Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-13 22:04:23 +00:00
Code Issues Actions Projects Releases Wiki Activity

Fix #552: Return AccessDeniedException when trying to access a document and user is not logged in.

Browse Source
This commit is contained in:
Pol Dellaiera 2022-04-19 15:45:47 +02:00
parent c757fa068a
commit 7048f670ed
No known key found for this signature in database
GPG Key ID: D476DFE9C67467CA
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Bundle/ChillWopiBundle/src/Controller/Test.php → src/Bundle/ChillWopiBundle/src/Controller/Editor.php
View File

@ -18,6 +18,7 @@ use Chill\DocStoreBundle\Entity\StoredObject;
use Chill\WopiBundle\Service\Controller\ResponderInterface; use Chill\WopiBundle\Service\Controller\ResponderInterface;
use Exception; use Exception;
use loophp\psr17\Psr17Interface; use loophp\psr17\Psr17Interface;
use Symfony\Component\Finder\Exception\AccessDeniedException;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
@ -28,7 +29,7 @@ use Symfony\Component\Security\Core\Security;
* @internal * @internal
* @coversNothing * @coversNothing
*/ */
final class Test final class Editor
{ {
private DocumentManagerInterface $documentManager; private DocumentManagerInterface $documentManager;
@ -64,6 +65,10 @@ final class Test
public function __invoke(string $fileId): Response public function __invoke(string $fileId): Response
{ {
if (null === $user = $this->security->getUser()->getUsername()) {
throw new AccessDeniedException('You must be logged in to access to this resource.');
}
$configuration = $this->wopiConfiguration->jsonSerialize(); $configuration = $this->wopiConfiguration->jsonSerialize();
/** @var StoredObject $storedObject */ /** @var StoredObject $storedObject */
$storedObject = $this->documentManager->findByDocumentId($fileId); $storedObject = $this->documentManager->findByDocumentId($fileId);
@ -77,7 +82,7 @@ final class Test
} }
$configuration['favIconUrl'] = ''; $configuration['favIconUrl'] = '';
$configuration['access_token'] = $this->security->getUser()->getUsername(); $configuration['access_token'] = $user;
$configuration['server'] = $this $configuration['server'] = $this
->psr17 ->psr17