From: Raphaƫl Gertz Date: Wed, 9 Dec 2020 20:22:55 +0000 (+0100) Subject: Block unsupported session timing for non admin X-Git-Url: https://git.rapsys.eu/airbundle/commitdiff_plain/a6d4380f4506309d894f7a80833bca8489b45021?hp=156169a94fbd32987e7119ab56ac7988f077cc5b Block unsupported session timing for non admin Prevent surbscribing to past date Catch method not allowed method on referer redirect Add guest restriction to one session per month per slot --- diff --git a/Controller/ApplicationController.php b/Controller/ApplicationController.php index 3690b94..8a9a8b4 100644 --- a/Controller/ApplicationController.php +++ b/Controller/ApplicationController.php @@ -5,6 +5,8 @@ namespace Rapsys\AirBundle\Controller; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\RequestContext; use Symfony\Component\Form\FormError; +use Symfony\Component\Routing\Exception\MethodNotAllowedException; +use Symfony\Component\Routing\Exception\ResourceNotFoundException; use Rapsys\AirBundle\Entity\Slot; use Rapsys\AirBundle\Entity\User; use Rapsys\AirBundle\Entity\Session; @@ -26,6 +28,11 @@ class ApplicationController extends DefaultController { //Prevent non-guest to access here $this->denyAccessUnlessGranted('ROLE_GUEST', null, $this->translator->trans('Unable to access this page without role %role%!', ['%role%' => $this->translator->trans('Guest')])); + //Reject non post requests + if (!$request->isMethod('POST')) { + throw new \RuntimeException('Request method MUST be POST'); + } + //Create ApplicationType form $form = $this->createForm('Rapsys\AirBundle\Form\ApplicationType', null, [ //Set the action @@ -41,24 +48,19 @@ class ApplicationController extends DefaultController { 'slot' => $this->getDoctrine()->getRepository(Slot::class)->findOneById(3) ]); - //Reject non post requests - if (!$request->isMethod('POST')) { - throw new \RuntimeException('Request method MUST be POST'); - } - //Refill the fields in case of invalid form $form->handleRequest($request); //Handle invalid form if (!$form->isValid()) { //Set section - $section = $this->translator->trans('Application Add'); + $section = $this->translator->trans('Application add'); //Set title $title = $section.' - '.$this->translator->trans($this->config['site']['title']); //Render the view - return $this->render('@RapsysAir/application/add.html.twig', ['title' => $title, 'section' => $section, 'form' => $form]+$this->context); + return $this->render('@RapsysAir/application/add.html.twig', ['title' => $title, 'section' => $section, 'form' => $form->createView()]+$this->context); } //Get doctrine @@ -70,6 +72,15 @@ class ApplicationController extends DefaultController { //Get data $data = $form->getData(); + //Count session at location in last month for guest + if (!$this->isGranted('ROLE_REGULAR') && !empty($session = $doctrine->getRepository(Session::class)->findOneWithinLastMonthByLocationUser($data['location']->getId(), $this->getUser()->getId()))) { + //Add warning in flash message + $this->addFlash('warning', $this->translator->trans('Monthly application %location% already exists', ['%location%' => $this->translator->trans('at '.$data['location'])])); + + //Redirect to cleanup the form + return $this->redirectToRoute('rapsys_air_session_view', ['id' => $session['id']]); + } + //Protect session fetching try { //Fetch session @@ -283,6 +294,30 @@ class ApplicationController extends DefaultController { } else { //Add error in flash message $this->addFlash('error', $this->translator->trans('Session on %date% %location% %slot% not yet supported', ['%location%' => $this->translator->trans('at '.$data['location']), '%slot%' => $this->translator->trans('the '.strtolower($data['slot'])), '%date%' => $data['date']->format('Y-m-d')])); + + //Set section + $section = $this->translator->trans('Application add'); + + //Set title + $title = $section.' - '.$this->translator->trans($this->config['site']['title']); + + //Render the view + return $this->render('@RapsysAir/application/add.html.twig', ['title' => $title, 'section' => $section, 'form' => $form->createView()]+$this->context); + } + + //Check if admin + if (!$this->isGranted('ROLE_ADMIN') && $session->getStart() < new \DateTime('00:00:00')) { + //Add error in flash message + $this->addFlash('error', $this->translator->trans('Session in the past on %date% %location% %slot% not yet supported', ['%location%' => $this->translator->trans('at '.$data['location']), '%slot%' => $this->translator->trans('the '.strtolower($data['slot'])), '%date%' => $data['date']->format('Y-m-d')])); + + //Set section + $section = $this->translator->trans('Application add'); + + //Set title + $title = $section.' - '.$this->translator->trans($this->config['site']['title']); + + //Render the view + return $this->render('@RapsysAir/application/add.html.twig', ['title' => $title, 'section' => $section, 'form' => $form->createView()]+$this->context); } //Queue session save @@ -375,7 +410,7 @@ class ApplicationController extends DefaultController { //Generate url return $this->redirectToRoute($name, ['session' => $session->getId()]+$route); //No route matched - } catch(ResourceNotFoundException $e) { + } catch(MethodNotAllowedException|ResourceNotFoundException $e) { //Unset referer to fallback to default route unset($referer); }