Charles-Edouard
/
Easy_solution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Review of access logic

This commit is contained in:
Charles 2025-08-07 12:03:02 +02:00
parent b81b168ec3
commit 3f55eefddc
2 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/Controller/UserController.php
View File

@ -65,9 +65,6 @@ class UserController extends AbstractController
#[Route('/{id}', name: 'show', requirements: ['id' => '\d+'], methods: ['GET'])]
public function show(int $id, EntityManagerInterface $entityManager, Request $request): Response
{
if (!$this->isGranted('ROLE_ADMIN')) {
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
}
$user = $entityManager->getRepository(User::class)->find($id);
if (!$user) {
@ -79,6 +76,24 @@ class UserController extends AbstractController
$userOrganizations = $this->userOrganizationService->getUserOrganizations($user);
}
$actingUser = $this->getUser() ?? throw $this->createNotFoundException(self::NOT_FOUND);
$actingUser = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $actingUser->getUserIdentifier()]);
$isSameUser = $user->getUserIdentifier() === $actingUser->getUserIdentifier();
$isAdminOrg = false;
foreach ($userOrganizations as $userOrganization) {
$organization = $userOrganization['organization'];
if ($this->userService->isUserAdminInOrganization($actingUser->getId(), $organization->getId())) {
$isAdminOrg = true;
break;
}
}
if (!$this->isGranted('ROLE_SUPER_ADMIN') &&
!$isSameUser &&
!$isAdminOrg) {
throw $this->createAccessDeniedException(self::ACCESS_DENIED);
}
return $this->render('user/show.html.twig', [
'user' => $user,
'userOrganizations' => $userOrganizations,

10
src/Service/UserService.php
View File

@ -51,13 +51,13 @@ class UserService
if (!$organization) {
return false;
}
$roleAdmin = $this->entityManager->getRepository(Roles::class)->findBy(['name'=> 'ADMIN']);
$roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name'=> 'ADMIN']);
// Check if the user is an admin in the organization
return empty($this->entityManager->getRepository(UsersOrganizations::class)->findBy([
'userId' => $userId,
'organizationId' => $organizationId,
'roleId' => $roleAdmin[0]->getId()]));
return !empty($this->entityManager->getRepository(UsersOrganizations::class)->findBy([
'users' => $user,
'organization' => $organization,
'role' => $roleAdmin]));
}