restrict user on deletion

This commit is contained in:
Kayn Ty 2018-05-09 09:50:06 +02:00
parent 772d9e4f4a
commit 2187d9ab7a
5 changed files with 13 additions and 2 deletions

View File

@ -57,7 +57,7 @@
btn-success
{% else %}
btn-default
{% endif %}" href="{{ path('festival_index') }}"
{% endif %}" href='{{ path('festival_index') }}'
data-toggle="tab">
<i class="fa fa-th-large"></i>
Festivals

View File

@ -68,7 +68,6 @@ class FestivalController extends Controller {
public function showAction( Festival $festival ) {
$deleteForm = $this->createDeleteForm( $festival );
if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
@ -111,6 +110,9 @@ class FestivalController extends Controller {
* @Method("DELETE")
*/
public function deleteAction( Request $request, Festival $festival ) {
if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$form = $this->createDeleteForm( $festival );
$form->handleRequest( $request );

View File

@ -116,6 +116,9 @@ class ProductCategoryController extends Controller {
* @Method("DELETE")
*/
public function deleteAction( Request $request, ProductCategory $productCategory ) {
if ( $productCategory->hasUser( $this->getUser()->getId() ) ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$form = $this->createDeleteForm( $productCategory );
$form->handleRequest( $request );

View File

@ -116,6 +116,9 @@ class ProductController extends Controller {
* @Method("DELETE")
*/
public function deleteAction( Request $request, Product $product ) {
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$form = $this->createDeleteForm( $product );
$form->handleRequest( $request );

View File

@ -112,6 +112,9 @@ class SellRecordController extends Controller {
* @Method("DELETE")
*/
public function deleteAction( Request $request, SellRecord $sellRecord ) {
if ( $sellRecord->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$form = $this->createDeleteForm( $sellRecord );
$form->handleRequest( $request );