limit crud access

This commit is contained in:
Kayn Ty 2018-05-04 17:22:49 +02:00
parent e8b4e5fe10
commit b82b13e267
5 changed files with 263 additions and 222 deletions

View File

@ -23,7 +23,7 @@ class FestivalController extends Controller {
public function indexAction() { public function indexAction() {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$festivals = $em->getRepository( 'AppBundle:Festival' )->findByUser($this->getUser() ); $festivals = $em->getRepository( 'AppBundle:Festival' )->findByUser( $this->getUser() );
return $this->render( 'festival/index.html.twig', return $this->render( 'festival/index.html.twig',
[ [
@ -40,7 +40,7 @@ class FestivalController extends Controller {
public function newAction( Request $request ) { public function newAction( Request $request ) {
$festival = new Festival(); $festival = new Festival();
$festival->setUser( $this->getUser() ); $festival->setUser( $this->getUser() );
$festival->setDateCreation(new \DateTime()); $festival->setDateCreation( new \DateTime() );
$form = $this->createForm( 'AppBundle\Form\FestivalType', $festival ); $form = $this->createForm( 'AppBundle\Form\FestivalType', $festival );
$form->handleRequest( $request ); $form->handleRequest( $request );
@ -67,6 +67,10 @@ class FestivalController extends Controller {
*/ */
public function showAction( Festival $festival ) { public function showAction( Festival $festival ) {
$deleteForm = $this->createDeleteForm( $festival ); $deleteForm = $this->createDeleteForm( $festival );
if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
return $this->render( 'festival/show.html.twig', return $this->render( 'festival/show.html.twig',
[ [

View File

@ -3,9 +3,9 @@
namespace AppBundle\Controller; namespace AppBundle\Controller;
use AppBundle\Entity\ProductCategory; use AppBundle\Entity\ProductCategory;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
/** /**
@ -23,7 +23,7 @@ class ProductCategoryController extends Controller {
public function indexAction() { public function indexAction() {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$currentUser = $this->getUser(); $currentUser = $this->getUser();
$productCategories = $currentUser->getCategories(); $productCategories = $currentUser->getCategories();
return $this->render( 'productcategory/index.html.twig', return $this->render( 'productcategory/index.html.twig',
@ -85,9 +85,14 @@ class ProductCategoryController extends Controller {
* @Method({"GET", "POST"}) * @Method({"GET", "POST"})
*/ */
public function editAction( Request $request, ProductCategory $productCategory ) { public function editAction( Request $request, ProductCategory $productCategory ) {
$deleteForm = $this->createDeleteForm( $productCategory ); if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$deleteForm = $this->createDeleteForm( $productCategory );
$currentUser = $this->getUser();
$productCategory->setUsers( [ $currentUser ] ); $productCategory->setUsers( [ $currentUser ] );
$editForm = $this->createForm( 'AppBundle\Form\ProductCategoryType', $productCategory ); $editForm = $this->createForm( 'AppBundle\Form\ProductCategoryType', $productCategory );
$editForm->handleRequest( $request ); $editForm->handleRequest( $request );
if ( $editForm->isSubmitted() && $editForm->isValid() ) { if ( $editForm->isSubmitted() && $editForm->isValid() ) {
@ -115,6 +120,9 @@ class ProductCategoryController extends Controller {
$form->handleRequest( $request ); $form->handleRequest( $request );
if ( $form->isSubmitted() && $form->isValid() ) { if ( $form->isSubmitted() && $form->isValid() ) {
if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$em->remove( $productCategory ); $em->remove( $productCategory );
$em->flush(); $em->flush();

