limit crud access

This commit is contained in:
Kayn Ty 2018-05-04 17:22:49 +02:00
parent e8b4e5fe10
commit b82b13e267
5 changed files with 263 additions and 222 deletions

View File

@ -23,7 +23,7 @@ class FestivalController extends Controller {
public function indexAction() {
$em = $this->getDoctrine()->getManager();
$festivals = $em->getRepository( 'AppBundle:Festival' )->findByUser($this->getUser() );
$festivals = $em->getRepository( 'AppBundle:Festival' )->findByUser( $this->getUser() );
return $this->render( 'festival/index.html.twig',
[
@ -40,7 +40,7 @@ class FestivalController extends Controller {
public function newAction( Request $request ) {
$festival = new Festival();
$festival->setUser( $this->getUser() );
$festival->setDateCreation(new \DateTime());
$festival->setDateCreation( new \DateTime() );
$form = $this->createForm( 'AppBundle\Form\FestivalType', $festival );
$form->handleRequest( $request );
@ -67,6 +67,10 @@ class FestivalController extends Controller {
*/
public function showAction( Festival $festival ) {
$deleteForm = $this->createDeleteForm( $festival );
if ( $festival->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
return $this->render( 'festival/show.html.twig',
[

View File

@ -3,9 +3,9 @@
namespace AppBundle\Controller;
use AppBundle\Entity\ProductCategory;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/**
@ -23,7 +23,7 @@ class ProductCategoryController extends Controller {
public function indexAction() {
$em = $this->getDoctrine()->getManager();
$currentUser = $this->getUser();
$currentUser = $this->getUser();
$productCategories = $currentUser->getCategories();
return $this->render( 'productcategory/index.html.twig',
@ -85,9 +85,14 @@ class ProductCategoryController extends Controller {
* @Method({"GET", "POST"})
*/
public function editAction( Request $request, ProductCategory $productCategory ) {
$deleteForm = $this->createDeleteForm( $productCategory );
if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$deleteForm = $this->createDeleteForm( $productCategory );
$currentUser = $this->getUser();
$productCategory->setUsers( [ $currentUser ] );
$editForm = $this->createForm( 'AppBundle\Form\ProductCategoryType', $productCategory );
$editForm = $this->createForm( 'AppBundle\Form\ProductCategoryType', $productCategory );
$editForm->handleRequest( $request );
if ( $editForm->isSubmitted() && $editForm->isValid() ) {
@ -115,6 +120,9 @@ class ProductCategoryController extends Controller {
$form->handleRequest( $request );
if ( $form->isSubmitted() && $form->isValid() ) {
if ( ! $productCategory->hasUser( $this->getUser()->getId() ) ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$em = $this->getDoctrine()->getManager();
$em->remove( $productCategory );
$em->flush();

