 +91,7 @@ public function zipballAction(#[Vars('name')] Package $package, string $hash): R
             return $this->createNotFound();
         }
 
-        $isGranted = $this->isGranted('VIEW_ALL_VERSION', $package);
+        $isGranted = $this->isGranted('VIEW_ALL_VERSION', $package) || $this->isGranted('ROLE_FULL_CUSTOMER', $package);
         foreach ($package->getAllVersionsByReference($reference) as $version) {
             $isGranted |= $this->isGranted('ROLE_FULL_CUSTOMER', $version);
         }