Ajout d'une contrainte qui empeche un instructeur de supprimer/modifier un atelier qu'il n'a pas crée pour la question 10
This commit is contained in:
parent
024bbc5d55
commit
2d049fb031
|
@ -133,9 +133,10 @@
|
|||
<excludeFolder url="file://$MODULE_DIR$/vendor/sebastian/exporter" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/sebastian/code-unit-reverse-lookup" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/symfony/webpack-encore-bundle" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/fakerphp/faker" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/doctrine/doctrine-fixtures-bundle" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/doctrine/data-fixtures" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/doctrine/doctrine-fixtures-bundle" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/fakerphp/faker" />
|
||||
<excludeFolder url="file://$MODULE_DIR$/vendor/cebe/markdown" />
|
||||
</content>
|
||||
<orderEntry type="inheritedJdk" />
|
||||
<orderEntry type="sourceFolder" forTests="false" />
|
||||
|
|
|
@ -143,6 +143,7 @@
|
|||
<path value="$PROJECT_DIR$/vendor/fakerphp/faker" />
|
||||
<path value="$PROJECT_DIR$/vendor/doctrine/doctrine-fixtures-bundle" />
|
||||
<path value="$PROJECT_DIR$/vendor/doctrine/data-fixtures" />
|
||||
<path value="$PROJECT_DIR$/vendor/cebe/markdown" />
|
||||
</include_path>
|
||||
</component>
|
||||
<component name="PhpProjectSharedConfiguration" php_language_level="8.1" />
|
||||
|
|
|
@ -56,6 +56,10 @@ class AtelierController extends AbstractController
|
|||
#[Route('/{id}/edit', name: 'app_atelier_edit', methods: ['GET', 'POST'])]
|
||||
public function edit(Request $request, Atelier $atelier, AtelierRepository $atelierRepository): Response
|
||||
{
|
||||
if ($atelier->getInstructeur() !== $this->getUser()) {
|
||||
return $this->render("error.html.twig", [], new Response(null, Response::HTTP_FORBIDDEN));
|
||||
}
|
||||
|
||||
$form = $this->createForm(AtelierType::class, $atelier);
|
||||
$form->handleRequest($request);
|
||||
|
||||
|
@ -75,6 +79,10 @@ class AtelierController extends AbstractController
|
|||
#[Route('/{id}', name: 'app_atelier_delete', methods: ['POST'])]
|
||||
public function delete(Request $request, Atelier $atelier, AtelierRepository $atelierRepository): Response
|
||||
{
|
||||
if ($atelier->getInstructeur() !== $this->getUser()) {
|
||||
return $this->render("error.html.twig", [], new Response(null, Response::HTTP_FORBIDDEN));
|
||||
}
|
||||
|
||||
if ($this->isCsrfTokenValid('delete' . $atelier->getId(), $request->request->get('_token'))) {
|
||||
$atelierRepository->remove($atelier, true);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
{% extends 'base.html.twig' %}
|
||||
|
||||
{% block title %}Hello PagesController!{% endblock %}
|
||||
|
||||
{% block body %}
|
||||
<h1>Vous n'avez pas le droit de faire ceci !</h1>
|
||||
{% endblock %}
|
Loading…
Reference in New Issue