Skip to content
This repository has been archived by the owner on May 29, 2023. It is now read-only.

Commit

Permalink
Ref #43: factorize the user access rights in administration controller.
Browse files Browse the repository at this point in the history
  • Loading branch information
@DarckCrystale
DarckCrystale committed Feb 16, 2018
1 parent 5c679b6 commit 02e14e9
Showing 1 changed file with 154 additions and 90 deletions.
244 changes: 154 additions & 90 deletions src/AppBundle/Controller/AdministrationController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
*/
class AdministrationController extends Controller
{
const ACCESS_DENIED_MESSAGE = 'Access denied';

/*
* ----------------------------------
* Methods for Account administration
Expand All @@ -32,22 +34,20 @@ class AdministrationController extends Controller
public function listAccountAction(Request $request)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($session->get('account') != null && $session->get('account')->isAdmin() === true)
{
$em = $this->getDoctrine()->getManager();

$accounts = $em->getRepository('AppBundle:Account')->findAll();

return $this->render('account/list.html.twig', [
'accounts' => $accounts,
]);
}
else
if ($this->userHasAccessRights($connectedUser) === false)
{
$session->getFlashBag()->add('danger', 'Access denied');
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

$em = $this->getDoctrine()->getManager();
$accounts = $em->getRepository('AppBundle:Account')->findAll();

return $this->render('account/list.html.twig', [
'accounts' => $accounts,
]);
}

/*
Expand All @@ -65,31 +65,28 @@ public function listAccountAction(Request $request)
public function listContentWarningAction(Request $request)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($session->get('account') != null && $session->get('account')->isAdmin() === true)
if ($this->userHasAccessRights($connectedUser) === false)
{
$em = $this->getDoctrine()->getManager();

$contentWarnings = $em->getRepository('AppBundle:ContentWarning')->findAll();

$deleteForms = [];
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

foreach ($contentWarnings as $contentWarning)
{
$deleteForm = $this->createContentWarningDeleteForm($contentWarning);
$deleteForms[$contentWarning->getId()] = $deleteForm->createView();
}
$em = $this->getDoctrine()->getManager();
$contentWarnings = $em->getRepository('AppBundle:ContentWarning')->findAll();

return $this->render('contentwarning/list.html.twig', [
'contentWarnings' => $contentWarnings,
'delete_forms' => $deleteForms,
]);
}
else
$deleteForms = [];
foreach ($contentWarnings as $contentWarning)
{
$session->getFlashBag()->add('danger', 'Access denied');
return $this->redirectToRoute('succubesarl');
$deleteForm = $this->createContentWarningDeleteForm($contentWarning);
$deleteForms[$contentWarning->getId()] = $deleteForm->createView();
}

return $this->render('contentwarning/list.html.twig', [
'contentWarnings' => $contentWarnings,
'delete_forms' => $deleteForms,
]);
}

/**
Expand All @@ -101,10 +98,11 @@ public function listContentWarningAction(Request $request)
public function showContentWarningAction(Request $request, ContentWarning $contentWarning)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if (is_null($session->get('account')) || $session->get('account')->isAdmin() === false)
if ($this->userHasAccessRights($connectedUser) === false)
{
$session->getFlashBag()->add('danger', 'Access denied');
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

Expand All @@ -122,34 +120,33 @@ public function showContentWarningAction(Request $request, ContentWarning $conte
public function newContentWarningAction(Request $request)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($session->get('account') != null && $session->get('account')->isAdmin() === true)
if ($this->userHasAccessRights($connectedUser) === false)
{
$contentWarning = new \AppBundle\Entity\ContentWarning();
$form = $this->createForm('AppBundle\Form\ContentWarningType', $contentWarning);
$form->handleRequest($request);
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

if ($form->isSubmitted() && $form->isValid())
{
$contentWarning->setCreationDate(new \DateTime("now"));
$contentWarning = new \AppBundle\Entity\ContentWarning();
$form = $this->createForm('AppBundle\Form\ContentWarningType', $contentWarning);
$form->handleRequest($request);

$em = $this->getDoctrine()->getManager();
$em->persist($contentWarning);
$em->flush();
if ($form->isSubmitted() && $form->isValid())
{
$contentWarning->setCreationDate(new \DateTime("now"));

return $this->redirectToRoute('contentwarning_show', ['slug' => $contentWarning->getSlug()]);
}
$em = $this->getDoctrine()->getManager();
$em->persist($contentWarning);
$em->flush();

return $this->render('contentwarning/new.html.twig', [
'contentWarning' => $contentWarning,
'form' => $form->createView(),
]);
}
else
{
$session->getFlashBag()->add('danger', 'Access denied');
return $this->redirectToRoute('succubesarl');
return $this->redirectToRoute('contentwarning_show', ['slug' => $contentWarning->getSlug()]);
}

return $this->render('contentwarning/new.html.twig', [
'contentWarning' => $contentWarning,
'form' => $form->createView(),
]);
}

