From 3159adcdcae09ad4303a176e0c6f3df8be4ff929 Mon Sep 17 00:00:00 2001 From: Kayn Ty Date: Thu, 24 May 2018 11:07:20 +0200 Subject: [PATCH] separate things of user in forms --- src/AppBundle/Controller/FestivalController.php | 3 +-- src/AppBundle/Controller/ProductCategoryController.php | 4 +++- src/AppBundle/Controller/ProductController.php | 6 ++++-- src/AppBundle/Controller/SellRecordController.php | 6 ++++-- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/AppBundle/Controller/FestivalController.php b/src/AppBundle/Controller/FestivalController.php index e9cec3d0..232d5cfe 100755 --- a/src/AppBundle/Controller/FestivalController.php +++ b/src/AppBundle/Controller/FestivalController.php @@ -21,9 +21,8 @@ class FestivalController extends Controller { * @Method("GET") */ public function indexAction() { - $em = $this->getDoctrine()->getManager(); - $festivals = $em->getRepository( 'AppBundle:Festival' )->findByUser( $this->getUser() ); + $festivals = $this->getUser()->getFestivals(); return $this->render( 'festival/index.html.twig', [ diff --git a/src/AppBundle/Controller/ProductCategoryController.php b/src/AppBundle/Controller/ProductCategoryController.php index 3cc83c74..721c4b4d 100755 --- a/src/AppBundle/Controller/ProductCategoryController.php +++ b/src/AppBundle/Controller/ProductCategoryController.php @@ -21,7 +21,6 @@ class ProductCategoryController extends Controller { * @Method("GET") */ public function indexAction() { - $em = $this->getDoctrine()->getManager(); $currentUser = $this->getUser(); $productCategories = $currentUser->getCategories(); @@ -69,6 +68,9 @@ class ProductCategoryController extends Controller { * @Method("GET") */ public function showAction( ProductCategory $productCategory ) { + if ( $productCategory->getUser()->getId() !== $this->getUser()->getId() ) { + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } $deleteForm = $this->createDeleteForm( $productCategory ); return $this->render( 'productcategory/show.html.twig', diff --git a/src/AppBundle/Controller/ProductController.php b/src/AppBundle/Controller/ProductController.php index 2ac2ecb5..d937740f 100755 --- a/src/AppBundle/Controller/ProductController.php +++ b/src/AppBundle/Controller/ProductController.php @@ -21,9 +21,8 @@ class ProductController extends Controller { * @Method("GET") */ public function indexAction() { - $em = $this->getDoctrine()->getManager(); - $products = $em->getRepository( 'AppBundle:Product' )->findByUser( $this->getUser() ); + $products = $this->getUser()->getProducts(); return $this->render( 'product/index.html.twig', [ @@ -65,6 +64,9 @@ class ProductController extends Controller { * @Method("GET") */ public function showAction( Product $product ) { + if ( $product->getUser()->getId() !== $this->getUser()->getId() ) { + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } $deleteForm = $this->createDeleteForm( $product ); if ( $product->getUser()->getId() !== $this->getUser()->getId() ) { diff --git a/src/AppBundle/Controller/SellRecordController.php b/src/AppBundle/Controller/SellRecordController.php index c1da32ed..dccab82f 100755 --- a/src/AppBundle/Controller/SellRecordController.php +++ b/src/AppBundle/Controller/SellRecordController.php @@ -21,9 +21,8 @@ class SellRecordController extends Controller { * @Method("GET") */ public function indexAction() { - $em = $this->getDoctrine()->getManager(); - $sellRecords = $em->getRepository( 'AppBundle:SellRecord' )->findByUser( $this->getUser() ); + $sellRecords = $this->getUser()->getProductsSold(); return $this->render( 'sellrecord/index.html.twig', [ @@ -65,6 +64,9 @@ class SellRecordController extends Controller { * @Method("GET") */ public function showAction( SellRecord $sellRecord ) { + if ( $sellRecord->getUser()->getId() !== $this->getUser()->getId() ) { + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } $deleteForm = $this->createDeleteForm( $sellRecord ); if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) { $this->denyAccessUnlessGranted( 'ROLE_ADMIN' );