Check for permissions before showing user infos or allow the user to change its own infos.

2025-07-03 06:54:34 +02:00 · 2019-03-19 18:36:05 +01:00 · 2019-03-19 18:36:05 +01:00 · 6ed2eeabae
commit 6ed2eeabae
parent b9cd2fcc7f
5 changed files with 130 additions and 10 deletions
--- a/src/Form/UserSettingsType.php
+++ b/src/Form/UserSettingsType.php
@ -14,21 +14,35 @@ use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\Form\Extension\Core\Type\TimezoneType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Security\Core\Security;

 class UserSettingsType extends AbstractType
 {
+    protected $security;
+
+    public function __construct(Security $security)
+    {
+        $this->security = $security;
+    }
+
+
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder
-            ->add('name', TextType::class, ['label'=>'user.username.label'])
+            ->add('name', TextType::class, ['label'=>'user.username.label',
+                'disabled' => !$this->security->isGranted('edit_username', $options['data'])])
            ->add('first_name', TextType::class, ['required' => false,
-                'label'=>'user.firstName.label'])
+                'label'=>'user.firstName.label',
+                'disabled' => !$this->security->isGranted('edit_infos', $options['data'])])
            ->add('last_name', TextType::class, ['required' => false,
-                'label'=>'user.lastName.label'])
+                'label'=>'user.lastName.label',
+                'disabled' => !$this->security->isGranted('edit_infos', $options['data'])])
            ->add('department', TextType::class, ['required' => false,
-                'label'=>'user.department.label'])
+                'label'=>'user.department.label',
+                'disabled' => !$this->security->isGranted('edit_infos', $options['data'])])
            ->add('email', EmailType::class, ['required' => false,
-                'label'=>'user.email.label'])
+                'label'=>'user.email.label',
+                'disabled' => !$this->security->isGranted('edit_infos', $options['data'])])
            ->add('language', LocaleType::class, ['required' => false,
                'attr'=>['class'=> 'selectpicker', 'data-live-search' => true]
                , 'placeholder' => 'user_settings.language.placeholder', 'label'=>'user.language_select'])