Charles-Edouard
/
Easy_solution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Review of access logic

This commit is contained in:
Charles 2025-08-07 12:03:02 +02:00
parent b81b168ec3
commit 3f55eefddc
2 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/Controller/UserController.php
View File

@ -65,9 +65,6 @@ class UserController extends AbstractController
#[Route('/{id}', name: 'show', requirements: ['id' => '\d+'], methods: ['GET'])] #[Route('/{id}', name: 'show', requirements: ['id' => '\d+'], methods: ['GET'])]
public function show(int $id, EntityManagerInterface $entityManager, Request $request): Response public function show(int $id, EntityManagerInterface $entityManager, Request $request): Response
{ {
if (!$this->isGranted('ROLE_ADMIN')) {
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
}
$user = $entityManager->getRepository(User::class)->find($id); $user = $entityManager->getRepository(User::class)->find($id);
if (!$user) { if (!$user) {
@ -79,6 +76,24 @@ class UserController extends AbstractController
$userOrganizations = $this->userOrganizationService->getUserOrganizations($user); $userOrganizations = $this->userOrganizationService->getUserOrganizations($user);
} }
$actingUser = $this->getUser() ?? throw $this->createNotFoundException(self::NOT_FOUND);
$actingUser = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $actingUser->getUserIdentifier()]);
$isSameUser = $user->getUserIdentifier() === $actingUser->getUserIdentifier();
$isAdminOrg = false;
foreach ($userOrganizations as $userOrganization) {
$organization = $userOrganization['organization'];
if ($this->userService->isUserAdminInOrganization($actingUser->getId(), $organization->getId())) {
$isAdminOrg = true;
break;
}
}
if (!$this->isGranted('ROLE_SUPER_ADMIN') &&
!$isSameUser &&
!$isAdminOrg) {
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
}
return $this->render('user/show.html.twig', [ return $this->render('user/show.html.twig', [
'user' => $user, 'user' => $user,
'userOrganizations' => $userOrganizations, 'userOrganizations' => $userOrganizations,

10
src/Service/UserService.php
View File

@ -51,13 +51,13 @@ class UserService
if (!$organization) { if (!$organization) {
return false; return false;
} }
$roleAdmin = $this->entityManager->getRepository(Roles::class)->findBy(['name'=> 'ADMIN']); $roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name'=> 'ADMIN']);
// Check if the user is an admin in the organization // Check if the user is an admin in the organization
return empty($this->entityManager->getRepository(UsersOrganizations::class)->findBy([ return !empty($this->entityManager->getRepository(UsersOrganizations::class)->findBy([
'userId' => $userId, 'users' => $user,
'organizationId' => $organizationId, 'organization' => $organization,
'roleId' => $roleAdmin[0]->getId()])); 'role' => $roleAdmin]));
} }