From b82b13e267271ab75f0c157bc6acab11aa81ec13 Mon Sep 17 00:00:00 2001 From: Kayn Ty Date: Fri, 4 May 2018 17:22:49 +0200 Subject: [PATCH] limit crud access --- .../Controller/FestivalController.php | 8 +- .../Controller/ProductCategoryController.php | 16 +- .../Controller/ProductController.php | 227 +++++++++--------- .../Controller/SellRecordController.php | 219 ++++++++--------- src/AppBundle/Entity/ProductCategory.php | 15 ++ 5 files changed, 263 insertions(+), 222 deletions(-) diff --git a/src/AppBundle/Controller/FestivalController.php b/src/AppBundle/Controller/FestivalController.php index b3a75557..a8f51ae3 100755 --- a/src/AppBundle/Controller/FestivalController.php +++ b/src/AppBundle/Controller/FestivalController.php @@ -23,7 +23,7 @@ class FestivalController extends Controller { public function indexAction() { $em = $this->getDoctrine()->getManager(); - $festivals = $em->getRepository( 'AppBundle:Festival' )->findByUser($this->getUser() ); + $festivals = $em->getRepository( 'AppBundle:Festival' )->findByUser( $this->getUser() ); return $this->render( 'festival/index.html.twig', [ @@ -40,7 +40,7 @@ class FestivalController extends Controller { public function newAction( Request $request ) { $festival = new Festival(); $festival->setUser( $this->getUser() ); - $festival->setDateCreation(new \DateTime()); + $festival->setDateCreation( new \DateTime() ); $form = $this->createForm( 'AppBundle\Form\FestivalType', $festival ); $form->handleRequest( $request ); @@ -67,6 +67,10 @@ class FestivalController extends Controller { */ public function showAction( Festival $festival ) { $deleteForm = $this->createDeleteForm( $festival ); + if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) { + + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } return $this->render( 'festival/show.html.twig', [ diff --git a/src/AppBundle/Controller/ProductCategoryController.php b/src/AppBundle/Controller/ProductCategoryController.php index acb7f2e7..f15eb771 100755 --- a/src/AppBundle/Controller/ProductCategoryController.php +++ b/src/AppBundle/Controller/ProductCategoryController.php @@ -3,9 +3,9 @@ namespace AppBundle\Controller; use AppBundle\Entity\ProductCategory; -use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; +use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Component\HttpFoundation\Request; /** @@ -23,7 +23,7 @@ class ProductCategoryController extends Controller { public function indexAction() { $em = $this->getDoctrine()->getManager(); - $currentUser = $this->getUser(); + $currentUser = $this->getUser(); $productCategories = $currentUser->getCategories(); return $this->render( 'productcategory/index.html.twig', @@ -85,9 +85,14 @@ class ProductCategoryController extends Controller { * @Method({"GET", "POST"}) */ public function editAction( Request $request, ProductCategory $productCategory ) { - $deleteForm = $this->createDeleteForm( $productCategory ); + if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) { + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } + + $deleteForm = $this->createDeleteForm( $productCategory ); + $currentUser = $this->getUser(); $productCategory->setUsers( [ $currentUser ] ); - $editForm = $this->createForm( 'AppBundle\Form\ProductCategoryType', $productCategory ); + $editForm = $this->createForm( 'AppBundle\Form\ProductCategoryType', $productCategory ); $editForm->handleRequest( $request ); if ( $editForm->isSubmitted() && $editForm->isValid() ) { @@ -115,6 +120,9 @@ class ProductCategoryController extends Controller { $form->handleRequest( $request ); if ( $form->isSubmitted() && $form->isValid() ) { + if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) { + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } $em = $this->getDoctrine()->getManager(); $em->remove( $productCategory ); $em->flush(); diff --git a/src/AppBundle/Controller/ProductController.php b/src/AppBundle/Controller/ProductController.php index e90710e0..90e5e42b 100755 --- a/src/AppBundle/Controller/ProductController.php +++ b/src/AppBundle/Controller/ProductController.php @@ -3,135 +3,146 @@ namespace AppBundle\Controller; use AppBundle\Entity\Product; -use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; -use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request; +use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; +use Symfony\Bundle\FrameworkBundle\Controller\Controller; +use Symfony\Component\HttpFoundation\Request; /** * Product controller. * * @Route("product") */ -class ProductController extends Controller -{ - /** - * Lists all product entities. - * - * @Route("/", name="product_index") - * @Method("GET") - */ - public function indexAction() - { - $em = $this->getDoctrine()->getManager(); +class