Review of access logic
This commit is contained in:
parent
b81b168ec3
commit
3f55eefddc
|
|
@ -65,9 +65,6 @@ class UserController extends AbstractController
|
|||
#[Route('/{id}', name: 'show', requirements: ['id' => '\d+'], methods: ['GET'])]
|
||||
public function show(int $id, EntityManagerInterface $entityManager, Request $request): Response
|
||||
{
|
||||
if (!$this->isGranted('ROLE_ADMIN')) {
|
||||
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
|
||||
}
|
||||
|
||||
$user = $entityManager->getRepository(User::class)->find($id);
|
||||
if (!$user) {
|
||||
|
|
@ -79,6 +76,24 @@ class UserController extends AbstractController
|
|||
$userOrganizations = $this->userOrganizationService->getUserOrganizations($user);
|
||||
}
|
||||
|
||||
$actingUser = $this->getUser() ?? throw $this->createNotFoundException(self::NOT_FOUND);
|
||||
$actingUser = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $actingUser->getUserIdentifier()]);
|
||||
|
||||
$isSameUser = $user->getUserIdentifier() === $actingUser->getUserIdentifier();
|
||||
$isAdminOrg = false;
|
||||
foreach ($userOrganizations as $userOrganization) {
|
||||
$organization = $userOrganization['organization'];
|
||||
if ($this->userService->isUserAdminInOrganization($actingUser->getId(), $organization->getId())) {
|
||||
$isAdminOrg = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!$this->isGranted('ROLE_SUPER_ADMIN') &&
|
||||
!$isSameUser &&
|
||||
!$isAdminOrg) {
|
||||
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
|
||||
}
|
||||
|
||||
return $this->render('user/show.html.twig', [
|
||||
'user' => $user,
|
||||
'userOrganizations' => $userOrganizations,
|
||||
|
|
@ -126,7 +141,7 @@ class UserController extends AbstractController
|
|||
} else {
|
||||
$user = $this->getUser() ?? throw $this->createNotFoundException(self::NOT_FOUND);
|
||||
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $user->getUserIdentifier()]);
|
||||
$this->actionService->createAction("Création d'une organisation",$user, null, "{$user->getIdentifier()} à ajouter l'utilisateur {$data->getUserIdentifier()} sans organisation");
|
||||
$this->actionService->createAction("Création d'une organisation", $user, null, "{$user->getIdentifier()} à ajouter l'utilisateur {$data->getUserIdentifier()} sans organisation");
|
||||
}
|
||||
$this->entityManager->persist($data);
|
||||
|
||||
|
|
@ -172,7 +187,7 @@ class UserController extends AbstractController
|
|||
|
||||
$user = $this->getUser() ?? throw $this->createNotFoundException(self::NOT_FOUND);
|
||||
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $user->getUserIdentifier()]);
|
||||
$this->actionService->createAction("Création d'une organisation",$user, null, "{$user->getIdentifier()} a modifié l'utilisateur {$user->getUserIdentifier()}");
|
||||
$this->actionService->createAction("Création d'une organisation", $user, null, "{$user->getIdentifier()} a modifié l'utilisateur {$user->getUserIdentifier()}");
|
||||
$entityManager->flush();
|
||||
|
||||
//Redirect to user profile after successful edit
|
||||
|
|
@ -210,7 +225,7 @@ class UserController extends AbstractController
|
|||
// Log the action
|
||||
$user = $this->getUser() ?? throw $this->createNotFoundException(self::NOT_FOUND);
|
||||
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $user->getUserIdentifier()]);
|
||||
$this->actionService->createAction("Création d'une organisation",$user, null, "{$user->getIdentifier()} a supprimé l'utilisateur {$user->getUserIdentifier()}");
|
||||
$this->actionService->createAction("Création d'une organisation", $user, null, "{$user->getIdentifier()} a supprimé l'utilisateur {$user->getUserIdentifier()}");
|
||||
$entityManager->flush();
|
||||
|
||||
return $this->redirectToRoute('user_index');
|
||||
|
|
@ -263,7 +278,7 @@ class UserController extends AbstractController
|
|||
// Log the action
|
||||
$user = $this->getUser() ?? throw $this->createNotFoundException(self::NOT_FOUND);
|
||||
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $user->getUserIdentifier()]);
|
||||
$this->actionService->createAction("Création d'une organisation",$user, null, "{$user->getIdentifier()} a désactivé l'utilisateur {$user->getUserIdentifier()}");
|
||||
$this->actionService->createAction("Création d'une organisation", $user, null, "{$user->getIdentifier()} a désactivé l'utilisateur {$user->getUserIdentifier()}");
|
||||
$entityManager->flush();
|
||||
return $this->redirectToRoute('user_index');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,13 +51,13 @@ class UserService
|
|||
if (!$organization) {
|
||||
return false;
|
||||
}
|
||||
$roleAdmin = $this->entityManager->getRepository(Roles::class)->findBy(['name'=> 'ADMIN']);
|
||||
$roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name'=> 'ADMIN']);
|
||||
|
||||
// Check if the user is an admin in the organization
|
||||
return empty($this->entityManager->getRepository(UsersOrganizations::class)->findBy([
|
||||
'userId' => $userId,
|
||||
'organizationId' => $organizationId,
|
||||
'roleId' => $roleAdmin[0]->getId()]));
|
||||
return !empty($this->entityManager->getRepository(UsersOrganizations::class)->findBy([
|
||||
'users' => $user,
|
||||
'organization' => $organization,
|
||||
'role' => $roleAdmin]));
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue