restrict user on deletion
This commit is contained in:
parent
772d9e4f4a
commit
2187d9ab7a
@ -57,7 +57,7 @@
|
||||
btn-success
|
||||
{% else %}
|
||||
btn-default
|
||||
{% endif %}" href="{{ path('festival_index') }}"
|
||||
{% endif %}" href='{{ path('festival_index') }}'
|
||||
data-toggle="tab">
|
||||
<i class="fa fa-th-large"></i>
|
||||
Festivals
|
||||
|
@ -68,7 +68,6 @@ class FestivalController extends Controller {
|
||||
public function showAction( Festival $festival ) {
|
||||
$deleteForm = $this->createDeleteForm( $festival );
|
||||
if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
|
||||
|
||||
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
|
||||
}
|
||||
|
||||
@ -111,6 +110,9 @@ class FestivalController extends Controller {
|
||||
* @Method("DELETE")
|
||||
*/
|
||||
public function deleteAction( Request $request, Festival $festival ) {
|
||||
if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
|
||||
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
|
||||
}
|
||||
$form = $this->createDeleteForm( $festival );
|
||||
$form->handleRequest( $request );
|
||||
|
||||
|
@ -116,6 +116,9 @@ class ProductCategoryController extends Controller {
|
||||
* @Method("DELETE")
|
||||
*/
|
||||
public function deleteAction( Request $request, ProductCategory $productCategory ) {
|
||||
if ( $productCategory->hasUser( $this->getUser()->getId() ) ) {
|
||||
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
|
||||
}
|
||||
$form = $this->createDeleteForm( $productCategory );
|
||||
$form->handleRequest( $request );
|
||||
|
||||
|
@ -116,6 +116,9 @@ class ProductController extends Controller {
|
||||
* @Method("DELETE")
|
||||
*/
|
||||
public function deleteAction( Request $request, Product $product ) {
|
||||
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
|
||||
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
|
||||
}
|
||||
$form = $this->createDeleteForm( $product );
|
||||
$form->handleRequest( $request );
|
||||
|
||||
|
@ -112,6 +112,9 @@ class SellRecordController extends Controller {
|
||||
* @Method("DELETE")
|
||||
*/
|
||||
public function deleteAction( Request $request, SellRecord $sellRecord ) {
|
||||
if ( $sellRecord->getUser()->getId() !== $this->getUser()->getId() ) {
|
||||
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
|
||||
}
|
||||
$form = $this->createDeleteForm( $sellRecord );
|
||||
$form->handleRequest( $request );
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user