ProductController extends Controller { + /** + * Lists all product entities. + * + * @Route("/", name="product_index") + * @Method("GET") + */ + public function indexAction() { + $em = $this->getDoctrine()->getManager(); - $products = $em->getRepository('AppBundle:Product')->findByUser($this->getUser() ); + $products = $em->getRepository( 'AppBundle:Product' )->findByUser( $this->getUser() ); - return $this->render('product/index.html.twig', array( - 'products' => $products, - )); - } + return $this->render( 'product/index.html.twig', + [ + 'products' => $products, + ] ); + } - /** - * Creates a new product entity. - * - * @Route("/new", name="product_new") - * @Method({"GET", "POST"}) - */ - public function newAction(Request $request) - { - $product = new Product(); - $product->setUser($this->getUser()); - $form = $this->createForm('AppBundle\Form\ProductType', $product); - $form->handleRequest($request); + /** + * Creates a new product entity. + * + * @Route("/new", name="product_new") + * @Method({"GET", "POST"}) + */ + public function newAction( Request $request ) { + $product = new Product(); + $product->setUser( $this->getUser() ); + $form = $this->createForm( 'AppBundle\Form\ProductType', $product ); + $form->handleRequest( $request ); - if ($form->isSubmitted() && $form->isValid()) { - $em = $this->getDoctrine()->getManager(); - $em->persist($product); - $em->flush(); + if ( $form->isSubmitted() && $form->isValid() ) { + $em = $this->getDoctrine()->getManager(); + $em->persist( $product ); + $em->flush(); - return $this->redirectToRoute('product_show', array('id' => $product->getId())); - } + return $this->redirectToRoute( 'product_show', [ 'id' => $product->getId() ] ); + } - return $this->render('product/new.html.twig', array( - 'product' => $product, - 'form' => $form->createView(), - )); - } + return $this->render( 'product/new.html.twig', + [ + 'product' => $product, + 'form' => $form->createView(), + ] ); + } - /** - * Finds and displays a product entity. - * - * @Route("/{id}", name="product_show") - * @Method("GET") - */ - public function showAction(Product $product) - { - $deleteForm = $this->createDeleteForm($product); + /** + * Finds and displays a product entity. + * + * @Route("/{id}", name="product_show") + * @Method("GET") + */ + public function showAction( Product $product ) { + $deleteForm = $this->createDeleteForm( $product ); + if ( $product->getUser()->getId() !== $this->getUser()->getId() ) { - return $this->render('product/show.html.twig', array( - 'product' => $product, - 'delete_form' => $deleteForm->createView(), - )); - } + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } - /** - * Displays a form to edit an existing product entity. - * - * @Route("/{id}/edit", name="product_edit") - * @Method({"GET", "POST"}) - */ - public function editAction(Request $request, Product $product) - { - $deleteForm = $this->createDeleteForm($product); - $editForm = $this->createForm('AppBundle\Form\ProductType', $product); - $editForm->handleRequest($request); + return $this->render( 'product/show.html.twig', + [ + 'product' => $product, + 'delete_form' => $deleteForm->createView(), + ] ); + } - if ($editForm->isSubmitted() && $editForm->isValid()) { - $this->getDoctrine()->getManager()->flush(); + /** + * Displays a form to edit an existing product entity. + * + * @Route("/{id}/edit", name="product_edit") + * @Method({"GET", "POST"}) + */ + public function editAction( Request $request, Product $product ) { - return $this->redirectToRoute('product_edit', array('id' => $product->getId())); - } + if ( $product->getUser()->getId() !== $this->getUser()->getId() ) { - return $this->render('product/edit.html.twig', array( - 'product' => $product, - 'edit_form' => $editForm->createView(), - 'delete_form' => $deleteForm->createView(), - )); - } + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } - /** - * Deletes a product entity. - * - * @Route("/{id}", name="product_delete") - * @Method("DELETE") - */ - public function deleteAction(Request $request, Product $product) - { - $form = $this->createDeleteForm($product); - $form->handleRequest($request); + $deleteForm = $this->createDeleteForm( $product ); + $editForm = $this->createForm( 'AppBundle\Form\ProductType', $product ); + $editForm->handleRequest( $request ); - if ($form->isSubmitted() && $form->isValid()) { - $em = $this->getDoctrine()->getManager(); - $em->remove($product); - $em->flush(); - } + if ( $editForm->isSubmitted() && $editForm->isValid() ) { + $this->getDoctrine()->getManager()->flush(); - return $this->redirectToRoute('product_index'); - } + return $this->redirectToRoute( 'product_edit', [ 'id' => $product->getId() ] ); + } - /** - * Creates a form to delete a product