From 4810b89f1f22d4fc969f3b14d60cfa1adf4c8fce Mon Sep 17 00:00:00 2001
From: Uladzimir Tsykun <tsykun314@gmail.com>
Date: Sat, 14 Sep 2024 20:13:55 +0200
Subject: [PATCH] Admin and full customer user must have access to all versions

---
 config/packages/security.yaml        | 2 +-
 src/Controller/ZipballController.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index fbb9e327..fbe27795 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -83,7 +83,7 @@ security:
         ROLE_UPDATE_PACKAGES: ~
         ROLE_DELETE_PACKAGES: ~
         ROLE_EDIT_PACKAGES: ~
-    
+
         ROLE_FULL_CUSTOMER: [ ROLE_USER ] # Access to all packages without ACL group restriction
         ROLE_MAINTAINER:  [ ROLE_FULL_CUSTOMER, ROLE_USER, ROLE_UPDATE_PACKAGES ]
         ROLE_ADMIN:       [ ROLE_MAINTAINER, ROLE_EDIT_PACKAGES, ROLE_DELETE_PACKAGES ]
diff --git a/src/Controller/ZipballController.php b/src/Controller/ZipballController.php
index 1297b6d4..ad032848 100644
--- a/src/Controller/ZipballController.php
+++ b/src/Controller/ZipballController.php
@@ -91,7 +91,7 @@ public function zipballAction(#[Vars('name')] Package $package, string $hash): R
             return $this->createNotFound();
         }
 
-        $isGranted = $this->isGranted('VIEW_ALL_VERSION', $package);
+        $isGranted = $this->isGranted('VIEW_ALL_VERSION', $package) || $this->isGranted('ROLE_FULL_CUSTOMER', $package);
         foreach ($package->getAllVersionsByReference($reference) as $version) {
             $isGranted |= $this->isGranted('ROLE_FULL_CUSTOMER', $version);
         }