fix(helpdesk): tighten debitor lookup permission and use Router::json
Require ABILITY_HANDOVERS_CREATE instead of generic ABILITY_ACCESS. Replace manual header + echo with Router::json() for consistency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -2,18 +2,18 @@
|
||||
|
||||
use MintyPHP\Module\Helpdesk\HelpdeskAuthorizationPolicy;
|
||||
use MintyPHP\Module\Helpdesk\Service\DebitorSearchService;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbilityOrForbidden(HelpdeskAuthorizationPolicy::ABILITY_ACCESS);
|
||||
Guard::requireAbilityOrForbidden(HelpdeskAuthorizationPolicy::ABILITY_HANDOVERS_CREATE);
|
||||
gridRequireGetRequest();
|
||||
|
||||
$request = requestInput();
|
||||
$query = trim((string) $request->query('q', ''));
|
||||
|
||||
if ($query === '' || mb_strlen($query) < 2) {
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
echo '[]';
|
||||
Router::json([]);
|
||||
|
||||
return;
|
||||
}
|
||||
@@ -42,5 +42,4 @@ if (($result['status'] ?? '') === 'success') {
|
||||
}
|
||||
}
|
||||
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
echo json_encode($items, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
||||
Router::json($items);
|
||||
|
||||
Reference in New Issue
Block a user