View File

@ -3,135 +3,146 @@
namespace AppBundle\Controller;
use AppBundle\Entity\Product;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/**
* Product controller.
*
* @Route("product")
*/
class ProductController extends Controller
{
/**
* Lists all product entities.
*
* @Route("/", name="product_index")
* @Method("GET")
*/
public function indexAction()
{
$em = $this->getDoctrine()->getManager();
class ProductController extends Controller {
/**
* Lists all product entities.
*
* @Route("/", name="product_index")
* @Method("GET")
*/
public function indexAction() {
$em = $this->getDoctrine()->getManager();
$products = $em->getRepository('AppBundle:Product')->findByUser($this->getUser() );
$products = $em->getRepository( 'AppBundle:Product' )->findByUser( $this->getUser() );
return $this->render('product/index.html.twig', array(
'products' => $products,
));
}
return $this->render( 'product/index.html.twig',
[
'products' => $products,
] );
}
/**
* Creates a new product entity.
*
* @Route("/new", name="product_new")
* @Method({"GET", "POST"})
*/
public function newAction(Request $request)
{
$product = new Product();
$product->setUser($this->getUser());
$form = $this->createForm('AppBundle\Form\ProductType', $product);
$form->handleRequest($request);
/**
* Creates a new product entity.
*
* @Route("/new", name="product_new")
* @Method({"GET", "POST"})
*/
public function newAction( Request $request ) {
$product = new Product();
$product->setUser( $this->getUser() );
$form = $this->createForm( 'AppBundle\Form\ProductType', $product );
$form->handleRequest( $request );
if ($form->isSubmitted() && $form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->persist($product);
$em->flush();
if ( $form->isSubmitted() && $form->isValid() ) {
$em = $this->getDoctrine()->getManager();
$em->persist( $product );
$em->flush();
return $this->redirectToRoute('product_show', array('id' => $product->getId()));
}
return $this->redirectToRoute( 'product_show', [ 'id' => $product->getId() ] );
}
return $this->render('product/new.html.twig', array(
'product' => $product,
'form' => $form->createView(),
));
}
return $this->render( 'product/new.html.twig',
[
'product' => $product,
'form' => $form->createView(),
] );
}
/**
* Finds and displays a product entity.
*
* @Route("/{id}", name="product_show")
* @Method("GET")
*/
public function showAction(Product $product)
{
$deleteForm = $this->createDeleteForm($product);
/**
* Finds and displays a product entity.
*
* @Route("/{id}", name="product_show")
* @Method("GET")
*/
public function showAction( Product $product ) {
$deleteForm = $this->createDeleteForm( $product );
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
return $this->render('product/show.html.twig', array(
'product' => $product,
'delete_form' => $deleteForm->createView(),
));
}
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
/**
* Displays a form to edit an existing product entity.
*
* @Route("/{id}/edit", name="product_edit")
* @Method({"GET", "POST"})
*/
public function editAction(Request $request, Product $product)
{
$deleteForm = $this->createDeleteForm($product);
$editForm = $this->createForm('AppBundle\Form\ProductType', $product);
$editForm->handleRequest($request);
return $this->render( 'product/show.html.twig',
[
'product' => $product,
'delete_form' => $deleteForm->createView(),
] );
}
if ($editForm->isSubmitted() && $editForm->isValid()) {
$this->getDoctrine()->getManager()->flush();
/**
* Displays a form to edit an existing product entity.
*
* @Route("/{id}/edit", name="product_edit")
* @Method({"GET", "POST"})
*/
public function editAction( Request $request, Product $product ) {
return $this->redirectToRoute('product_edit', array('id' => $product->getId()));
}
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
return $this->render('product/edit.html.twig', array(
'product' => $product,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
));
}
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
/**
* Deletes a product entity.
*
* @Route("/{id}", name="product_delete")
* @Method("DELETE")
*/
public function deleteAction(Request $request, Product $product)
{
$form = $this->createDeleteForm($product);
$form->handleRequest($request);
$deleteForm = $this->createDeleteForm( $product );
$editForm = $this->createForm( 'AppBundle\Form\ProductType', $product );
$editForm->handleRequest( $request );
if ($form->isSubmitted() && $form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->remove($product);
$em->flush();
}
if ( $editForm->isSubmitted() && $editForm->isValid() ) {
$this->getDoctrine()->getManager()->flush();
return $this->redirectToRoute('product_index');
}
return $this->redirectToRoute( 'product_edit', [ 'id' => $product->getId() ] );
}
/**
* Creates a form to delete a product entity.
*
* @param Product $product The product entity
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm(Product $product)
{
return $this->createFormBuilder()
->setAction($this->generateUrl('product_delete', array('id' => $product->getId())))
->setMethod('DELETE')
->getForm()
;
}
return $this->render( 'product/edit.html.twig',
[
'product' => $product,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
] );
}
/**
* Deletes a product entity.
*
* @Route("/{id}", name="product_delete")
* @Method("DELETE")
*/
public function deleteAction( Request $request, Product $product ) {
$form = $this->createDeleteForm( $product );
$form->handleRequest( $request );
if ( $form->isSubmitted() && $form->isValid() ) {
if ( $product->getUser()->getId() !== $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$em = $this->getDoctrine()->getManager();
$em->remove( $product );
$em->flush();
}
return $this->redirectToRoute( 'product_index' );
}
/**
* Creates a form to delete a product entity.
*
* @param Product $product The product entity
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm( Product $product ) {
return $this->createFormBuilder()
->setAction( $this->generateUrl( 'product_delete', [ 'id' => $product->getId() ] ) )
->setMethod( 'DELETE' )
->getForm();
}
}

