From e836825eac17ac9ce3bc216e8b9c51d8970f6fe9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dawid=20Parafi=C5=84ski?= <dawid.parafinski@ez.no>
Date: Tue, 27 Mar 2018 14:13:43 +0200
Subject: [PATCH] EZP-28862: Require an explicit permission for the System Info
 route

---
 src/bundle/Controller/SystemInfoController.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/bundle/Controller/SystemInfoController.php b/src/bundle/Controller/SystemInfoController.php
index 7ff771da76..2899aec6bb 100644
--- a/src/bundle/Controller/SystemInfoController.php
+++ b/src/bundle/Controller/SystemInfoController.php
@@ -6,6 +6,7 @@
  */
 namespace EzSystems\EzPlatformAdminUiBundle\Controller;
 
+use eZ\Publish\Core\MVC\Symfony\Security\Authorization\Attribute;
 use EzSystems\EzSupportToolsBundle\SystemInfo\SystemInfoCollectorRegistry;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -22,6 +23,12 @@ public function __construct(SystemInfoCollectorRegistry $collectorRegistry)
         $this->collectorRegistry = $collectorRegistry;
     }
 
+    public function performAccessCheck()
+    {
+        parent::performAccessCheck();
+        $this->denyAccessUnlessGranted(new Attribute('setup', 'system_info'));
+    }
+
     /**
      * Renders the system information page.
      *