limit crud access

This commit is contained in:
Kayn Ty 2018-05-04 17:22:49 +02:00
parent e8b4e5fe10
commit b82b13e267
5 changed files with 263 additions and 222 deletions

View File

@ -67,6 +67,10 @@ class FestivalController extends Controller {
*/
public function showAction( Festival $festival ) {
$deleteForm = $this->createDeleteForm( $festival );
if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
return $this->render( 'festival/show.html.twig',
[

View File

@ -3,9 +3,9 @@
namespace AppBundle\Controller;
use AppBundle\Entity\ProductCategory;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/**
@ -85,7 +85,12 @@ class ProductCategoryController extends Controller {
* @Method({"GET", "POST"})
*/
public function editAction( Request $request, ProductCategory $productCategory ) {
if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$deleteForm = $this->createDeleteForm( $productCategory );
$currentUser = $this->getUser();
$productCategory->setUsers( [ $currentUser ] );
$editForm = $this->createForm( 'AppBundle\Form\ProductCategoryType', $productCategory );
$editForm->handleRequest( $request );
@ -115,6 +120,9 @@ class ProductCategoryController extends Controller {
$form->handleRequest( $request );
if ( $form->isSubmitted() && $form->isValid() ) {
if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$em = $this->getDoctrine()->getManager();
$em->remove( $productCategory );
$em->flush();

View File

@ -3,32 +3,32 @@
namespace AppBundle\Controller;
use AppBundle\Entity\Product;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/**
* Product controller.
*
* @Route("product")
*/
class ProductController extends Controller
{
class ProductController extends Controller {
/**
* Lists all product entities.
*
* @Route("/", name="product_index")
* @Method("GET")
*/
public function indexAction()
{
public function indexAction() {
$em = $this->getDoctrine()->getManager();
$products = $em->getRepository( 'AppBundle:Product' )->findByUser( $this->getUser() );
return $this->render('product/index.html.twig', array(
return $this->render( 'product/index.html.twig',
[
'products' => $products,
));
] );
}
/**
@ -37,8 +37,7 @@ class ProductController extends Controller
* @Route("/new", name="product_new")
* @Method({"GET", "POST"})
*/
public function newAction(Request $request)
{
public function newAction( Request $request ) {
$product = new Product();
$product->setUser( $this->getUser() );
$form = $this->createForm( 'AppBundle\Form\ProductType', $product );
@ -49,13 +48,14 @@ class ProductController extends Controller
$em->persist( $product );
$em->flush();
return $this->redirectToRoute('product_show', array('id' => $product->getId()));
return $this->redirectToRoute( 'product_show', [ 'id' => $product->getId() ] );
}
return $this->render('product/new.html.twig', array(
return $this->render( 'product/new.html.twig',
[
'product' => $product,
'form' => $form->createView(),
));
] );
}
/**
@ -64,14 +64,18 @@ class ProductController extends Controller
* @Route("/{id}", name="product_show")
* @Method("GET")
*/
public function showAction(Product $product)
{
public function showAction( Product $product ) {
$deleteForm = $this->createDeleteForm( $product );
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
return $this->render('product/show.html.twig', array(
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
return $this->render( 'product/show.html.twig',
[
'product' => $product,
'delete_form' => $deleteForm->createView(),
));
] );
}
/**
@ -80,8 +84,13 @@ class ProductController extends Controller
* @Route("/{id}/edit", name="product_edit")
* @Method({"GET", "POST"})
*/
public function editAction(Request $request, Product $product)
{
public function editAction( Request $request, Product $product ) {
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$deleteForm = $this->createDeleteForm( $product );
$editForm = $this->createForm( 'AppBundle\Form\ProductType', $product );
$editForm->handleRequest( $request );
@ -89,14 +98,15 @@ class ProductController extends Controller
if ( $editForm->isSubmitted() && $editForm->isValid() ) {
$this->getDoctrine()->getManager()->flush();
return $this->redirectToRoute('product_edit', array('id' => $product->getId()));
return $this->redirectToRoute( 'product_edit', [ 'id' => $product->getId() ] );
}
return $this->render('product/edit.html.twig', array(
return $this->render( 'product/edit.html.twig',
[
'product' => $product,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
));
] );
}
/**
@ -105,12 +115,15 @@ class ProductController extends Controller
* @Route("/{id}", name="product_delete")
* @Method("DELETE")
*/
public function deleteAction(Request $request, Product $product)
{
public function deleteAction( Request $request, Product $product ) {
$form = $this->createDeleteForm( $product );
$form->handleRequest( $request );
if ( $form->isSubmitted() && $form->isValid() ) {
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$em = $this->getDoctrine()->getManager();
$em->remove( $product );
$em->flush();
@ -126,12 +139,10 @@ class ProductController extends Controller
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm(Product $product)
{
private function createDeleteForm( Product $product ) {
return $this->createFormBuilder()
->setAction($this->generateUrl('product_delete', array('id' => $product->getId())))
->setAction( $this->generateUrl( 'product_delete', [ 'id' => $product->getId() ] ) )
->setMethod( 'DELETE' )
->getForm()
;
->getForm();
}
}