/**
Expand All @@ -161,31 +158,30 @@ public function newContentWarningAction(Request $request)
public function editContentWarningAction(Request $request, ContentWarning $contentWarning)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($session->get('account') != null && $session->get('account')->isAdmin() === true)
if ($this->userHasAccessRights($connectedUser) === false)
{
$deleteForm = $this->createContentWarningDeleteForm($contentWarning);
$editForm = $this->createForm('AppBundle\Form\ContentWarningType', $contentWarning);
$editForm->handleRequest($request);

if ($editForm->isSubmitted() && $editForm->isValid())
{
$this->getDoctrine()->getManager()->flush();
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

return $this->redirectToRoute('contentwarning_edit', ['slug' => $contentWarning->getSlug()]);
}
$deleteForm = $this->createContentWarningDeleteForm($contentWarning);
$editForm = $this->createForm('AppBundle\Form\ContentWarningType', $contentWarning);
$editForm->handleRequest($request);

return $this->render('contentwarning/edit.html.twig', [
'contentWarning' => $contentWarning,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
]);
}
else
if ($editForm->isSubmitted() && $editForm->isValid())
{
$session->getFlashBag()->add('danger', 'Access denied');
return $this->redirectToRoute('succubesarl');
$this->getDoctrine()->getManager()->flush();

return $this->redirectToRoute('contentwarning_edit', ['slug' => $contentWarning->getSlug()]);
}

return $this->render('contentwarning/edit.html.twig', [
'contentWarning' => $contentWarning,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
]);
}

/**
Expand All @@ -197,28 +193,27 @@ public function editContentWarningAction(Request $request, ContentWarning $conte
public function deleteContentWarningAction(Request $request, ContentWarning $contentWarning)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($session->get('account') != null && $session->get('account')->isAdmin() === true)
if ($this->userHasAccessRights($connectedUser) === false)
{
$form = $this->createContentWarningDeleteForm($contentWarning);
$form->handleRequest($request);

if ($form->isSubmitted() && $form->isValid())
{
$em = $this->getDoctrine()->getManager();
$em->remove($contentWarning);
$em->flush();
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

$session->getFlashBag()->add('success', 'Content warning successfully removed.');
}
$form = $this->createContentWarningDeleteForm($contentWarning);
$form->handleRequest($request);

return $this->redirectToRoute('contentwarning_list');
}
else
if ($form->isSubmitted() && $form->isValid())
{
$session->getFlashBag()->add('danger', 'Access denied');
return $this->redirectToRoute('succubesarl');
$em = $this->getDoctrine()->getManager();
$em->remove($contentWarning);
$em->flush();

$session->getFlashBag()->add('success', 'Content warning successfully removed.');
}

return $this->redirectToRoute('contentwarning_list');
}

/**
Expand Down Expand Up @@ -251,8 +246,16 @@ private function createContentWarningDeleteForm(ContentWarning $contentWarning)
*/
public function listStripAction(Request $request)
{
$em = $this->getDoctrine()->getManager();
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($this->userHasAccessRights($connectedUser) === false)
{
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

$em = $this->getDoctrine()->getManager();
$strips = $em->getRepository('AppBundle:Strip')->findAll();

return $this->render('strip/list.html.twig', [
Expand All @@ -268,6 +271,15 @@ public function listStripAction(Request $request)
*/
public function newStripAction(Request $request)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($this->userHasAccessRights($connectedUser) === false)
{
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

$strip = new Strip();
$form = $this->createForm('AppBundle\Form\StripType', $strip);
$form->handleRequest($request);
Expand Down Expand Up @@ -313,6 +325,15 @@ public function newStripAction(Request $request)
*/
public function showStripAction(Request $request, Strip $strip)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($this->userHasAccessRights($connectedUser) === false)
{
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

$deleteForm = $this->createDeleteForm($strip);

return $this->render('strip/show.html.twig', [
Expand All @@ -329,6 +350,15 @@ public function showStripAction(Request $request, Strip $strip)
*/
public function editStripAction(Request $request, Strip $strip)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($this->userHasAccessRights($connectedUser) === false)
{
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

$deleteForm = $this->createDeleteForm($strip);
$editForm = $this->createForm('AppBundle\Form\StripType', $strip);
$editForm->handleRequest($request);
Expand All @@ -355,6 +385,15 @@ public function editStripAction(Request $request, Strip $strip)
*/
public function deleteStripAction(Request $request, Strip $strip)
{
$session = $request->getSession();
$connectedUser = $session->get('account');

if ($this->userHasAccessRights($connectedUser) === false)
{
$session->getFlashBag()->add('danger', self::ACCESS_DENIED_MESSAGE);
return $this->redirectToRoute('succubesarl');
}

$form = $this->createDeleteForm($strip);
$form->handleRequest($request);

Expand Down Expand Up @@ -384,4 +423,29 @@ private function createDeleteForm(Strip $strip)
;
}

/**
* Check if the user can access the website administration
*
* @param \AppBundle\Controller\Account $connectedUser user in the current Session
* @return boolean true if the user can access the administration, false otherwise
*/
private function userHasAccessRights(\AppBundle\Entity\Account $connectedUser)
{
if (is_null($connectedUser))
{
// user is not logged
return false;
}
elseif ($connectedUser->isAdmin() === false)
{
// user is not an admin
return false;
}
else
{
// user can access the administration
return true;
}
}

}

0 comments on commit 02e14e9

Please sign in to comment.