don't allow deletion of super admin; also added constants for roles

This commit is contained in:
overflowerror 2021-01-17 23:42:04 +01:00
parent 106acf7aea
commit 012889d531
6 changed files with 27 additions and 13 deletions

View file

@ -4,6 +4,7 @@
namespace App\Controller;
use App\Entity\User;
use App\Entity\Video;
use App\Entity\VideoLink;
use App\Form\VideoLinkType;
@ -55,7 +56,7 @@ class DashboardController extends AbstractController
*/
public function dashboard(): Response
{
if (!$this->isGranted("ROLE_USER")) {
if (!$this->isGranted(User::ROLE_USER)) {
// not logged in
return $this->redirectToRoute("app_login");
}
@ -78,7 +79,7 @@ class DashboardController extends AbstractController
*/
public function upload(Request $request): Response
{
if (!$this->isGranted("ROLE_USER")) {
if (!$this->isGranted(User::ROLE_USER)) {
// not logged in
return $this->redirectToRoute("app_login");
}
@ -110,7 +111,7 @@ class DashboardController extends AbstractController
*/
public function editVideo(Request $request): Response
{
if (!$this->isGranted("ROLE_USER")) {
if (!$this->isGranted(User::ROLE_USER)) {
// not logged in
return $this->redirectToRoute("app_login");
}
@ -188,7 +189,7 @@ class DashboardController extends AbstractController
*/
public function uploadStatus($videoId): Response
{
if (!$this->isGranted("ROLE_USER")) {
if (!$this->isGranted(User::ROLE_USER)) {
// not logged in
return $this->redirectToRoute("app_login");
}
@ -218,7 +219,7 @@ class DashboardController extends AbstractController
*/
public function showLinks(): Response
{
if (!$this->isGranted("ROLE_USER")) {
if (!$this->isGranted(User::ROLE_USER)) {
// not logged in
return $this->redirectToRoute("app_login");
}
@ -242,7 +243,7 @@ class DashboardController extends AbstractController
*/
public function newLink(Request $request): Response
{
if (!$this->isGranted("ROLE_USER")) {
if (!$this->isGranted(User::ROLE_USER)) {
// not logged in
return $this->redirectToRoute("app_login");
}
@ -331,7 +332,7 @@ class DashboardController extends AbstractController
*/
public function editLink(Request $request): Response
{
if (!$this->isGranted("ROLE_USER")) {
if (!$this->isGranted(User::ROLE_USER)) {
// not logged in
return $this->redirectToRoute("app_login");
}

View file

@ -4,6 +4,7 @@
namespace App\Controller;
use App\Entity\User;
use App\Mapper\CustomUuidMapper;
use App\Service\UserService;
use Doctrine\DBAL\Types\ConversionException;
@ -59,7 +60,7 @@ class UserController extends AbstractController
*/
public function userList(): Response
{
if (!$this->isGranted("ROLE_ADMIN")) {
if (!$this->isGranted(User::ROLE_ADMIN)) {
// not logged in
throw new AccessDeniedHttpException();
}
@ -80,7 +81,8 @@ class UserController extends AbstractController
*/
public function userDelete(Request $request): Response
{
if (!$this->isGranted("ROLE_ADMIN")) {
if (!$this->isGranted(User::ROLE_ADMIN)) {
// not logged in
throw new AccessDeniedHttpException();
}
@ -111,6 +113,10 @@ class UserController extends AbstractController
throw new BadRequestHttpException();
}
if ($user->isSuperAdmin()) {
throw new AccessDeniedHttpException();
}
$this->userService->delete($user);
return $this->redirectToRoute("app_user_list");

View file

@ -65,8 +65,6 @@ class WatchController extends AbstractController
return self::NOT_ALLOWED;
}
// TODO: check constraints
if (!$link->viewable($strict)) {
return self::NOT_ALLOWED;
}

View file

@ -25,7 +25,7 @@ class UserFixtures extends Fixture
$admin->setEmail("admin@mytube");
$admin->setName("Administrator");
$admin->setPassword($this->passwordEncoder->encodePassword($admin, "password"));
$admin->setRoles(["ROLE_ADMIN"]);
$admin->setRoles([User::ROLE_SUPER_ADMIN, User::ROLE_ADMIN, User::ROLE_USER]);
$manager->persist($admin);
$manager->flush();

View file

@ -15,6 +15,10 @@ use Symfony\Component\Security\Core\User\UserInterface;
*/
class User implements UserInterface
{
public const ROLE_SUPER_ADMIN = "ROLE_SUPER_ADMIN";
public const ROLE_ADMIN = "ROLE_ADMIN";
public const ROLE_USER = "ROLE_USER";
/**
* @ORM\Id
* @ORM\Column(type="uuid", unique=true)
@ -196,4 +200,9 @@ class User implements UserInterface
$this->customId = $customId;
return $this;
}
public function isSuperAdmin(): bool
{
return in_array(self::ROLE_SUPER_ADMIN, $this->getRoles());
}
}

View file

@ -63,7 +63,7 @@
data-mdb-toggle="dropdown"
aria-expanded="false"
onclick=""
{% if user.id == current.id %}
{% if (user.id == current.id) or (user.isSuperAdmin()) %}
disabled
{% endif %}
>