oupson
/
cc34
mirror of https://pdicost.univ-orleans.fr/git/scm/wfcc/cc34.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ajout d'une contrainte qui empeche un instructeur de supprimer/modifier un atelier qu'il n'a pas crée pour la question 10

This commit is contained in:
François ZHU 2023-02-08 17:23:09 +00:00
parent 024bbc5d55
commit 2d049fb031
8 changed files with 623 additions and 606 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.idea/cc34.iml
View File

@ -133,9 +133,10 @@
<excludeFolder url="file://$MODULE_DIR$/vendor/sebastian/exporter" />
<excludeFolder url="file://$MODULE_DIR$/vendor/sebastian/code-unit-reverse-lookup" />
<excludeFolder url="file://$MODULE_DIR$/vendor/symfony/webpack-encore-bundle" />
<excludeFolder url="file://$MODULE_DIR$/vendor/fakerphp/faker" />
<excludeFolder url="file://$MODULE_DIR$/vendor/doctrine/doctrine-fixtures-bundle" />
<excludeFolder url="file://$MODULE_DIR$/vendor/doctrine/data-fixtures" />
<excludeFolder url="file://$MODULE_DIR$/vendor/doctrine/doctrine-fixtures-bundle" />
<excludeFolder url="file://$MODULE_DIR$/vendor/fakerphp/faker" />
<excludeFolder url="file://$MODULE_DIR$/vendor/cebe/markdown" />
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />

1
.idea/php.xml
View File

@ -143,6 +143,7 @@
<path value="$PROJECT_DIR$/vendor/fakerphp/faker" />
<path value="$PROJECT_DIR$/vendor/doctrine/doctrine-fixtures-bundle" />
<path value="$PROJECT_DIR$/vendor/doctrine/data-fixtures" />
<path value="$PROJECT_DIR$/vendor/cebe/markdown" />
</include_path>
</component>
<component name="PhpProjectSharedConfiguration" php_language_level="8.1" />

8
src/Controller/AtelierController.php
View File

@ -56,6 +56,10 @@ class AtelierController extends AbstractController
#[Route('/{id}/edit', name: 'app_atelier_edit', methods: ['GET', 'POST'])]
public function edit(Request $request, Atelier $atelier, AtelierRepository $atelierRepository): Response
{
if ($atelier->getInstructeur() !== $this->getUser()) {
return $this->render("error.html.twig", [], new Response(null, Response::HTTP_FORBIDDEN));
}
$form = $this->createForm(AtelierType::class, $atelier);
$form->handleRequest($request);
@ -75,6 +79,10 @@ class AtelierController extends AbstractController
#[Route('/{id}', name: 'app_atelier_delete', methods: ['POST'])]
public function delete(Request $request, Atelier $atelier, AtelierRepository $atelierRepository): Response
{
if ($atelier->getInstructeur() !== $this->getUser()) {
return $this->render("error.html.twig", [], new Response(null, Response::HTTP_FORBIDDEN));
}
if ($this->isCsrfTokenValid('delete' . $atelier->getId(), $request->request->get('_token'))) {
$atelierRepository->remove($atelier, true);
}

7
templates/error.html.twig Normal file
View File

@ -0,0 +1,7 @@
{% extends 'base.html.twig' %}
{% block title %}Hello PagesController!{% endblock %}
{% block body %}
<h1>Vous n'avez pas le droit de faire ceci !</h1>
{% endblock %}