fix(helpdesk): tighten debitor lookup permission and use Router::json
Require ABILITY_HANDOVERS_CREATE instead of generic ABILITY_ACCESS. Replace manual header + echo with Router::json() for consistency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -2,18 +2,18 @@
|
|||||||
|
|
||||||
use MintyPHP\Module\Helpdesk\HelpdeskAuthorizationPolicy;
|
use MintyPHP\Module\Helpdesk\HelpdeskAuthorizationPolicy;
|
||||||
use MintyPHP\Module\Helpdesk\Service\DebitorSearchService;
|
use MintyPHP\Module\Helpdesk\Service\DebitorSearchService;
|
||||||
|
use MintyPHP\Router;
|
||||||
use MintyPHP\Support\Guard;
|
use MintyPHP\Support\Guard;
|
||||||
|
|
||||||
Guard::requireLogin();
|
Guard::requireLogin();
|
||||||
Guard::requireAbilityOrForbidden(HelpdeskAuthorizationPolicy::ABILITY_ACCESS);
|
Guard::requireAbilityOrForbidden(HelpdeskAuthorizationPolicy::ABILITY_HANDOVERS_CREATE);
|
||||||
gridRequireGetRequest();
|
gridRequireGetRequest();
|
||||||
|
|
||||||
$request = requestInput();
|
$request = requestInput();
|
||||||
$query = trim((string) $request->query('q', ''));
|
$query = trim((string) $request->query('q', ''));
|
||||||
|
|
||||||
if ($query === '' || mb_strlen($query) < 2) {
|
if ($query === '' || mb_strlen($query) < 2) {
|
||||||
header('Content-Type: application/json; charset=utf-8');
|
Router::json([]);
|
||||||
echo '[]';
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -42,5 +42,4 @@ if (($result['status'] ?? '') === 'success') {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
header('Content-Type: application/json; charset=utf-8');
|
Router::json($items);
|
||||||
echo json_encode($items, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
|
||||||
|
|||||||
Reference in New Issue
Block a user