From f7a8721cf97c2b9bed29f23845eb9cfd257bb997 Mon Sep 17 00:00:00 2001
From: robertSt7 <robert.steinkellner@pimcore.com>
Date: Mon, 8 Jan 2024 12:25:53 +0100
Subject: [PATCH] Fix: improper access

---
 src/Controller/Admin/DuplicatesController.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Controller/Admin/DuplicatesController.php b/src/Controller/Admin/DuplicatesController.php
index 73f53a97..55b1b2a2 100644
--- a/src/Controller/Admin/DuplicatesController.php
+++ b/src/Controller/Admin/DuplicatesController.php
@@ -23,6 +23,7 @@
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\ControllerEvent;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
@@ -35,6 +36,12 @@ public function init()
         AbstractObject::setHideUnpublished(true);
     }
 
+    public function onKernelControllerEvent(ControllerEvent $event): void
+    {
+        parent::onKernelControllerEvent($event);
+        $this->checkPermission('plugin_cmf_perm_customerview');
+    }
+
     /**
      * @Route("/list")
      *