View File

@ -3,135 +3,138 @@
namespace AppBundle\Controller;
use AppBundle\Entity\SellRecord;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
/**
* Sellrecord controller.
*
* @Route("sellrecord")
*/
class SellRecordController extends Controller
{
/**
* Lists all sellRecord entities.
*
* @Route("/", name="sellrecord_index")
* @Method("GET")
*/
public function indexAction()
{
$em = $this->getDoctrine()->getManager();
class SellRecordController extends Controller {
/**
* Lists all sellRecord entities.
*
* @Route("/", name="sellrecord_index")
* @Method("GET")
*/
public function indexAction() {
$em = $this->getDoctrine()->getManager();
$sellRecords = $em->getRepository('AppBundle:SellRecord')->findByUser($this->getUser() );
$sellRecords = $em->getRepository( 'AppBundle:SellRecord' )->findByUser( $this->getUser() );
return $this->render('sellrecord/index.html.twig', array(
'sellRecords' => $sellRecords,
));
}
return $this->render( 'sellrecord/index.html.twig',
[
'sellRecords' => $sellRecords,
] );
}
/**
* Creates a new sellRecord entity.
*
* @Route("/new", name="sellrecord_new")
* @Method({"GET", "POST"})
*/
public function newAction(Request $request)
{
$sellRecord = new Sellrecord();
$sellRecord->setUser($this->getUser());
$form = $this->createForm('AppBundle\Form\SellRecordType', $sellRecord);
$form->handleRequest($request);
/**
* Creates a new sellRecord entity.
*
* @Route("/new", name="sellrecord_new")
* @Method({"GET", "POST"})
*/
public function newAction( Request $request ) {
$sellRecord = new Sellrecord();
$sellRecord->setUser( $this->getUser() );
$form = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord );
$form->handleRequest( $request );
if ($form->isSubmitted() && $form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->persist($sellRecord);
$em->flush();
if ( $form->isSubmitted() && $form->isValid() ) {
$em = $this->getDoctrine()->getManager();
$em->persist( $sellRecord );
$em->flush();
return $this->redirectToRoute('sellrecord_show', array('date' => $sellRecord->getDate()));
}
return $this->redirectToRoute( 'sellrecord_show', [ 'date' => $sellRecord->getDate() ] );
}
return $this->render('sellrecord/new.html.twig', array(
'sellRecord' => $sellRecord,
'form' => $form->createView(),
));
}
return $this->render( 'sellrecord/new.html.twig',
[
'sellRecord' => $sellRecord,
'form' => $form->createView(),
] );
}
/**
* Finds and displays a sellRecord entity.
*
* @Route("/{date}", name="sellrecord_show")
* @Method("GET")
*/
public function showAction(SellRecord $sellRecord)
{
$deleteForm = $this->createDeleteForm($sellRecord);
/**
* Finds and displays a sellRecord entity.
*
* @Route("/{date}", name="sellrecord_show")
* @Method("GET")
*/
public function showAction( SellRecord $sellRecord ) {
$deleteForm = $this->createDeleteForm( $sellRecord );
if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
return $this->render('sellrecord/show.html.twig', array(
'sellRecord' => $sellRecord,
'delete_form' => $deleteForm->createView(),
));
}
return $this->render( 'sellrecord/show.html.twig',
[
'sellRecord' => $sellRecord,
'delete_form' => $deleteForm->createView(),
] );
}
/**
* Displays a form to edit an existing sellRecord entity.
*
* @Route("/{date}/edit", name="sellrecord_edit")
* @Method({"GET", "POST"})
*/
public function editAction(Request $request, SellRecord $sellRecord)
