Merge pull request #427 from ViniTou/EZP-28862-system-info-permission

EZP-28862: Require an explicit permission for the System Info route

src/bundle/Controller/SystemInfoController.php

@@ -6,6 +6,7 @@
  */
 namespace EzSystems\EzPlatformAdminUiBundle\Controller;
 
+use eZ\Publish\Core\MVC\Symfony\Security\Authorization\Attribute;
 use EzSystems\EzSupportToolsBundle\SystemInfo\SystemInfoCollectorRegistry;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -22,6 +23,12 @@ public function __construct(SystemInfoCollectorRegistry $collectorRegistry)
         $this->collectorRegistry = $collectorRegistry;
     }
 
+    public function performAccessCheck()
+    {
+        parent::performAccessCheck();
+        $this->denyAccessUnlessGranted(new Attribute('setup', 'system_info'));
+    }
+
     /**
      * Renders the system information page.
      *