mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-06-13 13:54:23 +00:00
allow report edit w/ scope + add deny statements
[ci skip]
This commit is contained in:
parent
8445e81d44
commit
c10445c8a4
@ -45,9 +45,15 @@ class ReportController extends Controller
|
||||
{
|
||||
$em = $this->getDoctrine()->getManager();
|
||||
|
||||
$reports = $em->getRepository('ChillReportBundle:Report')->findByPerson($person_id);
|
||||
|
||||
$person = $em->getRepository('ChillPersonBundle:Person')->find($person_id);
|
||||
|
||||
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person);
|
||||
|
||||
$reachableScopes = $this->get('chill.main.security.authorization.helper')
|
||||
->getReachableScopes($this->getUser(), new Role('CHILL_REPORT_SEE'),
|
||||
$person->getCenter());
|
||||
$reports = $em->getRepository('ChillReportBundle:Report')
|
||||
->findBy(array('person' => $person, 'scope' => $reachableScopes));
|
||||
|
||||
return $this->render('ChillReportBundle:Report:list.html.twig', array(
|
||||
'reports' => $reports,
|
||||
@ -194,7 +200,7 @@ class ReportController extends Controller
|
||||
{
|
||||
$em = $this->getDoctrine()->getManager();
|
||||
|
||||
$person = $em->getRepository('ChillPersonBundle:Person')->find($person_id);
|
||||
$person = $em->getRepository('ChillPersonBundle:Person')->find($person_id);
|
||||
$cFGroup = $em
|
||||
->getRepository('ChillCustomFieldsBundle:CustomFieldsGroup')
|
||||
->find($cf_group_id);
|
||||
@ -203,6 +209,8 @@ class ReportController extends Controller
|
||||
throw $this->createNotFoundException("Person not found");
|
||||
}
|
||||
|
||||
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person);
|
||||
|
||||
if ($cFGroup === NULL){
|
||||
throw $this->createNotFoundException("custom fields group not found");
|
||||
}
|
||||
@ -244,6 +252,8 @@ class ReportController extends Controller
|
||||
if($person === NULL || $cFGroup === NULL) {
|
||||
throw $this->createNotFoundException();
|
||||
}
|
||||
|
||||
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person);
|
||||
|
||||
$form = $this->createCreateForm($entity, $person, $cFGroup);
|
||||
$form->handleRequest($request);
|
||||
@ -252,6 +262,8 @@ class ReportController extends Controller
|
||||
$entity->setCFGroup($cFGroup);
|
||||
$entity->setPerson($person);
|
||||
|
||||
$this->denyAccessUnlessGranted('CHILL_REPORT_CREATE', $entity);
|
||||
|
||||
$em->persist($entity);
|
||||
$em->flush();
|
||||
|
||||
@ -323,6 +335,8 @@ class ReportController extends Controller
|
||||
throw $this->createNotFoundException(
|
||||
$this->get('translator')->trans('Unable to find this report.'));
|
||||
}
|
||||
|
||||
$this->denyAccessUnlessGranted('CHILL_REPORT_SEE', $entity);
|
||||
|
||||
return $this->render('ChillReportBundle:Report:view.html.twig', array(
|
||||
'entity' => $entity,
|
||||
@ -352,10 +366,12 @@ class ReportController extends Controller
|
||||
throw new \RuntimeException(
|
||||
$this->get('translator')->trans('This is not the report of the person.'), 1);
|
||||
}
|
||||
|
||||
$this->denyAccessUnlessGranted('CHILL_REPORT_UPDATE', $report);
|
||||
|
||||
$person = $report->getPerson();
|
||||
|
||||
$editForm = $this->createEditForm($report, $person->getId());
|
||||
$editForm = $this->createEditForm($report);
|
||||
|
||||
return $this->render('ChillReportBundle:Report:edit.html.twig', array(
|
||||
'edit_form' => $editForm->createView(),
|
||||
@ -370,14 +386,16 @@ class ReportController extends Controller
|
||||
* @param integer $person_id The id of the person.
|
||||
* @return \Symfony\Component\Form\Form The form
|
||||
*/
|
||||
private function createEditForm(Report $entity, $person_id)
|
||||
private function createEditForm(Report $entity)
|
||||
{
|
||||
$form = $this->createForm(new ReportType(), $entity, array(
|
||||
$form = $this->createForm('chill_reportbundle_report', $entity, array(
|
||||
'action' => $this->generateUrl('report_update',
|
||||
array('person_id' => $person_id, 'report_id' => $entity->getId())),
|
||||
array('person_id' => $entity->getPerson()->getId(),
|
||||
'report_id' => $entity->getId())),
|
||||
'method' => 'PUT',
|
||||
'em' => $this->getDoctrine()->getManager(),
|
||||
'cFGroup' => $entity->getCFGroup(),
|
||||
'role' => new Role('CHILL_REPORT_UPDATE'),
|
||||
'center' => $entity->getPerson()->getCenter()
|
||||
));
|
||||
|
||||
return $form;
|
||||
@ -400,8 +418,10 @@ class ReportController extends Controller
|
||||
throw $this->createNotFoundException(
|
||||
$this->get('translator')->trans('Unable to find this report.'));
|
||||
}
|
||||
|
||||
$this->denyAccessUnlessGranted('CHILL_REPORT_UPDATE', $report);
|
||||
|
||||
$editForm = $this->createEditForm($report, $person_id);
|
||||
$editForm = $this->createEditForm($report);
|
||||
$editForm->handleRequest($request);
|
||||
|
||||
if ($editForm->isValid()) {
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
<tr>
|
||||
<th>{{ 'Date' | trans }}</th>
|
||||
<th>{{ 'Report type' | trans }}</th>
|
||||
<!-- <th>{{ 'Report scope' | trans }}</th> -->
|
||||
<th>{{ 'Report scope' | trans }}</th>
|
||||
<th></th>
|
||||
<th></th>
|
||||
</tr>
|
||||
@ -36,7 +36,7 @@
|
||||
<tr>
|
||||
<td>{% if report.date %}{{ report.date|localizeddate('long', 'none') }}{% endif %}</td>
|
||||
<td>{{ report.cFGroup.getName(app.request.locale) }}</td>
|
||||
<!-- <td>{{ report.scope }}</td> -->
|
||||
<td>{{ report.scope.name|localize_translatable_string }}</td>
|
||||
<td><a href="{{ path('report_view', { 'person_id': report.person.id, 'report_id': report.id }) }}">{{ 'View the report' | trans }}</a></td>
|
||||
<td><a href="{{ path('report_edit', { 'person_id': report.person.id, 'report_id': report.id }) }}">{{ 'Update the report' | trans }}</a></td>
|
||||
</tr>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user