From e45e677b2b98aac861f1188edb1600d74e42e861 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Cailly?= <ccailly@teclib.com>
Date: Tue, 30 Dec 2025 17:04:23 +0100
Subject: [PATCH] fix: Update security policy for ldap dropdown controller

---
 src/Controller/LdapDropdownController.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Controller/LdapDropdownController.php b/src/Controller/LdapDropdownController.php
index 4583fca..6499512 100644
--- a/src/Controller/LdapDropdownController.php
+++ b/src/Controller/LdapDropdownController.php
@@ -37,6 +37,8 @@
 use Glpi\Controller\Form\Utils\CanCheckAccessPolicies;
 use Glpi\Exception\Http\BadRequestHttpException;
 use Glpi\Form\Question;
+use Glpi\Http\Firewall;
+use Glpi\Security\Attribute\SecurityStrategy;
 use GlpiPlugin\Advancedforms\Model\Dropdown\LdapDropdown;
 use GlpiPlugin\Advancedforms\Model\Dropdown\LdapDropdownQuery;
 use GlpiPlugin\Advancedforms\Utils\SafeCommonDBTM;
@@ -53,6 +55,7 @@ final class LdapDropdownController extends AbstractController
 {
     use CanCheckAccessPolicies;
 
+    #[SecurityStrategy(Firewall::STRATEGY_AUTHENTICATED)]
     #[Route(
         path: 'LdapDropdown',
         name: "ldap_dropdown",