View File

@ -3,135 +3,146 @@
namespace AppBundle\Controller; namespace AppBundle\Controller;
use AppBundle\Entity\Product; use AppBundle\Entity\Product;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/** /**
* Product controller. * Product controller.
* *
* @Route("product") * @Route("product")
*/ */
class ProductController extends Controller class ProductController extends Controller {
{ /**
/** * Lists all product entities.
* Lists all product entities. *
* * @Route("/", name="product_index")
* @Route("/", name="product_index") * @Method("GET")
* @Method("GET") */
*/ public function indexAction() {
public function indexAction() $em = $this->getDoctrine()->getManager();
{
$em = $this->getDoctrine()->getManager();
$products = $em->getRepository('AppBundle:Product')->findByUser($this->getUser() ); $products = $em->getRepository( 'AppBundle:Product' )->findByUser( $this->getUser() );
return $this->render('product/index.html.twig', array( return $this->render( 'product/index.html.twig',
'products' => $products, [
)); 'products' => $products,
} ] );
}
/** /**
* Creates a new product entity. * Creates a new product entity.
* *
* @Route("/new", name="product_new") * @Route("/new", name="product_new")
* @Method({"GET", "POST"}) * @Method({"GET", "POST"})
*/ */
public function newAction(Request $request) public function newAction( Request $request ) {
{ $product = new Product();
$product = new Product(); $product->setUser( $this->getUser() );
$product->setUser($this->getUser()); $form = $this->createForm( 'AppBundle\Form\ProductType', $product );
$form = $this->createForm('AppBundle\Form\ProductType', $product); $form->handleRequest( $request );
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) { if ( $form->isSubmitted() && $form->isValid() ) {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$em->persist($product); $em->persist( $product );
$em->flush(); $em->flush();
return $this->redirectToRoute('product_show', array('id' => $product->getId())); return $this->redirectToRoute( 'product_show', [ 'id' => $product->getId() ] );
} }
return $this->render('product/new.html.twig', array( return $this->render( 'product/new.html.twig',
'product' => $product, [
'form' => $form->createView(), 'product' => $product,
)); 'form' => $form->createView(),
} ] );
}
/** /**
* Finds and displays a product entity. * Finds and displays a product entity.
* *
* @Route("/{id}", name="product_show") * @Route("/{id}", name="product_show")
* @Method("GET") * @Method("GET")
*/ */
public function showAction(Product $product) public function showAction( Product $product ) {
{ $deleteForm = $this->createDeleteForm( $product );
$deleteForm = $this->createDeleteForm($product); if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
return $this->render('product/show.html.twig', array( $this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
'product' => $product, }
'delete_form' => $deleteForm->createView(),
));
}
/** return $this->render( 'product/show.html.twig',
* Displays a form to edit an existing product entity. [
* 'product' => $product,
* @Route("/{id}/edit", name="product_edit") 'delete_form' => $deleteForm->createView(),
* @Method({"GET", "POST"}) ] );
*/ }
public function editAction(Request $request, Product $product)
{
$deleteForm = $this->createDeleteForm($product);
$editForm = $this->createForm('AppBundle\Form\ProductType', $product);
$editForm->handleRequest($request);
if ($editForm->isSubmitted() && $editForm->isValid()) { /**
$this->getDoctrine()->getManager()->flush(); * Displays a form to edit an existing product entity.
*
* @Route("/{id}/edit", name="product_edit")
* @Method({"GET", "POST"})
*/
public function editAction( Request $request, Product $product ) {
return $this->redirectToRoute('product_edit', array('id' => $product->getId())); if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
}
return $this->render('product/edit.html.twig', array( $this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
'product' => $product, }
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
));
}
/** $deleteForm = $this->createDeleteForm( $product );
* Deletes a product entity. $editForm = $this->createForm( 'AppBundle\Form\ProductType', $product );
* $editForm->handleRequest( $request );
* @Route("/{id}", name="product_delete")
* @Method("DELETE")
*/
public function deleteAction(Request $request, Product $product)
{
$form = $this->createDeleteForm($product);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) { if ( $editForm->isSubmitted() && $editForm->isValid() ) {
$em = $this->getDoctrine()->getManager(); $this->getDoctrine()->getManager()->flush();
$em->remove($product);
$em->flush();
}
return $this->redirectToRoute('product_index'); return $this->redirectToRoute( 'product_edit', [ 'id' => $product->getId() ] );
} }
/** return $this->render( 'product/edit.html.twig',
* Creates a form to delete a product entity. [
* 'product' => $product,
* @param Product $product The product entity 'edit_form' => $editForm->createView(),
* 'delete_form' => $deleteForm->createView(),
* @return \Symfony\Component\Form\Form The form ] );
*/ }
private function createDeleteForm(Product $product)
{ /**
return $this->createFormBuilder() * Deletes a product entity.
->setAction($this->generateUrl('product_delete', array('id' => $product->getId()))) *
->setMethod('DELETE') * @Route("/{id}", name="product_delete")
->getForm() * @Method("DELETE")
; */
} public function deleteAction( Request $request, Product $product ) {
$form = $this->createDeleteForm( $product );
$form->handleRequest( $request );
if ( $form->isSubmitted() && $form->isValid() ) {
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$em = $this->getDoctrine()->getManager();
$em->remove( $product );
$em->flush();
}
return $this->redirectToRoute( 'product_index' );
}
/**
* Creates a form to delete a product entity.
*
* @param Product $product The product entity
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm( Product $product ) {
return $this->createFormBuilder()
->setAction( $this->generateUrl( 'product_delete', [ 'id' => $product->getId() ] ) )
->setMethod( 'DELETE' )
->getForm();
}
} }

