From 20611e96c2d008c452a74822e72f4b0cdd80593e Mon Sep 17 00:00:00 2001 From: Tykayn Date: Wed, 26 Feb 2025 18:19:05 +0100 Subject: [PATCH] restreinte des index si on est pas ROLE_ADMIN --- assets/styles/pages/_dashboard.scss | 2 +- assets/styles/pages/_forms.scss | 4 ++ assets/styles/pages/_portfolio.scss | 12 +---- assets/styles/pages/global.scss | 1 + src/Controller/FestivalController.php | 14 +++++- src/Controller/GroupOfProductsController.php | 14 +++++- src/Controller/ProductController.php | 12 ++++- src/Controller/SellingController.php | 9 +++- templates/expense/index.html.twig | 5 +- templates/festival/index.html.twig | 4 +- templates/group_of_products/index.html.twig | 5 +- templates/logged/history.html.twig | 12 +++-- templates/product/index.html.twig | 5 +- templates/selling/index.html.twig | 2 +- templates/selling/show.html.twig | 48 ++++++++++++++++++-- templates/serie_festival/index.html.twig | 2 +- 16 files changed, 116 insertions(+), 35 deletions(-) diff --git a/assets/styles/pages/_dashboard.scss b/assets/styles/pages/_dashboard.scss index 90f14cee..787c56e4 100755 --- a/assets/styles/pages/_dashboard.scss +++ b/assets/styles/pages/_dashboard.scss @@ -63,7 +63,7 @@ .horizontal-land { overflow-x: auto; overflow-y: hidden; - //width: 100%; + width: 100%; height: 75vh; background: #ccc; padding: 0.5rem; diff --git a/assets/styles/pages/_forms.scss b/assets/styles/pages/_forms.scss index 81ebfa37..4275ebc6 100644 --- a/assets/styles/pages/_forms.scss +++ b/assets/styles/pages/_forms.scss @@ -52,4 +52,8 @@ form { .btn-remove-all { color: white; +} + +.btn-create { + min-width: 10rem; } \ No newline at end of file diff --git a/assets/styles/pages/_portfolio.scss b/assets/styles/pages/_portfolio.scss index 853a406a..42fa754d 100644 --- a/assets/styles/pages/_portfolio.scss +++ b/assets/styles/pages/_portfolio.scss @@ -730,17 +730,7 @@ progress { } } -@media (min-width: 1400px) { - - .container-xxl, - .container-xl, - .container-lg, - .container-md, - .container-sm, - .container { - max-width: 1320px; - } -} +@media (min-width: 1400px) {} .row { --bs-gutter-x: 1.5rem; diff --git a/assets/styles/pages/global.scss b/assets/styles/pages/global.scss index ff6ff23a..1c99cd91 100755 --- a/assets/styles/pages/global.scss +++ b/assets/styles/pages/global.scss @@ -12,6 +12,7 @@ body { .main-container-box { padding-left: 5rem; + padding-bottom: 10rem; } #wrapper { diff --git a/src/Controller/FestivalController.php b/src/Controller/FestivalController.php index 8d115bc2..c3586b39 100644 --- a/src/Controller/FestivalController.php +++ b/src/Controller/FestivalController.php @@ -16,9 +16,19 @@ final class FestivalController extends AbstractController { #[Route(name: 'app_festival_index', methods: ['GET'])] public function index(FestivalRepository $festivalRepository): Response - { + { + $userFound = $this->getUser(); + + if ($this->isGranted('ROLE_ADMIN')) { + $festivals = $festivalRepository->findAll(); + } else { + if (!$userFound) { + throw $this->createAccessDeniedException('Vous devez être connecté pour voir les festivals.'); + } + $festivals = $festivalRepository->findBy(['user' => $userFound]); + } return $this->render('festival/index.html.twig', [ - 'festivals' => $festivalRepository->findAll(), + 'festivals' => $festivals, ]); } diff --git a/src/Controller/GroupOfProductsController.php b/src/Controller/GroupOfProductsController.php index 80f93ed9..d61d7751 100644 --- a/src/Controller/GroupOfProductsController.php +++ b/src/Controller/GroupOfProductsController.php @@ -17,8 +17,20 @@ final class GroupOfProductsController extends AbstractController #[Route(name: 'app_group_of_products_index', methods: ['GET'])] public function index(GroupOfProductsRepository $groupOfProductsRepository): Response { + $userFound = $this->getUser(); + $userFound = $this->getUser(); + + if ($this->isGranted('ROLE_ADMIN')) { + $groupOfProducts = $groupOfProductsRepository->findAll(); + } else { + if (!$userFound) { + throw $this->createAccessDeniedException('Vous devez être connecté pour voir les groupes de produits.'); + } + $groupOfProducts = $groupOfProductsRepository->findBy(['user' => $userFound]); + } + return $this->render('group_of_products/index.html.twig', [ - 'group_of_products' => $groupOfProductsRepository->findAll(), + 'group_of_products' => $groupOfProducts, ]); } diff --git a/src/Controller/ProductController.php b/src/Controller/ProductController.php index 65106ba6..7f77467d 100644 --- a/src/Controller/ProductController.php +++ b/src/Controller/ProductController.php @@ -17,8 +17,18 @@ final class ProductController extends AbstractController #[Route(name: 'app_product_index', methods: ['GET'])] public function index(ProductRepository $productRepository): Response { + $userFound = $this->getUser(); + + if ($this->isGranted('ROLE_ADMIN')) { + $products = $productRepository->findAll(); + } else { + if (!$userFound) { + throw $this->createAccessDeniedException('Vous devez être connecté pour voir les produits.'); + } + $products = $productRepository->findBy(['user' => $userFound]); + } return $this->render('product/index.html.twig', [ - 'products' => $productRepository->findAll(), + 'products' => $products, ]); } diff --git a/src/Controller/SellingController.php b/src/Controller/SellingController.php index bacba716..0136dfb3 100644 --- a/src/Controller/SellingController.php +++ b/src/Controller/SellingController.php @@ -61,7 +61,10 @@ final class SellingController extends AbstractController public function edit(Request $request, Selling $selling, EntityManagerInterface $entityManager): Response { $userFound = $this->getUser(); - if (!$userFound || $selling->getUser() !== $userFound) { + if (!$userFound || !$this->isGranted('ROLE_ADMIN')) { + throw $this->createAccessDeniedException('Vous devez être administrateur pour modifier une vente.'); + } + elseif (!$userFound || $selling->getUser() !== $userFound) { throw $this->createAccessDeniedException('Vous n\'êtes pas autorisé à modifier cette vente.'); } @@ -83,6 +86,10 @@ final class SellingController extends AbstractController #[Route('/{id}', name: 'app_selling_delete', methods: ['POST'])] public function delete(Request $request, Selling $selling, EntityManagerInterface $entityManager): Response { + + if (!$this->isGranted('ROLE_ADMIN')) { + throw $this->createAccessDeniedException('Vous devez être administrateur pour supprimer une vente.'); + } if ($this->isCsrfTokenValid('delete'.$selling->getId(), $request->getPayload()->getString('_token'))) { $entityManager->remove($selling); $entityManager->flush(); diff --git a/templates/expense/index.html.twig b/templates/expense/index.html.twig index 70501b74..6baf24b1 100644 --- a/templates/expense/index.html.twig +++ b/templates/expense/index.html.twig @@ -3,8 +3,9 @@ {% block title %}Expense index{% endblock %} {% block body %} -