{
$deleteForm = $this->createDeleteForm($sellRecord);
$editForm = $this->createForm('AppBundle\Form\SellRecordType', $sellRecord);
$editForm->handleRequest($request);
/**
* Displays a form to edit an existing sellRecord entity.
*
* @Route("/{date}/edit", name="sellrecord_edit")
* @Method({"GET", "POST"})
*/
public function editAction( Request $request, SellRecord $sellRecord ) {
if ( ! $sellRecord->getUser() == $this->getUser()->getId() ) {
$this->denyAccessUnlessGranted( 'ROLE_ADMIN' );
}
$deleteForm = $this->createDeleteForm( $sellRecord );
$editForm = $this->createForm( 'AppBundle\Form\SellRecordType', $sellRecord );
$editForm->handleRequest( $request );
if ($editForm->isSubmitted() && $editForm->isValid()) {
$this->getDoctrine()->getManager()->flush();
if ( $editForm->isSubmitted() && $editForm->isValid() ) {
$this->getDoctrine()->getManager()->flush();
return $this->redirectToRoute('sellrecord_edit', array('date' => $sellRecord->getDate()));
}
return $this->redirectToRoute( 'sellrecord_edit', [ 'date' => $sellRecord->getDate() ] );
}
return $this->render('sellrecord/edit.html.twig', array(
'sellRecord' => $sellRecord,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
));
}
return $this->render( 'sellrecord/edit.html.twig',
[
'sellRecord' => $sellRecord,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
] );
}
/**
* Deletes a sellRecord entity.
*
* @Route("/{date}", name="sellrecord_delete")
* @Method("DELETE")
*/
public function deleteAction(Request $request, SellRecord $sellRecord)
{
$form = $this->createDeleteForm($sellRecord);
$form->handleRequest($request);
/**
* Deletes a sellRecord entity.
*
* @Route("/{date}", name="sellrecord_delete")
* @Method("DELETE")
*/
public function deleteAction( Request $request, SellRecord $sellRecord ) {
$form = $this->createDeleteForm( $sellRecord );
$form->handleRequest( $request );
if ($form->isSubmitted() && $form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->remove($sellRecord);
$em->flush();
}
if ( $form->isSubmitted() && $form->isValid() ) {
$em = $this->getDoctrine()->getManager();
$em->remove( $sellRecord );
$em->flush();
}
return $this->redirectToRoute('sellrecord_index');
}
return $this->redirectToRoute( 'sellrecord_index' );
}
/**
* Creates a form to delete a sellRecord entity.
*
* @param SellRecord $sellRecord The sellRecord entity
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm(SellRecord $sellRecord)
{
return $this->createFormBuilder()
->setAction($this->generateUrl('sellrecord_delete', array('date' => $sellRecord->getDate())))
->setMethod('DELETE')
->getForm()
;
}
/**
* Creates a form to delete a sellRecord entity.
*
* @param SellRecord $sellRecord The sellRecord entity
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm( SellRecord $sellRecord ) {
return $this->createFormBuilder()
->setAction( $this->generateUrl( 'sellrecord_delete', [ 'date' => $sellRecord->getDate() ] ) )
->setMethod( 'DELETE' )
->getForm();
}
}

View File

@ -34,6 +34,21 @@ class ProductCategory {
return $this->getName() . ' (' . count( $this->getProducts() ) . ' produits)';
}
/**
* @param $userId
*
* @return bool
*/
public function hasUser( $userId ) {
foreach ( $this->getUsers() as $user ) {
if ( $user->getId() === $userId ) {
return true;
}
}
return false;
}
/**
* @return mixed
*/