View File

@ -3,135 +3,138 @@
namespace AppBundle\Controller; namespace AppBundle\Controller;
use AppBundle\Entity\SellRecord; use AppBundle\Entity\SellRecord;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/** /**
* Sellrecord controller. * Sellrecord controller.
* *
* @Route("sellrecord") * @Route("sellrecord")
*/ */
class SellRecordController extends Controller class SellRecordController extends Controller {
{ /**
/** * Lists all sellRecord entities.
* Lists all sellRecord entities. *
* * @Route("/", name="sellrecord_index")
* @Route("/", name="sellrecord_index") * @Method("GET")
* @Method("GET") */
*/ public function indexAction() {
public function indexAction() $em = $this->getDoctrine()->getManager();
{
$em = $this->getDoctrine()->getManager();
$sellRecords = $em->getRepository('AppBundle:SellRecord')->findByUser($this->getUser() ); $sellRecords = $em->getRepository( 'AppBundle:SellRecord' )->findByUser( $this->getUser() );
return $this->render('sellrecord/index.html.twig', array( return $this->render( 'sellrecord/index.html.twig',
'sellRecords' => $sellRecords, [
)); 'sellRecords' => $sellRecords,
} ] );
}
/** /**
* Creates a new sellRecord entity. * Creates a new sellRecord entity.
* *
* @Route("/new", name="sellrecord_new") * @Route("/new", name="sellrecord_new")
* @Method({"GET", "POST"}) * @Method({"GET", "POST"})
*/ */
public function newAction(Request $request) public function newAction( Request $request ) {
{ $sellRecord = new Sellrecord();
$sellRecord = new Sellrecord(); $sellRecord->setUser( $this->getUser() );
$sellRecord->setUser($this->getUser()); $form = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord );
$form = $this->createForm('AppBundle\Form\SellRecordType', $sellRecord); $form->handleRequest( $request );
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) { if ( $form->isSubmitted() && $form->isValid() ) {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$em->persist($sellRecord); $em->persist( $sellRecord );
$em->flush(); $em->flush();
return $this->redirectToRoute('sellrecord_show', array('date' => $sellRecord->getDate())); return $this->redirectToRoute( 'sellrecord_show', [ 'date' => $sellRecord->getDate() ] );
} }
return $this->render('sellrecord/new.html.twig', array( return $this->render( 'sellrecord/new.html.twig',
'sellRecord' => $sellRecord, [
'form' => $form->createView(), 'sellRecord' => $sellRecord,
)); 'form' => $form->createView(),
} ] );
}
/** /**
* Finds and displays a sellRecord entity. * Finds and displays a sellRecord entity.
* *
* @Route("/{date}", name="sellrecord_show") * @Route("/{date}", name="sellrecord_show")
* @Method("GET") * @Method("GET")
*/ */
public function showAction(SellRecord $sellRecord) public function showAction( SellRecord $sellRecord ) {
{ $deleteForm = $this->createDeleteForm( $sellRecord );
$deleteForm = $this->createDeleteForm($sellRecord); if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
return $this->render('sellrecord/show.html.twig', array( return $this->render( 'sellrecord/show.html.twig',
'sellRecord' => $sellRecord, [
'delete_form' => $deleteForm->createView(), 'sellRecord' => $sellRecord,
)); 'delete_form' => $deleteForm->createView(),
} ] );
}
/** /**
* Displays a form to edit an existing sellRecord entity. * Displays a form to edit an existing sellRecord entity.
* *
* @Route("/{date}/edit", name="sellrecord_edit") * @Route("/{date}/edit", name="sellrecord_edit")
