From 7a1d210aabca82ba7b4df285837ad19a897f46b2 Mon Sep 17 00:00:00 2001 From: Korca Date: Tue, 9 Jun 2026 10:54:08 +0200 Subject: [PATCH] Enforces permission check on sign-in Prevents users from signing in if they lack the required customer or backoffice ACL resources. This ensures only users with appropriate permissions can access the administrative interface, improving security and providing clearer feedback during login attempts. Adds a new localized error message for permission denied. --- src/UI/Components/Forms/SignIn/SignInFormTrait.php | 9 +++++++++ src/lang/fcadmin.cs.yml | 1 + 2 files changed, 10 insertions(+) diff --git a/src/UI/Components/Forms/SignIn/SignInFormTrait.php b/src/UI/Components/Forms/SignIn/SignInFormTrait.php index 4f9935b..3fe8c0d 100644 --- a/src/UI/Components/Forms/SignIn/SignInFormTrait.php +++ b/src/UI/Components/Forms/SignIn/SignInFormTrait.php @@ -105,6 +105,15 @@ public function validateForm(array $values, Form $form): void { try { $this->_identity = $this->_authenticator->authenticate($values['email'], $values['password'], $this->_fancyAdmin->getContext()); + + if ( + !$this->_identity->isAllowed($this->_fancyAdmin->getCustomerAclResource()) + && + !$this->_identity->isAllowed($this->_fancyAdmin->getBackofficeAclResource()) + ) { + $form->addError('fcadmin.appGeneral.exceptions.noPermission'); + } + } catch (AuthenticationException) { $form->addError('fcadmin.appGeneral.exceptions.wrongCredentials'); } diff --git a/src/lang/fcadmin.cs.yml b/src/lang/fcadmin.cs.yml index ed4d60b..6d2292e 100644 --- a/src/lang/fcadmin.cs.yml +++ b/src/lang/fcadmin.cs.yml @@ -307,6 +307,7 @@ appGeneral: exceptions: userNotFound: "Uživatel nenalezen" wrongCredentials: "Neplatné přihlašovací údaje" + noPermission: "Nemáte právo pro přihlášení" inactiveUser: "Neaktivní uživatel" sidePanels: