Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-14 06:14:23 +00:00
Code Issues Actions Projects Releases Wiki Activity

allow report edit w/ scope + add deny statements

Browse Source 
[ci skip]
This commit is contained in:
Julien Fastré 2015-06-25 22:42:19 +02:00
parent 8445e81d44
commit c10445c8a4
2 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
Controller/ReportController.php
View File

@ -45,9 +45,15 @@ class ReportController extends Controller
{ {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$reports = $em->getRepository('ChillReportBundle:Report')->findByPerson($person_id);
$person = $em->getRepository('ChillPersonBundle:Person')->find($person_id); $person = $em->getRepository('ChillPersonBundle:Person')->find($person_id);
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person);
$reachableScopes = $this->get('chill.main.security.authorization.helper')
->getReachableScopes($this->getUser(), new Role('CHILL_REPORT_SEE'),
$person->getCenter());
$reports = $em->getRepository('ChillReportBundle:Report')
->findBy(array('person' => $person, 'scope' => $reachableScopes));
return $this->render('ChillReportBundle:Report:list.html.twig', array( return $this->render('ChillReportBundle:Report:list.html.twig', array(
'reports' => $reports, 'reports' => $reports,
@ -194,7 +200,7 @@ class ReportController extends Controller
{ {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$person = $em->getRepository('ChillPersonBundle:Person')->find($person_id); $person = $em->getRepository('ChillPersonBundle:Person')->find($person_id);
$cFGroup = $em $cFGroup = $em
->getRepository('ChillCustomFieldsBundle:CustomFieldsGroup') ->getRepository('ChillCustomFieldsBundle:CustomFieldsGroup')
->find($cf_group_id); ->find($cf_group_id);
@ -203,6 +209,8 @@ class ReportController extends Controller
throw $this->createNotFoundException("Person not found"); throw $this->createNotFoundException("Person not found");
} }
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person);
if ($cFGroup === NULL){ if ($cFGroup === NULL){
throw $this->createNotFoundException("custom fields group not found"); throw $this->createNotFoundException("custom fields group not found");
} }
@ -244,6 +252,8 @@ class ReportController extends Controller
if($person === NULL || $cFGroup === NULL) { if($person === NULL || $cFGroup === NULL) {
throw $this->createNotFoundException(); throw $this->createNotFoundException();
} }
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person);
$form = $this->createCreateForm($entity, $person, $cFGroup); $form = $this->createCreateForm($entity, $person, $cFGroup);
$form->handleRequest($request); $form->handleRequest($request);
@ -252,6 +262,8 @@ class ReportController extends Controller
$entity->setCFGroup($cFGroup); $entity->setCFGroup($cFGroup);
$entity->setPerson($person); $entity->setPerson($person);
$this->denyAccessUnlessGranted('CHILL_REPORT_CREATE', $entity);
$em->persist($entity); $em->persist($entity);
$em->flush(); $em->flush();
@ -323,6 +335,8 @@ class ReportController extends Controller
throw $this->createNotFoundException( throw $this->createNotFoundException(
$this->get('translator')->trans('Unable to find this report.')); $this->get('translator')->trans('Unable to find this report.'));
} }
$this->denyAccessUnlessGranted('CHILL_REPORT_SEE', $entity);
return $this->render('ChillReportBundle:Report:view.html.twig', array( return $this->render('ChillReportBundle:Report:view.html.twig', array(
'entity' => $entity, 'entity' => $entity,
@ -352,10 +366,12 @@ class ReportController extends Controller
throw new \RuntimeException( throw new \RuntimeException(
$this->get('translator')->trans('This is not the report of the person.'), 1); $this->get('translator')->trans('This is not the report of the person.'), 1);
} }
$this->denyAccessUnlessGranted('CHILL_REPORT_UPDATE', $report);
$person = $report->getPerson(); $person = $report->getPerson();
$editForm = $this->createEditForm($report, $person->getId()); $editForm = $this->createEditForm($report);
return $this->render('ChillReportBundle:Report:edit.html.twig', array( return $this->render('ChillReportBundle:Report:edit.html.twig', array(
'edit_form' => $editForm->createView(), 'edit_form' => $editForm->createView(),
@ -370,14 +386,16 @@ class ReportController extends Controller
* @param integer $person_id The id of the person. * @param integer $person_id The id of the person.
* @return \Symfony\Component\Form\Form The form * @return \Symfony\Component\Form\Form The form
*/ */
private function createEditForm(Report $entity, $person_id) private function createEditForm(Report $entity)
{ {
$form = $this->createForm(new ReportType(), $entity, array( $form = $this->createForm('chill_reportbundle_report', $entity, array(
'action' => $this->generateUrl('report_update', 'action' => $this->generateUrl('report_update',
array('person_id' => $person_id, 'report_id' => $entity->getId())), array('person_id' => $entity->getPerson()->getId(),
'report_id' => $entity->getId())),
'method' => 'PUT', 'method' => 'PUT',
'em' => $this->getDoctrine()->getManager(),
'cFGroup' => $entity->getCFGroup(), 'cFGroup' => $entity->getCFGroup(),
'role' => new Role('CHILL_REPORT_UPDATE'),
'center' => $entity->getPerson()->getCenter()
)); ));
return $form; return $form;
@ -400,8 +418,10 @@ class ReportController extends Controller
throw $this->createNotFoundException( throw $this->createNotFoundException(
$this->get('translator')->trans('Unable to find this report.')); $this->get('translator')->trans('Unable to find this report.'));
} }
$this->denyAccessUnlessGranted('CHILL_REPORT_UPDATE', $report);
$editForm = $this->createEditForm($report, $person_id); $editForm = $this->createEditForm($report);
$editForm->handleRequest($request); $editForm->handleRequest($request);
if ($editForm->isValid()) { if ($editForm->isValid()) {

4
Resources/views/Report/list.html.twig
View File

@ -26,7 +26,7 @@
<tr> <tr>
<th>{{ 'Date' | trans }}</th> <th>{{ 'Date' | trans }}</th>
<th>{{ 'Report type' | trans }}</th> <th>{{ 'Report type' | trans }}</th>
<!-- <th>{{ 'Report scope' | trans }}</th> --> <th>{{ 'Report scope' | trans }}</th>
<th></th> <th></th>
<th></th> <th></th>
</tr> </tr>
@ -36,7 +36,7 @@
<tr> <tr>
<td>{% if report.date %}{{ report.date|localizeddate('long', 'none') }}{% endif %}</td> <td>{% if report.date %}{{ report.date|localizeddate('long', 'none') }}{% endif %}</td>
<td>{{ report.cFGroup.getName(app.request.locale) }}</td> <td>{{ report.cFGroup.getName(app.request.locale) }}</td>
<!-- <td>{{ report.scope }}</td> --> <td>{{ report.scope.name|localize_translatable_string }}</td>
<td><a href="{{ path('report_view', { 'person_id': report.person.id, 'report_id': report.id }) }}">{{ 'View the report' | trans }}</a></td> <td><a href="{{ path('report_view', { 'person_id': report.person.id, 'report_id': report.id }) }}">{{ 'View the report' | trans }}</a></td>
<td><a href="{{ path('report_edit', { 'person_id': report.person.id, 'report_id': report.id }) }}">{{ 'Update the report' | trans }}</a></td> <td><a href="{{ path('report_edit', { 'person_id': report.person.id, 'report_id': report.id }) }}">{{ 'Update the report' | trans }}</a></td>
</tr> </tr>