From 6c34515be2ba39dceee7da07a1abf246309ccd77 Mon Sep 17 00:00:00 2001
From: JiaJia Ji <kingjia90@gmail.com>
Date: Tue, 9 Jan 2024 11:50:36 +0100
Subject: [PATCH] [Bug]: Fix GDPR search-data-objects permission (#525)

* Update GDPRDataController.php

* fix typo

* Apply php-cs-fixer changes

---------

Co-authored-by: kingjia90 <kingjia90@users.noreply.github.com>
---
 src/Controller/Admin/GDPRDataController.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/Controller/Admin/GDPRDataController.php b/src/Controller/Admin/GDPRDataController.php
index f97e11fb..c97bc12e 100644
--- a/src/Controller/Admin/GDPRDataController.php
+++ b/src/Controller/Admin/GDPRDataController.php
@@ -16,11 +16,13 @@
 namespace CustomerManagementFrameworkBundle\Controller\Admin;
 
 use CustomerManagementFrameworkBundle\GDPR\DataProvider\Customers;
+use Pimcore\Controller\KernelControllerEventInterface;
 use Pimcore\Controller\Traits\JsonHelperTrait;
 use Pimcore\Controller\UserAwareController;
 use Pimcore\Model\DataObject\AbstractObject;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Event\ControllerEvent;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
@@ -28,10 +30,15 @@
  *
  * @Route("/gdpr-data")
  */
-class GDPRDataController extends UserAwareController
+class GDPRDataController extends UserAwareController implements KernelControllerEventInterface
 {
     use JsonHelperTrait;
 
+    public function onKernelControllerEvent(ControllerEvent $event): void
+    {
+        $this->checkPermission('gdpr_data_extractor');
+    }
+
     /**
      * @Route("/search-data-objects", name="_pimcore_customermanagementframework_gdprdata_searchdataobjects", methods={"GET"})
      */