mirror of
https://github.com/sigmasternchen/MyTube
synced 2025-03-15 21:08:55 +00:00
don't allow deletion of super admin; also added constants for roles
This commit is contained in:
overflowerror
parent
106acf7aea
commit
012889d531
6 changed files with 27 additions and 13 deletions
|
|
@ -4,6 +4,7 @@
|
||||||
namespace App\Controller;
|
namespace App\Controller;
|
||||||
|
|
||||||
|
|
||||||
|
use App\Entity\User;
|
||||||
use App\Entity\Video;
|
use App\Entity\Video;
|
||||||
use App\Entity\VideoLink;
|
use App\Entity\VideoLink;
|
||||||
use App\Form\VideoLinkType;
|
use App\Form\VideoLinkType;
|
||||||
|
|
@ -55,7 +56,7 @@ class DashboardController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function dashboard(): Response
|
public function dashboard(): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_USER")) {
|
if (!$this->isGranted(User::ROLE_USER)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
return $this->redirectToRoute("app_login");
|
return $this->redirectToRoute("app_login");
|
||||||
}
|
}
|
||||||
|
|
@ -78,7 +79,7 @@ class DashboardController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function upload(Request $request): Response
|
public function upload(Request $request): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_USER")) {
|
if (!$this->isGranted(User::ROLE_USER)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
return $this->redirectToRoute("app_login");
|
return $this->redirectToRoute("app_login");
|
||||||
}
|
}
|
||||||
|
|
@ -110,7 +111,7 @@ class DashboardController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function editVideo(Request $request): Response
|
public function editVideo(Request $request): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_USER")) {
|
if (!$this->isGranted(User::ROLE_USER)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
return $this->redirectToRoute("app_login");
|
return $this->redirectToRoute("app_login");
|
||||||
}
|
}
|
||||||
|
|
@ -188,7 +189,7 @@ class DashboardController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function uploadStatus($videoId): Response
|
public function uploadStatus($videoId): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_USER")) {
|
if (!$this->isGranted(User::ROLE_USER)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
return $this->redirectToRoute("app_login");
|
return $this->redirectToRoute("app_login");
|
||||||
}
|
}
|
||||||
|
|
@ -218,7 +219,7 @@ class DashboardController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function showLinks(): Response
|
public function showLinks(): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_USER")) {
|
if (!$this->isGranted(User::ROLE_USER)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
return $this->redirectToRoute("app_login");
|
return $this->redirectToRoute("app_login");
|
||||||
}
|
}
|
||||||
|
|
@ -242,7 +243,7 @@ class DashboardController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function newLink(Request $request): Response
|
public function newLink(Request $request): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_USER")) {
|
if (!$this->isGranted(User::ROLE_USER)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
return $this->redirectToRoute("app_login");
|
return $this->redirectToRoute("app_login");
|
||||||
}
|
}
|
||||||
|
|
@ -331,7 +332,7 @@ class DashboardController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function editLink(Request $request): Response
|
public function editLink(Request $request): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_USER")) {
|
if (!$this->isGranted(User::ROLE_USER)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
return $this->redirectToRoute("app_login");
|
return $this->redirectToRoute("app_login");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
namespace App\Controller;
|
namespace App\Controller;
|
||||||
|
|
||||||
|
|
||||||
|
use App\Entity\User;
|
||||||
use App\Mapper\CustomUuidMapper;
|
use App\Mapper\CustomUuidMapper;
|
||||||
use App\Service\UserService;
|
use App\Service\UserService;
|
||||||
use Doctrine\DBAL\Types\ConversionException;
|
use Doctrine\DBAL\Types\ConversionException;
|
||||||
|
|
@ -59,7 +60,7 @@ class UserController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function userList(): Response
|
public function userList(): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_ADMIN")) {
|
if (!$this->isGranted(User::ROLE_ADMIN)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
throw new AccessDeniedHttpException();
|
throw new AccessDeniedHttpException();
|
||||||
}
|
}
|
||||||
|
|
@ -80,7 +81,8 @@ class UserController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function userDelete(Request $request): Response
|
public function userDelete(Request $request): Response
|
||||||
{
|
{
|
||||||
if (!$this->isGranted("ROLE_ADMIN")) {
|
|
||||||
|
if (!$this->isGranted(User::ROLE_ADMIN)) {
|
||||||
// not logged in
|
// not logged in
|
||||||
throw new AccessDeniedHttpException();
|
throw new AccessDeniedHttpException();
|
||||||
}
|
}
|
||||||
|
|
@ -111,6 +113,10 @@ class UserController extends AbstractController
|
||||||
throw new BadRequestHttpException();
|
throw new BadRequestHttpException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($user->isSuperAdmin()) {
|
||||||
|
throw new AccessDeniedHttpException();
|
||||||
|
}
|
||||||
|
|
||||||
$this->userService->delete($user);
|
$this->userService->delete($user);
|
||||||
|
|
||||||
return $this->redirectToRoute("app_user_list");
|
return $this->redirectToRoute("app_user_list");
|
||||||
|
|
|
||||||
|
|
@ -65,8 +65,6 @@ class WatchController extends AbstractController
|
||||||
return self::NOT_ALLOWED;
|
return self::NOT_ALLOWED;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: check constraints
|
|
||||||
|
|
||||||
if (!$link->viewable($strict)) {
|
if (!$link->viewable($strict)) {
|
||||||
return self::NOT_ALLOWED;
|
return self::NOT_ALLOWED;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ class UserFixtures extends Fixture
|
||||||
$admin->setEmail("admin@mytube");
|
$admin->setEmail("admin@mytube");
|
||||||
$admin->setName("Administrator");
|
$admin->setName("Administrator");
|
||||||
$admin->setPassword($this->passwordEncoder->encodePassword($admin, "password"));
|
$admin->setPassword($this->passwordEncoder->encodePassword($admin, "password"));
|
||||||
$admin->setRoles(["ROLE_ADMIN"]);
|
$admin->setRoles([User::ROLE_SUPER_ADMIN, User::ROLE_ADMIN, User::ROLE_USER]);
|
||||||
$manager->persist($admin);
|
$manager->persist($admin);
|
||||||
|
|
||||||
$manager->flush();
|
$manager->flush();
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,10 @@ use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
*/
|
*/
|
||||||
class User implements UserInterface
|
class User implements UserInterface
|
||||||
{
|
{
|
||||||
|
public const ROLE_SUPER_ADMIN = "ROLE_SUPER_ADMIN";
|
||||||
|
public const ROLE_ADMIN = "ROLE_ADMIN";
|
||||||
|
public const ROLE_USER = "ROLE_USER";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @ORM\Id
|
* @ORM\Id
|
||||||
* @ORM\Column(type="uuid", unique=true)
|
* @ORM\Column(type="uuid", unique=true)
|
||||||
|
|
@ -196,4 +200,9 @@ class User implements UserInterface
|
||||||
$this->customId = $customId;
|
$this->customId = $customId;
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isSuperAdmin(): bool
|
||||||
|
{
|
||||||
|
return in_array(self::ROLE_SUPER_ADMIN, $this->getRoles());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@
|
||||||
data-mdb-toggle="dropdown"
|
data-mdb-toggle="dropdown"
|
||||||
aria-expanded="false"
|
aria-expanded="false"
|
||||||
onclick=""
|
onclick=""
|
||||||
{% if user.id == current.id %}
|
{% if (user.id == current.id) or (user.isSuperAdmin()) %}
|
||||||
disabled
|
disabled
|
||||||
{% endif %}
|
{% endif %}
|
||||||
>
|
>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue