X-Git-Url: https://git.rapsys.eu/airbundle/blobdiff_plain/46821e617bffafd12f7d73d9ba47cc021604e9b2..bc28bb466c3b8f25bdee997270890297d6086a00:/Controller/UserController.php diff --git a/Controller/UserController.php b/Controller/UserController.php index 42023d4..7d38c02 100644 --- a/Controller/UserController.php +++ b/Controller/UserController.php @@ -4,12 +4,15 @@ namespace Rapsys\AirBundle\Controller; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Routing\RequestContext; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; -use Rapsys\AirBundle\Entity\Slot; -use Rapsys\AirBundle\Entity\Session; + +use Rapsys\AirBundle\Entity\Civility; use Rapsys\AirBundle\Entity\Location; -use Rapsys\AirBundle\Entity\User; +use Rapsys\AirBundle\Entity\Session; +use Rapsys\AirBundle\Entity\Slot; use Rapsys\AirBundle\Entity\Snippet; +use Rapsys\AirBundle\Entity\User; class UserController extends DefaultController { /** @@ -25,11 +28,21 @@ class UserController extends DefaultController { //Fetch doctrine $doctrine = $this->getDoctrine(); - //Set section - $section = $this->translator->trans('Libre Air users'); + //With admin role + if ($this->isGranted('ROLE_ADMIN')) { + //Set section + $section = $this->translator->trans('Libre Air users'); - //Set description - $this->context['description'] = $this->translator->trans('Libre Air user list'); + //Set description + $this->context['description'] = $this->translator->trans('Libre Air user list'); + //Without admin role + } else { + //Set section + $section = $this->translator->trans('Libre Air organizers'); + + //Set description + $this->context['description'] = $this->translator->trans('Libre Air organizers list'); + } //Set keywords $this->context['keywords'] = [ @@ -57,10 +70,14 @@ class UserController extends DefaultController { ) ); + //With admin role + if ($this->isGranted('ROLE_ADMIN')) { + //Display all users + $this->context['groups'] = $users; //Without admin role - if (!$this->isGranted('ROLE_ADMIN')) { - //Remove users - unset($users[$this->translator->trans('User')]); + } else { + //Only display senior organizers + $this->context['users'] = $users[$this->translator->trans('Senior')]; } //Fetch locations @@ -68,7 +85,7 @@ class UserController extends DefaultController { $locations = $doctrine->getRepository(Location::class)->findTranslatedSortedByPeriod($this->translator, $period); //Render the view - return $this->render('@RapsysAir/user/index.html.twig', ['title' => $title, 'section' => $section, 'users' => $users, 'locations' => $locations]+$this->context); + return $this->render('@RapsysAir/user/index.html.twig', ['title' => $title, 'section' => $section, 'locations' => $locations]+$this->context); } /** @@ -90,15 +107,15 @@ class UserController extends DefaultController { throw $this->createNotFoundException($this->translator->trans('Unable to find user: %id%', ['%id%' => $id])); } - //Prevent non admin access to non guest users - if (!$this->isGranted('ROLE_ADMIN')) { - //Get user token - $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles()); + //Get user token + $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles()); - //Check if guest access - if (!($isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']))) { - throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %id%', ['%id%' => $id])); - } + //Check if guest + $isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']); + + //Prevent access when not admin, user is not guest and not currently logged user + if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) { + throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %id%', ['%id%' => $id])); } //Set section @@ -132,14 +149,121 @@ class UserController extends DefaultController { //Fetch calendar //TODO: highlight with current session route parameter - $calendar = $doctrine->getRepository(Session::class)->fetchUserCalendarByDatePeriod($this->translator, $period, $id, $request->get('session')); + $calendar = $doctrine->getRepository(Session::class)->fetchUserCalendarByDatePeriod($this->translator, $period, $isGuest?$id:null, $request->get('session')); //Fetch locations //XXX: we want to display all active locations anyway $locations = $doctrine->getRepository(Location::class)->findTranslatedSortedByPeriod($this->translator, $period, $id); + //Create user form for admin or current user + if ($this->isGranted('ROLE_ADMIN') || $user == $this->getUser()) { + //Create SnippetType form + $userForm = $this->createForm('Rapsys\AirBundle\Form\RegisterType', $user, [ + //Set action + 'action' => $this->generateUrl('rapsys_air_user_view', ['id' => $id]), + //Set the form attribute + 'attr' => [ 'class' => 'col' ], + //Set civility class + 'civility_class' => Civility::class, + //Disable mail + 'mail' => $this->isGranted('ROLE_ADMIN'), + //Disable password + 'password' => false + ]); + + //Init user to context + $this->context['forms']['user'] = $userForm->createView(); + + //Check if submitted + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $userForm->handleRequest($request); + + //Handle invalid form + if (!$userForm->isSubmitted() || !$userForm->isValid()) { + //Render the view + return $this->render('@RapsysAir/user/view.html.twig', ['id' => $id, 'title' => $title, 'section' => $section, 'calendar' => $calendar, 'locations' => $locations]+$this->context); + } + + //Get data + $data = $userForm->getData(); + + //Get manager + $manager = $doctrine->getManager(); + + //Queue snippet save + $manager->persist($data); + + //Flush to get the ids + $manager->flush(); + + //Add notice + $this->addFlash('notice', $this->translator->trans('User %id% updated', ['%id%' => $id])); + + //Extract and process referer + if ($referer = $request->headers->get('referer')) { + //Create referer request instance + $req = Request::create($referer); + + //Get referer path + $path = $req->getPathInfo(); + + //Get referer query string + $query = $req->getQueryString(); + + //Remove script name + $path = str_replace($request->getScriptName(), '', $path); + + //Try with referer path + try { + //Save old context + $oldContext = $this->router->getContext(); + + //Force clean context + //XXX: prevent MethodNotAllowedException because current context method is POST in onevendor/symfony/routing/Matcher/Dumper/CompiledUrlMatcherTrait.php+42 + $this->router->setContext(new RequestContext()); + + //Retrieve route matching path + $route = $this->router->match($path); + + //Reset context + $this->router->setContext($oldContext); + + //Clear old context + unset($oldContext); + + //Extract name + $name = $route['_route']; + + //Remove route and controller from route defaults + unset($route['_route'], $route['_controller']); + + //Check if user view route + if ($name == 'rapsys_air_user_view' && !empty($route['id'])) { + //Replace id + $route['id'] = $data->getId(); + //Other routes + } else { + //Set user + $route['user'] = $data->getId(); + } + + //Generate url + return $this->redirectToRoute($name, $route); + //No route matched + } catch(MethodNotAllowedException|ResourceNotFoundException $e) { + //Unset referer to fallback to default route + unset($referer); + } + } + + //Redirect to cleanup the form + return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]); + } + } + //Create snippet forms for role_guest - if ($this->isGranted('ROLE_GUEST')) { + if ($this->isGranted('ROLE_ADMIN') || ($this->isGranted('ROLE_GUEST') && $user == $this->getUser())) { //Fetch all user snippet $snippets = $doctrine->getRepository(Snippet::class)->findByLocaleUserId($request->getLocale(), $id); @@ -169,23 +293,15 @@ class UserController extends DefaultController { } //Create SnippetType form - #$form = $this->createForm('Rapsys\AirBundle\Form\SnippetType', $snippet, [ $form = $this->container->get('form.factory')->createNamed('snipped_'.$request->getLocale().'_'.$locationId, 'Rapsys\AirBundle\Form\SnippetType', $snippet, [ //Set the action - //TODO: voir si on peut pas faire sauter ça ici 'action' => !empty($snippet->getId()) ? $this->generateUrl('rapsys_air_snippet_edit', ['id' => $snippet->getId()]) : $this->generateUrl('rapsys_air_snippet_add', ['location' => $locationId]), - #'action' => $this->generateUrl('rapsys_air_snippet_add'), //Set the form attribute - 'attr' => [], - //Set csrf_token_id - //TODO: would maybe need a signature field - //'csrf_token_id' => $request->getLocale().'_'.$id.'_'.$locationId + 'attr' => [] ]); - #return $this->container->get('form.factory')->create($type, $data, $options); - #public function createNamed($name, $type = 'Symfony\Component\Form\Extension\Core\Type\FormType', $data = null, array $options = []); //Add form to context $this->context['forms']['snippets'][$locationId] = $form->createView();