* @Method({"GET", "POST"}) * @Method({"GET", "POST"})
*/ */
public function editAction(Request $request, SellRecord $sellRecord) public function editAction( Request $request, SellRecord $sellRecord ) {
{ if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) {
$deleteForm = $this->createDeleteForm($sellRecord); $this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
$editForm = $this->createForm('AppBundle\Form\SellRecordType', $sellRecord); }
$editForm->handleRequest($request); $deleteForm = $this->createDeleteForm( $sellRecord );
$editForm = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord );
$editForm->handleRequest( $request );
if ($editForm->isSubmitted() && $editForm->isValid()) { if ( $editForm->isSubmitted() && $editForm->isValid() ) {
$this->getDoctrine()->getManager()->flush(); $this->getDoctrine()->getManager()->flush();
return $this->redirectToRoute('sellrecord_edit', array('date' => $sellRecord->getDate())); return $this->redirectToRoute( 'sellrecord_edit', [ 'date' => $sellRecord->getDate() ] );
} }
return $this->render('sellrecord/edit.html.twig', array( return $this->render( 'sellrecord/edit.html.twig',
'sellRecord' => $sellRecord, [
'edit_form' => $editForm->createView(), 'sellRecord' => $sellRecord,
'delete_form' => $deleteForm->createView(), 'edit_form' => $editForm->createView(),
)); 'delete_form' => $deleteForm->createView(),
} ] );
}
/** /**
* Deletes a sellRecord entity. * Deletes a sellRecord entity.
* *
* @Route("/{date}", name="sellrecord_delete") * @Route("/{date}", name="sellrecord_delete")
* @Method("DELETE") * @Method("DELETE")
*/ */
public function deleteAction(Request $request, SellRecord $sellRecord) public function deleteAction( Request $request, SellRecord $sellRecord ) {
{ $form = $this->createDeleteForm( $sellRecord );
$form = $this->createDeleteForm($sellRecord); $form->handleRequest( $request );
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) { if ( $form->isSubmitted() && $form->isValid() ) {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$em->remove($sellRecord); $em->remove( $sellRecord );
$em->flush(); $em->flush();
} }
return $this->redirectToRoute('sellrecord_index'); return $this->redirectToRoute( 'sellrecord_index' );
} }
/** /**
* Creates a form to delete a sellRecord entity. * Creates a form to delete a sellRecord entity.
* *
* @param SellRecord $sellRecord The sellRecord entity * @param SellRecord $sellRecord The sellRecord entity
* *
* @return \Symfony\Component\Form\Form The form * @return \Symfony\Component\Form\Form The form
*/ */
private function createDeleteForm(SellRecord $sellRecord) private function createDeleteForm( SellRecord $sellRecord ) {
{ return $this->createFormBuilder()
return $this->createFormBuilder() ->setAction( $this->generateUrl( 'sellrecord_delete', [ 'date' => $sellRecord->getDate() ] ) )
->setAction($this->generateUrl('sellrecord_delete', array('date' => $sellRecord->getDate()))) ->setMethod( 'DELETE' )
->setMethod('DELETE') ->getForm();
->getForm() }
;
}
} }

View File

@ -34,6 +34,21 @@ class ProductCategory {
return $this->getName() . ' (' . count( $this->getProducts() ) . ' produits)'; return $this->getName() . ' (' . count( $this->getProducts() ) . ' produits)';
} }
/**
* @param $userId
*
* @return bool
*/
public function hasUser( $userId ) {
foreach ( $this->getUsers() as $user ) {
if ( $user->getId() === $userId ) {
return true;
}
}
return false;
}
/** /**
* @return mixed * @return mixed
*/ */