Expense index

+

Index des dépenses

+ Créer @@ -33,5 +34,5 @@
- Create new + Créer {% endblock %} diff --git a/templates/festival/index.html.twig b/templates/festival/index.html.twig index 5e3a6945..f46055a6 100644 --- a/templates/festival/index.html.twig +++ b/templates/festival/index.html.twig @@ -3,7 +3,7 @@ {% block title %}Festival index{% endblock %} {% block body %} -

Festival index

+

Index des Festivals

@@ -56,5 +56,5 @@
- Create new + Créer {% endblock %} diff --git a/templates/group_of_products/index.html.twig b/templates/group_of_products/index.html.twig index ad1eba20..173b6485 100644 --- a/templates/group_of_products/index.html.twig +++ b/templates/group_of_products/index.html.twig @@ -3,8 +3,9 @@ {% block title %}GroupOfProducts index{% endblock %} {% block body %} -

GroupOfProducts index

+

Index des groupes de produits (ou catégories)

+ Créer @@ -31,5 +32,5 @@
- Create new + Créer {% endblock %} diff --git a/templates/logged/history.html.twig b/templates/logged/history.html.twig index d3310a9e..7c703ea0 100755 --- a/templates/logged/history.html.twig +++ b/templates/logged/history.html.twig @@ -132,9 +132,15 @@ {{ vente.sum }} - - + {% if is_granted('ROLE_ADMIN') %} + + + + {% endif %} + + {% endfor %} diff --git a/templates/product/index.html.twig b/templates/product/index.html.twig index 02eec5c0..98a0ad29 100644 --- a/templates/product/index.html.twig +++ b/templates/product/index.html.twig @@ -5,7 +5,8 @@ {% block body %} -

Product index

+

Index des produits

+ Créer @@ -47,5 +48,5 @@
- Create new + Créer {% endblock %} diff --git a/templates/selling/index.html.twig b/templates/selling/index.html.twig index 51b43d3f..ce2a8eb7 100644 --- a/templates/selling/index.html.twig +++ b/templates/selling/index.html.twig @@ -35,5 +35,5 @@ - Create new + Créer {% endblock %} diff --git a/templates/selling/show.html.twig b/templates/selling/show.html.twig index 6cafe071..4d3d5d17 100644 --- a/templates/selling/show.html.twig +++ b/templates/selling/show.html.twig @@ -17,18 +17,56 @@ Sum - {{ selling.sum }} + {{ selling.sum }} € Reduction - {{ selling.reduction }} + {{ selling.reduction }} € + + Date + {{ selling.date ? selling.date|date('Y-m-d H:i:s') : '' }} + + + Comment + {{ selling.note }} + + + Festival + + {% if selling.festival %} + + {{ selling.festival.name }}, + {{ selling.festival.dateStart|date('d/m/Y') }} - {{ selling.festival.dateEnd|date('d/m/Y') }} + + {% else %} + Aucun festival associé + {% endif %} + + + + Products + + + + - back to list + back to list - edit + edit + + {% if is_granted('ROLE_ADMIN') %} + {{ include('selling/_delete_form.html.twig') }} + {% endif %} - {{ include('selling/_delete_form.html.twig') }} {% endblock %} diff --git a/templates/serie_festival/index.html.twig b/templates/serie_festival/index.html.twig index e9723a21..818f2f79 100644 --- a/templates/serie_festival/index.html.twig +++ b/templates/serie_festival/index.html.twig @@ -35,5 +35,5 @@ - Create new + Créer {% endblock %}