mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 17:39:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added a simple Voter for checking, if a user is allowed, to view/edit/create a part.

Browse source
This commit is contained in:
Jan Böhmer 2019-03-18 19:05:41 +01:00
parent ab3f5db174
commit 01e1f27b68
10 changed files with 750 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Controller/PartController.php
View file

@ -40,6 +40,7 @@ use App\Services\AttachmentFilenameService;
use App\Services\EntityURLGenerator;
use Doctrine\ORM\EntityManager;
use Doctrine\ORM\EntityManagerInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
@ -54,6 +55,8 @@ class PartController extends AbstractController
*/
public function show(Part $part, AttachmentFilenameService $attachmentFilenameService)
{
$this->denyAccessUnlessGranted('read', $part);
$filename = $part->getMasterPictureFilename(true);
return $this->render('show_part_info.html.twig',
@ -72,8 +75,9 @@ class PartController extends AbstractController
*/
public function edit(Part $part, Request $request, EntityManagerInterface $em)
{
$form = $this->createForm(PartType::class, $part);
$this->denyAccessUnlessGranted('edit', $part);
$form = $this->createForm(PartType::class, $part);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
@ -98,6 +102,8 @@ class PartController extends AbstractController
{
$new_part = new Part();
$this->denyAccessUnlessGranted('create', $new_part);
$cid = $request->get('cid', 1);
$category = $em->find(Category::class, $cid);