Security: Update security check for User and Course GetCollection to require ROLE_ADMIN or ROLE_TEACHER

AngelFQC · AngelFQC · commit 56b21441e1e6 · 2025-11-28T09:54:52.000-05:00
diff --git a/src/CoreBundle/Entity/Course.php b/src/CoreBundle/Entity/Course.php
@@ -71,8 +71,8 @@
             read: false,
             deserialize: false,
         ),
-        new Post(security: "is_granted('ROLE_USER')"),
-        new GetCollection(security: "is_granted('ROLE_USER')"),
+        new Post(security: "is_granted('ROLE_TEACHER') or is_granted('ROLE_ADMIN')"),
+        new GetCollection(security: "is_granted('ROLE_TEACHER') or is_granted('ROLE_ADMIN')"),
         new GetCollection(
             uriTemplate: '/public_courses',
             normalizationContext: ['groups' => ['course:read']],
diff --git a/src/CoreBundle/Entity/User.php b/src/CoreBundle/Entity/User.php
@@ -104,7 +104,7 @@
         ),
         new Put(security: "is_granted('EDIT', object)"),
         new Delete(security: "is_granted('DELETE', object)"),
-        new GetCollection(security: "is_granted('ROLE_USER')"),
+        new GetCollection(security: "is_granted('ROLE_ADMIN')"),
         new Post(security: "is_granted('ROLE_ADMIN')"),
         new GetCollection(
             uriTemplate: '/users/{id}/skills',