View File

@ -3,32 +3,32 @@
namespace AppBundle\Controller;
use AppBundle\Entity\SellRecord;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/**
* Sellrecord controller.
*
* @Route("sellrecord")
*/
class SellRecordController extends Controller
{
class SellRecordController extends Controller {
/**
* Lists all sellRecord entities.
*
* @Route("/", name="sellrecord_index")
* @Method("GET")
*/
public function indexAction()
{
public function indexAction() {
$em = $this->getDoctrine()->getManager();
$sellRecords = $em->getRepository( 'AppBundle:SellRecord' )->findByUser( $this->getUser() );
return $this->render('sellrecord/index.html.twig', array(
return $this->render( 'sellrecord/index.html.twig',
[
'sellRecords' => $sellRecords,
));
] );
}
/**
@ -37,8 +37,7 @@ class SellRecordController extends Controller
* @Route("/new", name="sellrecord_new")
* @Method({"GET", "POST"})
*/
public function newAction(Request $request)
{
public function newAction( Request $request ) {
$sellRecord = new Sellrecord();
$sellRecord->setUser( $this->getUser() );
$form = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord );
@ -49,13 +48,14 @@ class SellRecordController extends Controller
$em->persist( $sellRecord );
$em->flush();
return $this->redirectToRoute('sellrecord_show', array('date' => $sellRecord->getDate()));
return $this->redirectToRoute( 'sellrecord_show', [ 'date' => $sellRecord->getDate() ] );
}
return $this->render('sellrecord/new.html.twig', array(
return $this->render( 'sellrecord/new.html.twig',
[
'sellRecord' => $sellRecord,
'form' => $form->createView(),
));
] );
}
/**
@ -64,14 +64,17 @@ class SellRecordController extends Controller
* @Route("/{date}", name="sellrecord_show")
* @Method("GET")
*/
public function showAction(SellRecord $sellRecord)
{
public function showAction( SellRecord $sellRecord ) {
$deleteForm = $this->createDeleteForm( $sellRecord );
if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
return $this->render('sellrecord/show.html.twig', array(
return $this->render( 'sellrecord/show.html.twig',
[
'sellRecord' => $sellRecord,
'delete_form' => $deleteForm->createView(),
));
] );
}
/**
@ -80,8 +83,10 @@ class SellRecordController extends Controller
* @Route("/{date}/edit", name="sellrecord_edit")
* @Method({"GET", "POST"})
*/
public function editAction(Request $request, SellRecord $sellRecord)
{
public function editAction( Request $request, SellRecord $sellRecord ) {
if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$deleteForm = $this->createDeleteForm( $sellRecord );
$editForm = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord );
$editForm->handleRequest( $request );
@ -89,14 +94,15 @@ class SellRecordController extends Controller
if ( $editForm->isSubmitted() && $editForm->isValid() ) {
$this->getDoctrine()->getManager()->flush();
return $this->redirectToRoute('sellrecord_edit', array('date' => $sellRecord->getDate()));
return $this->redirectToRoute( 'sellrecord_edit', [ 'date' => $sellRecord->getDate() ] );
}
return $this->render('sellrecord/edit.html.twig', array(
return $this->render( 'sellrecord/edit.html.twig',
[
'sellRecord' => $sellRecord,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
));
] );
}
/**
@ -105,8 +111,7 @@ class SellRecordController extends Controller
* @Route("/{date}", name="sellrecord_delete")
* @Method("DELETE")
*/
public function deleteAction(Request $request, SellRecord $sellRecord)
{
public function deleteAction( Request $request, SellRecord $sellRecord ) {
$form = $this->createDeleteForm( $sellRecord );
$form->handleRequest( $request );
@ -126,12 +131,10 @@ class SellRecordController extends Controller
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm(SellRecord $sellRecord)
{
private function createDeleteForm( SellRecord $sellRecord ) {
return $this->createFormBuilder()
->setAction($this->generateUrl('sellrecord_delete', array('date' => $sellRecord->getDate())))
->setAction( $this->generateUrl( 'sellrecord_delete', [ 'date' => $sellRecord->getDate() ] ) )
->setMethod( 'DELETE' )
->getForm()
;
->getForm();
}
}

View File

@ -34,6 +34,21 @@ class ProductCategory {
return $this->getName() . ' (' . count( $this->getProducts() ) . ' produits)';
}
/**
* @param $userId
*
* @return bool
*/
public function hasUser( $userId ) {
foreach ( $this->getUsers() as $user ) {
if ( $user->getId() === $userId ) {
return true;
}
}
return false;
}
/**
* @return mixed
*/