Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

controller to grant access to notification by access key

Browse Source
This commit is contained in:
Julien Fastré 2022-04-13 23:05:38 +02:00
parent a41d6cf744
commit e7f0cd50c9
1 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/Bundle/ChillMainBundle/Controller/NotificationController.php
View File

@ -22,6 +22,7 @@ use Chill\MainBundle\Pagination\PaginatorFactory;
use Chill\MainBundle\Repository\NotificationRepository;
use Chill\MainBundle\Security\Authorization\NotificationVoter;
use Doctrine\ORM\EntityManagerInterface;
use Psr\Log\LoggerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
@ -39,6 +40,10 @@ class NotificationController extends AbstractController
{
private EntityManagerInterface $em;
private LoggerInterface $chillLogger;
private LoggerInterface $logger;
private NotificationHandlerManager $notificationHandlerManager;
private NotificationRepository $notificationRepository;
@ -51,6 +56,8 @@ class NotificationController extends AbstractController
public function __construct(
EntityManagerInterface $em,
LoggerInterface $chillLogger,
LoggerInterface $logger,
Security $security,
NotificationRepository $notificationRepository,
NotificationHandlerManager $notificationHandlerManager,
@ -58,6 +65,8 @@ class NotificationController extends AbstractController
TranslatorInterface $translator
) {
$this->em = $em;
$this->logger = $logger;
$this->chillLogger = $chillLogger;
$this->security = $security;
$this->notificationRepository = $notificationRepository;
$this->notificationHandlerManager = $notificationHandlerManager;
@ -72,8 +81,40 @@ class NotificationController extends AbstractController
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_REMEMBERED');
return new Response('Invalid access key');
if (!$this->security->getUser() instanceof User) {
throw new AccessDeniedHttpException('You must be authenticated and a user to create a notification');
}
foreach (['accessKey', 'email'] as $param) {
if (!$request->query->has($param)) {
throw new BadRequestHttpException("Missing $param parameter");
}
}
if ($notification->getAccessKey() !== $request->query->getAlnum('accessKey')) {
throw new AccessDeniedHttpException('access key is invalid');
}
if (!in_array($request->query->get('email'), $notification->getAddressesEmails())) {
return (new Response('The email address is no more associated with this notification'))
->setStatusCode(Response::HTTP_FORBIDDEN);
}
$notification->addAddressee($this->security->getUser());
$this->getDoctrine()->getManager()->flush();
$logMsg = '[Notification] a user is granted access to notification trough an access key';
$context = [
'notificationId' => $notification->getId(),
'email' => $request->query->get('email'),
'user' => $this->security->getUser()->getId(),
];
$this->logger->info($logMsg, $context);
$this->chillLogger->info($logMsg, $context);
return $this->redirectToRoute('chill_main_notification_show', ['id' => $notification->getId()]);
}
/**