]> Raphaël G. Git Repositories - airbundle/blob - Controller/UserController.php
Restrict selectable locations for users without admin role
[airbundle] / Controller / UserController.php
1 <?php
2
3 namespace Rapsys\AirBundle\Controller;
4
5 use Symfony\Component\HttpFoundation\Request;
6 use Symfony\Component\HttpFoundation\Response;
7 use Symfony\Component\Routing\RequestContext;
8 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
9 use Rapsys\AirBundle\Entity\Slot;
10 use Rapsys\AirBundle\Entity\Session;
11 use Rapsys\AirBundle\Entity\Location;
12 use Rapsys\AirBundle\Entity\User;
13 use Rapsys\AirBundle\Entity\Snippet;
14
15 class UserController extends DefaultController {
16 /**
17 * List all users
18 *
19 * @desc Display all user with a group listed as users
20 *
21 * @param Request $request The request instance
22 *
23 * @return Response The rendered view
24 */
25 public function index(Request $request): Response {
26 //Fetch doctrine
27 $doctrine = $this->getDoctrine();
28
29 //Set section
30 $section = $this->translator->trans('Libre Air users');
31
32 //Set description
33 $this->context['description'] = $this->translator->trans('Libre Air user list');
34
35 //Set keywords
36 $this->context['keywords'] = [
37 $this->translator->trans('users'),
38 $this->translator->trans('user list'),
39 $this->translator->trans('listing'),
40 $this->translator->trans('Libre Air')
41 ];
42
43 //Set title
44 $title = $this->translator->trans($this->config['site']['title']).' - '.$section;
45
46 //Fetch users
47 $users = $doctrine->getRepository(User::class)->findUserGroupedByTranslatedGroup($this->translator);
48
49 //Compute period
50 $period = new \DatePeriod(
51 //Start from first monday of week
52 new \DateTime('Monday this week'),
53 //Iterate on each day
54 new \DateInterval('P1D'),
55 //End with next sunday and 4 weeks
56 new \DateTime(
57 $this->isGranted('IS_AUTHENTICATED_REMEMBERED')?'Monday this week + 3 week':'Monday this week + 2 week'
58 )
59 );
60
61 //Without admin role
62 if (!$this->isGranted('ROLE_ADMIN')) {
63 //Remove users
64 unset($users[$this->translator->trans('User')]);
65 }
66
67 //Fetch locations
68 //XXX: we want to display all active locations anyway
69 $locations = $doctrine->getRepository(Location::class)->findTranslatedSortedByPeriod($this->translator, $period);
70
71 //Render the view
72 return $this->render('@RapsysAir/user/index.html.twig', ['title' => $title, 'section' => $section, 'users' => $users, 'locations' => $locations]+$this->context);
73 }
74
75 /**
76 * List all sessions for the user
77 *
78 * @desc Display all sessions for the user with an application or login form
79 *
80 * @param Request $request The request instance
81 * @param int $id The user id
82 *
83 * @return Response The rendered view
84 */
85 public function view(Request $request, $id): Response {
86 //Fetch doctrine
87 $doctrine = $this->getDoctrine();
88
89 //Fetch user
90 if (empty($user = $doctrine->getRepository(User::class)->findOneById($id))) {
91 throw $this->createNotFoundException($this->translator->trans('Unable to find user: %id%', ['%id%' => $id]));
92 }
93
94 //Get user token
95 $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles());
96
97 //Check if guest
98 $isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']);
99
100 //Prevent access when not admin, user is not guest and not currently logged user
101 if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) {
102 throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %id%', ['%id%' => $id]));
103 }
104
105 //Set section
106 $section = $user->getPseudonym();
107
108 //Set title
109 $title = $this->translator->trans($this->config['site']['title']).' - '.$section;
110
111 //Set description
112 $this->context['description'] = $this->translator->trans('%pseudonym% outdoor Argentine Tango session calendar', [ '%pseudonym%' => $user->getPseudonym() ]);
113
114 //Set keywords
115 $this->context['keywords'] = [
116 $user->getPseudonym(),
117 $this->translator->trans('outdoor'),
118 $this->translator->trans('Argentine Tango'),
119 $this->translator->trans('calendar')
120 ];
121
122 //Compute period
123 $period = new \DatePeriod(
124 //Start from first monday of week
125 new \DateTime('Monday this week'),
126 //Iterate on each day
127 new \DateInterval('P1D'),
128 //End with next sunday and 4 weeks
129 new \DateTime(
130 $this->isGranted('IS_AUTHENTICATED_REMEMBERED')?'Monday this week + 3 week':'Monday this week + 2 week'
131 )
132 );
133
134 //Fetch calendar
135 //TODO: highlight with current session route parameter
136 $calendar = $doctrine->getRepository(Session::class)->fetchUserCalendarByDatePeriod($this->translator, $period, $isGuest?$id:null, $request->get('session'));
137
138 //Fetch locations
139 //XXX: we want to display all active locations anyway
140 $locations = $doctrine->getRepository(Location::class)->findTranslatedSortedByPeriod($this->translator, $period, $id);
141
142 //Create user form for admin or current user
143 if ($this->isGranted('ROLE_ADMIN') || $user == $this->getUser()) {
144 //Create SnippetType form
145 $userForm = $this->createForm('Rapsys\AirBundle\Form\RegisterType', $user, [
146 //Set action
147 'action' => $this->generateUrl('rapsys_air_user_view', ['id' => $id]),
148 //Set the form attribute
149 'attr' => [ 'class' => 'col' ],
150 //Disable mail
151 'mail' => $this->isGranted('ROLE_ADMIN'),
152 //Disable password
153 'password' => false
154 ]);
155
156 //Init user to context
157 $this->context['forms']['user'] = $userForm->createView();
158
159 //Check if submitted
160 if ($request->isMethod('POST')) {
161 //Refill the fields in case the form is not valid.
162 $userForm->handleRequest($request);
163
164 //Handle invalid form
165 if (!$userForm->isSubmitted() || !$userForm->isValid()) {
166 //Render the view
167 return $this->render('@RapsysAir/user/view.html.twig', ['id' => $id, 'title' => $title, 'section' => $section, 'calendar' => $calendar, 'locations' => $locations]+$this->context);
168 }
169
170 //Get data
171 $data = $userForm->getData();
172
173 //Get manager
174 $manager = $doctrine->getManager();
175
176 //Queue snippet save
177 $manager->persist($data);
178
179 //Flush to get the ids
180 $manager->flush();
181
182 //Add notice
183 $this->addFlash('notice', $this->translator->trans('User %id% updated', ['%id%' => $id]));
184
185 //Extract and process referer
186 if ($referer = $request->headers->get('referer')) {
187 //Create referer request instance
188 $req = Request::create($referer);
189
190 //Get referer path
191 $path = $req->getPathInfo();
192
193 //Get referer query string
194 $query = $req->getQueryString();
195
196 //Remove script name
197 $path = str_replace($request->getScriptName(), '', $path);
198
199 //Try with referer path
200 try {
201 //Save old context
202 $oldContext = $this->router->getContext();
203
204 //Force clean context
205 //XXX: prevent MethodNotAllowedException because current context method is POST in onevendor/symfony/routing/Matcher/Dumper/CompiledUrlMatcherTrait.php+42
206 $this->router->setContext(new RequestContext());
207
208 //Retrieve route matching path
209 $route = $this->router->match($path);
210
211 //Reset context
212 $this->router->setContext($oldContext);
213
214 //Clear old context
215 unset($oldContext);
216
217 //Extract name
218 $name = $route['_route'];
219
220 //Remove route and controller from route defaults
221 unset($route['_route'], $route['_controller']);
222
223 //Check if user view route
224 if ($name == 'rapsys_air_user_view' && !empty($route['id'])) {
225 //Replace id
226 $route['id'] = $data->getId();
227 //Other routes
228 } else {
229 //Set user
230 $route['user'] = $data->getId();
231 }
232
233 //Generate url
234 return $this->redirectToRoute($name, $route);
235 //No route matched
236 } catch(MethodNotAllowedException|ResourceNotFoundException $e) {
237 //Unset referer to fallback to default route
238 unset($referer);
239 }
240 }
241
242 //Redirect to cleanup the form
243 return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]);
244 }
245 }
246
247 //Create snippet forms for role_guest
248 if ($this->isGranted('ROLE_ADMIN') || ($this->isGranted('ROLE_GUEST') && $user == $this->getUser())) {
249 //Fetch all user snippet
250 $snippets = $doctrine->getRepository(Snippet::class)->findByLocaleUserId($request->getLocale(), $id);
251
252 //Rekey by location id
253 $snippets = array_reduce($snippets, function($carry, $item){$carry[$item->getLocation()->getId()] = $item; return $carry;}, []);
254
255 //Init snippets to context
256 $this->context['forms']['snippets'] = [];
257
258 //Iterate on locations
259 foreach($locations as $locationId => $location) {
260 //Init snippet
261 $snippet = new Snippet();
262
263 //Set default locale
264 $snippet->setLocale($request->getLocale());
265
266 //Set default user
267 $snippet->setUser($user);
268
269 //Set default location
270 $snippet->setLocation($doctrine->getRepository(Location::class)->findOneById($locationId));
271
272 //Get snippet
273 if (!empty($snippets[$locationId])) {
274 $snippet = $snippets[$locationId];
275 }
276
277 //Create SnippetType form
278 #$form = $this->createForm('Rapsys\AirBundle\Form\SnippetType', $snippet, [
279 $form = $this->container->get('form.factory')->createNamed('snipped_'.$request->getLocale().'_'.$locationId, 'Rapsys\AirBundle\Form\SnippetType', $snippet, [
280 //Set the action
281 //TODO: voir si on peut pas faire sauter ça ici
282 'action' =>
283 !empty($snippet->getId()) ?
284 $this->generateUrl('rapsys_air_snippet_edit', ['id' => $snippet->getId()]) :
285 $this->generateUrl('rapsys_air_snippet_add', ['location' => $locationId]),
286 #'action' => $this->generateUrl('rapsys_air_snippet_add'),
287 //Set the form attribute
288 'attr' => [],
289 //Set csrf_token_id
290 //TODO: would maybe need a signature field
291 //'csrf_token_id' => $request->getLocale().'_'.$id.'_'.$locationId
292 ]);
293 #return $this->container->get('form.factory')->create($type, $data, $options);
294 #public function createNamed($name, $type = 'Symfony\Component\Form\Extension\Core\Type\FormType', $data = null, array $options = []);
295
296 //Add form to context
297 $this->context['forms']['snippets'][$locationId] = $form->createView();
298 }
299 }
300
301 //Render the view
302 return $this->render('@RapsysAir/user/view.html.twig', ['id' => $id, 'title' => $title, 'section' => $section, 'calendar' => $calendar, 'locations' => $locations]+$this->context);
303 }
304 }