mirror of
https://github.com/sigmasternchen/MyTube
synced 2025-03-15 04:48:55 +00:00
don't allow deletion of super admin; also added constants for roles
This commit is contained in:
parent
106acf7aea
commit
012889d531
6 changed files with 27 additions and 13 deletions
|
@ -4,6 +4,7 @@
|
|||
namespace App\Controller;
|
||||
|
||||
|
||||
use App\Entity\User;
|
||||
use App\Entity\Video;
|
||||
use App\Entity\VideoLink;
|
||||
use App\Form\VideoLinkType;
|
||||
|
@ -55,7 +56,7 @@ class DashboardController extends AbstractController
|
|||
*/
|
||||
public function dashboard(): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_USER")) {
|
||||
if (!$this->isGranted(User::ROLE_USER)) {
|
||||
// not logged in
|
||||
return $this->redirectToRoute("app_login");
|
||||
}
|
||||
|
@ -78,7 +79,7 @@ class DashboardController extends AbstractController
|
|||
*/
|
||||
public function upload(Request $request): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_USER")) {
|
||||
if (!$this->isGranted(User::ROLE_USER)) {
|
||||
// not logged in
|
||||
return $this->redirectToRoute("app_login");
|
||||
}
|
||||
|
@ -110,7 +111,7 @@ class DashboardController extends AbstractController
|
|||
*/
|
||||
public function editVideo(Request $request): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_USER")) {
|
||||
if (!$this->isGranted(User::ROLE_USER)) {
|
||||
// not logged in
|
||||
return $this->redirectToRoute("app_login");
|
||||
}
|
||||
|
@ -188,7 +189,7 @@ class DashboardController extends AbstractController
|
|||
*/
|
||||
public function uploadStatus($videoId): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_USER")) {
|
||||
if (!$this->isGranted(User::ROLE_USER)) {
|
||||
// not logged in
|
||||
return $this->redirectToRoute("app_login");
|
||||
}
|
||||
|
@ -218,7 +219,7 @@ class DashboardController extends AbstractController
|
|||
*/
|
||||
public function showLinks(): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_USER")) {
|
||||
if (!$this->isGranted(User::ROLE_USER)) {
|
||||
// not logged in
|
||||
return $this->redirectToRoute("app_login");
|
||||
}
|
||||
|
@ -242,7 +243,7 @@ class DashboardController extends AbstractController
|
|||
*/
|
||||
public function newLink(Request $request): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_USER")) {
|
||||
if (!$this->isGranted(User::ROLE_USER)) {
|
||||
// not logged in
|
||||
return $this->redirectToRoute("app_login");
|
||||
}
|
||||
|
@ -331,7 +332,7 @@ class DashboardController extends AbstractController
|
|||
*/
|
||||
public function editLink(Request $request): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_USER")) {
|
||||
if (!$this->isGranted(User::ROLE_USER)) {
|
||||
// not logged in
|
||||
return $this->redirectToRoute("app_login");
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
namespace App\Controller;
|
||||
|
||||
|
||||
use App\Entity\User;
|
||||
use App\Mapper\CustomUuidMapper;
|
||||
use App\Service\UserService;
|
||||
use Doctrine\DBAL\Types\ConversionException;
|
||||
|
@ -59,7 +60,7 @@ class UserController extends AbstractController
|
|||
*/
|
||||
public function userList(): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_ADMIN")) {
|
||||
if (!$this->isGranted(User::ROLE_ADMIN)) {
|
||||
// not logged in
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
|
@ -80,7 +81,8 @@ class UserController extends AbstractController
|
|||
*/
|
||||
public function userDelete(Request $request): Response
|
||||
{
|
||||
if (!$this->isGranted("ROLE_ADMIN")) {
|
||||
|
||||
if (!$this->isGranted(User::ROLE_ADMIN)) {
|
||||
// not logged in
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
|
@ -111,6 +113,10 @@ class UserController extends AbstractController
|
|||
throw new BadRequestHttpException();
|
||||
}
|
||||
|
||||
if ($user->isSuperAdmin()) {
|
||||
throw new AccessDeniedHttpException();
|
||||
}
|
||||
|
||||
$this->userService->delete($user);
|
||||
|
||||
return $this->redirectToRoute("app_user_list");
|
||||
|
|
|
@ -65,8 +65,6 @@ class WatchController extends AbstractController
|
|||
return self::NOT_ALLOWED;
|
||||
}
|
||||
|
||||
// TODO: check constraints
|
||||
|
||||
if (!$link->viewable($strict)) {
|
||||
return self::NOT_ALLOWED;
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ class UserFixtures extends Fixture
|
|||
$admin->setEmail("admin@mytube");
|
||||
$admin->setName("Administrator");
|
||||
$admin->setPassword($this->passwordEncoder->encodePassword($admin, "password"));
|
||||
$admin->setRoles(["ROLE_ADMIN"]);
|
||||
$admin->setRoles([User::ROLE_SUPER_ADMIN, User::ROLE_ADMIN, User::ROLE_USER]);
|
||||
$manager->persist($admin);
|
||||
|
||||
$manager->flush();
|
||||
|
|
|
@ -15,6 +15,10 @@ use Symfony\Component\Security\Core\User\UserInterface;
|
|||
*/
|
||||
class User implements UserInterface
|
||||
{
|
||||
public const ROLE_SUPER_ADMIN = "ROLE_SUPER_ADMIN";
|
||||
public const ROLE_ADMIN = "ROLE_ADMIN";
|
||||
public const ROLE_USER = "ROLE_USER";
|
||||
|
||||
/**
|
||||
* @ORM\Id
|
||||
* @ORM\Column(type="uuid", unique=true)
|
||||
|
@ -196,4 +200,9 @@ class User implements UserInterface
|
|||
$this->customId = $customId;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function isSuperAdmin(): bool
|
||||
{
|
||||
return in_array(self::ROLE_SUPER_ADMIN, $this->getRoles());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@
|
|||
data-mdb-toggle="dropdown"
|
||||
aria-expanded="false"
|
||||
onclick=""
|
||||
{% if user.id == current.id %}
|
||||
{% if (user.id == current.id) or (user.isSuperAdmin()) %}
|
||||
disabled
|
||||
{% endif %}
|
||||
>
|
||||
|
|
Loading…
Reference in a new issue