entity. - * - * @param Product $product The product entity - * - * @return \Symfony\Component\Form\Form The form - */ - private function createDeleteForm(Product $product) - { - return $this->createFormBuilder() - ->setAction($this->generateUrl('product_delete', array('id' => $product->getId()))) - ->setMethod('DELETE') - ->getForm() - ; - } + return $this->render( 'product/edit.html.twig', + [ + 'product' => $product, + 'edit_form' => $editForm->createView(), + 'delete_form' => $deleteForm->createView(), + ] ); + } + + /** + * Deletes a product entity. + * + * @Route("/{id}", name="product_delete") + * @Method("DELETE") + */ + public function deleteAction( Request $request, Product $product ) { + $form = $this->createDeleteForm( $product ); + $form->handleRequest( $request ); + + if ( $form->isSubmitted() && $form->isValid() ) { + if ( $product->getUser()->getId() !== $this->getUser()->getId() ) { + + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } + $em = $this->getDoctrine()->getManager(); + $em->remove( $product ); + $em->flush(); + } + + return $this->redirectToRoute( 'product_index' ); + } + + /** + * Creates a form to delete a product entity. + * + * @param Product $product The product entity + * + * @return \Symfony\Component\Form\Form The form + */ + private function createDeleteForm( Product $product ) { + return $this->createFormBuilder() + ->setAction( $this->generateUrl( 'product_delete', [ 'id' => $product->getId() ] ) ) + ->setMethod( 'DELETE' ) + ->getForm(); + } } diff --git a/src/AppBundle/Controller/SellRecordController.php b/src/AppBundle/Controller/SellRecordController.php index d46c737f..71c059e7 100755 --- a/src/AppBundle/Controller/SellRecordController.php +++ b/src/AppBundle/Controller/SellRecordController.php @@ -3,135 +3,138 @@ namespace AppBundle\Controller; use AppBundle\Entity\SellRecord; -use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method; -use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request; +use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; +use Symfony\Bundle\FrameworkBundle\Controller\Controller; +use Symfony\Component\HttpFoundation\Request; /** * Sellrecord controller. * * @Route("sellrecord") */ -class SellRecordController extends Controller -{ - /** - * Lists all sellRecord entities. - * - * @Route("/", name="sellrecord_index") - * @Method("GET") - */ - public function indexAction() - { - $em = $this->getDoctrine()->getManager(); +class SellRecordController extends Controller { + /** + * Lists all sellRecord entities. + * + * @Route("/", name="sellrecord_index") + * @Method("GET") + */ + public function indexAction() { + $em = $this->getDoctrine()->getManager(); - $sellRecords = $em->getRepository('AppBundle:SellRecord')->findByUser($this->getUser() ); + $sellRecords = $em->getRepository( 'AppBundle:SellRecord' )->findByUser( $this->getUser() ); - return $this->render('sellrecord/index.html.twig', array( - 'sellRecords' => $sellRecords, - )); - } + return $this->render( 'sellrecord/index.html.twig', + [ + 'sellRecords' => $sellRecords, + ] ); + } - /** - * Creates a new sellRecord entity. - * - * @Route("/new", name="sellrecord_new") - * @Method({"GET", "POST"}) - */ - public function newAction(Request $request) - { - $sellRecord = new Sellrecord(); - $sellRecord->setUser($this->getUser()); - $form = $this->createForm('AppBundle\Form\SellRecordType', $sellRecord); - $form->handleRequest($request); + /** + * Creates a new sellRecord entity. + * + * @Route("/new", name="sellrecord_new") + * @Method({"GET", "POST"}) + */ + public function newAction( Request $request ) { + $sellRecord = new Sellrecord(); + $sellRecord->setUser( $this->getUser() ); + $form = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord ); + $form->handleRequest( $request ); - if ($form->isSubmitted() && $form->isValid()) { - $em = $this->getDoctrine()->getManager(); - $em->persist($sellRecord); - $em->flush(); + if ( $form->isSubmitted() && $form->isValid() ) { + $em = $this->getDoctrine()->getManager(); + $em->persist( $sellRecord ); + $em->flush(); - return $this->redirectToRoute('sellrecord_show', array('date' => $sellRecord->getDate())); - } + return $this->redirectToRoute( 'sellrecord_show', [ 'date' => $sellRecord->getDate() ] ); + } - return $this->render('sellrecord/new.html.twig', array( - 'sellRecord' => $sellRecord, - 'form' => $form->createView(), - )); - } + return $this->render( 'sellrecord/new.html.twig', + [ + 'sellRecord' => $sellRecord, + 'form' => $form->createView(), + ] ); + } - /** - * Finds and displays a sellRecord entity. - * - * @Route("/{date}", name="sellrecord_show") - * @Method("GET") - */ - public function showAction(SellRecord $sellRecord) - { - $deleteForm = $this->createDeleteForm($sellRecord); + /** + * Finds and displays a sellRecord entity. + * + * @Route("/{date}", name="sellrecord_show") + * @Method("GET") + */ + public function showAction( SellRecord $sellRecord ) { + $deleteForm = $this->createDeleteForm( $sellRecord ); + if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) { + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } - return $this->render('sellrecord/show.html.twig', array( - 'sellRecord' => $sellRecord, - 'delete_form' => $deleteForm->createView(), - )); - } + return $this->render( 'sellrecord/show.html.twig', + [ + 'sellRecord' => $sellRecord, + 'delete_form' => $deleteForm->createView(), + ] ); + } - /** - * Displays a form to edit an existing sellRecord entity. - * - * @Route("/{date}/edit", name="sellrecord_edit") - * @Method({"GET", "POST"}) - */ - public function editAction(Request $request, SellRecord $sellRecord) - { - $deleteForm = $this->createDeleteForm($sellRecord); - $editForm = $this->createForm('AppBundle\Form\SellRecordType', $sellRecord); - $editForm->handleRequest($request); + /** + * Displays a form to edit an existing sellRecord entity. + * + * @Route("/{date}/edit", name="sellrecord_edit") + * @Method({"GET", "POST"}) + */ + public function editAction( Request $request, SellRecord $sellRecord ) { + if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) { + $this->denyAccessUnlessGranted( 'ROLE_ADMIN' ); + } + $deleteForm = $this->createDeleteForm( $sellRecord ); + $editForm = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord ); + $editForm->handleRequest( $request ); - if ($editForm->isSubmitted() && $editForm->isValid()) { - $this->getDoctrine()->getManager()->flush(); + if ( $editForm->isSubmitted() && $editForm->isValid() ) { + $this->getDoctrine()->getManager()->flush(); - return $this->redirectToRoute('sellrecord_edit', array('date' => $sellRecord->getDate())); - } + return $this->redirectToRoute( 'sellrecord_edit', [ 'date' => $sellRecord->getDate() ] ); + } - return $this->render('sellrecord/edit.html.twig', array( - 'sellRecord' => $sellRecord, - 'edit_form' => $editForm->createView(), - 'delete_form' => $deleteForm->createView(), - )); - } + return $this->render( 'sellrecord/edit.html.twig', + [ + 'sellRecord' => $sellRecord, + 'edit_form' => $editForm->createView(), + 'delete_form' => $deleteForm->createView(), + ] ); + } - /** - * Deletes a sellRecord entity. - * - * @Route("/{date}", name="sellrecord_delete") - * @Method("DELETE") - */ - public function deleteAction(Request $request, SellRecord $sellRecord) - { - $form = $this->createDeleteForm($sellRecord); - $form->handleRequest($request); + /** + * Deletes a sellRecord entity. + * + * @Route("/{date}", name="sellrecord_delete") + * @Method("DELETE") + */ + public function deleteAction( Request $request, SellRecord $sellRecord ) { + $form = $this->createDeleteForm( $sellRecord ); + $form->handleRequest( $request ); - if ($form->isSubmitted() && $form->isValid()) { - $em = $this->getDoctrine()->getManager(); - $em->remove($sellRecord); - $em->flush(); - } + if ( $form->isSubmitted() && $form->isValid() ) { + $em = $this->getDoctrine()->getManager(); + $em->remove( $sellRecord ); + $em->flush(); + } - return $this->redirectToRoute('sellrecord_index'); - } + return $this->redirectToRoute( 'sellrecord_index' ); + } - /** - * Creates a form to delete a sellRecord entity. - * - * @param SellRecord $sellRecord The sellRecord entity - * - * @return \Symfony\Component\Form\Form The form - */ - private function createDeleteForm(SellRecord $sellRecord) - { - return $this->createFormBuilder() - ->setAction($this->generateUrl('sellrecord_delete', array('date' => $sellRecord->getDate()))) - ->setMethod('DELETE') - ->getForm() - ; - } + /** + * Creates a form to delete a sellRecord entity. + * + * @param SellRecord $sellRecord The sellRecord entity + * + * @return \Symfony\Component\Form\Form The form + */ + private function createDeleteForm( SellRecord $sellRecord ) { + return $this->createFormBuilder() + ->setAction( $this->generateUrl( 'sellrecord_delete', [ 'date' => $sellRecord->getDate() ] ) ) + ->setMethod( 'DELETE' ) + ->getForm(); + } } diff --git a/src/AppBundle/Entity/ProductCategory.php b/src/AppBundle/Entity/ProductCategory.php index a9539cd3..3a2495ab 100755 --- a/src/AppBundle/Entity/ProductCategory.php +++ b/src/AppBundle/Entity/ProductCategory.php @@ -34,6 +34,21 @@ class ProductCategory { return $this->getName() . ' (' . count( $this->getProducts() ) . ' produits)'; } + /** + * @param $userId + * + * @return bool + */ + public function hasUser( $userId ) { + foreach ( $this->getUsers() as $user ) { + if ( $user->getId() === $userId ) { + return true; + } + } + + return false; + } + /** * @return mixed */