restrict user on deletion

2018-05-09 09:50:06 +02:00 · 2018-05-09 09:50:06 +02:00 · 2187d9ab7a
commit 2187d9ab7a
parent 772d9e4f4a
5 changed files with 13 additions and 2 deletions
--- a/app/Resources/views/default/login-choices.html.twig
+++ b/app/Resources/views/default/login-choices.html.twig
@ -57,7 +57,7 @@
                                            btn-success
                                        {% else %}
                                            btn-default
-                                        {% endif %}" href="{{ path('festival_index') }}"
+                                        {% endif %}" href='{{ path('festival_index') }}'
                                            data-toggle="tab">
                                        <i class="fa fa-th-large"></i>
                                        Festivals
--- a/src/AppBundle/Controller/FestivalController.php
+++ b/src/AppBundle/Controller/FestivalController.php
@ -68,7 +68,6 @@ class FestivalController extends Controller {
 	public function showAction( Festival $festival ) {
 		$deleteForm = $this->createDeleteForm( $festival );
 		if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
-
 			$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
 		}

@ -111,6 +110,9 @@ class FestivalController extends Controller {
 	 * @Method("DELETE")
 	 */
 	public function deleteAction( Request $request, Festival $festival ) {
+		if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
+			$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
+		}
 		$form = $this->createDeleteForm( $festival );
 		$form->handleRequest( $request );

--- a/src/AppBundle/Controller/ProductCategoryController.php
+++ b/src/AppBundle/Controller/ProductCategoryController.php
@ -116,6 +116,9 @@ class ProductCategoryController extends Controller {
 	 * @Method("DELETE")
 	 */
 	public function deleteAction( Request $request, ProductCategory $productCategory ) {
+		if ( $productCategory->hasUser( $this->getUser()->getId() ) ) {
+			$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
+		}
 		$form = $this->createDeleteForm( $productCategory );
 		$form->handleRequest( $request );

--- a/src/AppBundle/Controller/ProductController.php
+++ b/src/AppBundle/Controller/ProductController.php
@ -116,6 +116,9 @@ class ProductController extends Controller {
 	 * @Method("DELETE")
 	 */
 	public function deleteAction( Request $request, Product $product ) {
+		if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
+			$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
+		}
 		$form = $this->createDeleteForm( $product );
 		$form->handleRequest( $request );

--- a/src/AppBundle/Controller/SellRecordController.php
+++ b/src/AppBundle/Controller/SellRecordController.php
@ -112,6 +112,9 @@ class SellRecordController extends Controller {
 	 * @Method("DELETE")
 	 */
 	public function deleteAction( Request $request, SellRecord $sellRecord ) {
+		if ( $sellRecord->getUser()->getId() !== $this->getUser()->getId() ) {
+			$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
+		}
 		$form = $this->createDeleteForm( $sellRecord );
 		$form->handleRequest( $request );