From 2033de01ca54fbd71a441b21ae5b14544a1ab363 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nnes.com@googlemail.com>
Date: Fri, 29 Mar 2024 15:26:00 +0000
Subject: [PATCH] started with template fixes

---
 Admin/Routes/Web/Api.php         | 2 ++
 Controller/BackendController.php | 1 +
 2 files changed, 3 insertions(+)

diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php
index 4f3b132..2b2f2cb 100755
--- a/Admin/Routes/Web/Api.php
+++ b/Admin/Routes/Web/Api.php
@@ -22,6 +22,7 @@ return [
         [
             'dest'       => '\Modules\HumanResourceTimeRecording\Controller\ApiController:apiSessionCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -33,6 +34,7 @@ return [
         [
             'dest'       => '\Modules\HumanResourceTimeRecording\Controller\ApiController:apiSessionElementCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
diff --git a/Controller/BackendController.php b/Controller/BackendController.php
index bf304e7..8c6601d 100755
--- a/Controller/BackendController.php
+++ b/Controller/BackendController.php
@@ -86,6 +86,7 @@ final class BackendController extends Controller implements DashboardElementInte
             ->with('profile')
             ->with('profile/account')
             ->where('profile/account', $request->header->account)
+            ->limit(1)
             ->execute();
 
         /** @var \Modules\HumanResourceTimeRecording\Models\Session $lastOpenSession */