diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php index 591c243..dffae42 100644 --- a/src/Controller/UserController.php +++ b/src/Controller/UserController.php @@ -49,7 +49,13 @@ class UserController extends AbstractController private readonly UserRepository $userRepository, private readonly UsersOrganizationsRepository $uoRepository, private readonly OrganizationsRepository $organizationRepository, - private readonly LoggerInterface $logger, + private readonly LoggerInterface $userManagementLogger, + private readonly LoggerInterface $organizationManagementLogger, + private readonly LoggerInterface $accessControlLogger, + private readonly LoggerInterface $EmailNotificationLogger, + private readonly LoggerInterface $adminActionsLogger, + private readonly LoggerInterface $errorLogger, + private readonly LoggerInterface $SecurityLogger, private readonly EmailService $emailService, private readonly AwsService $awsService, private readonly OrganizationsService $organizationsService, @@ -164,45 +170,79 @@ class UserController extends AbstractController #[Route('/edit/{id}', name: 'edit', methods: ['GET', 'POST'])] public function edit(int $id, Request $request): Response { - $this->denyAccessUnlessGranted('ROLE_USER'); - $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); - if ($this->userService->hasAccessTo($actingUser)) { - $user = $this->userRepository->find($id); - if (!$user) { - throw $this->createNotFoundException(self::NOT_FOUND); - } - $form = $this->createForm(UserForm::class, $user); - $form->handleRequest($request); - - if ($form->isSubmitted() && $form->isValid()) { - // Handle file upload - - $picture = $form->get('pictureUrl')->getData(); - $this->userService->formatNewUserData($user, $picture); - $user->setModifiedAt(new \DateTimeImmutable('now')); - $this->entityManager->persist($user); - $this->entityManager->flush(); - - //log and action - $this->logger->notice("User information edited for " . $user->getUserIdentifier()); - if ($request->get('organizationId')) { - $org = $this->organizationRepository->find($request->get('organizationId')); - if ($org) { - $this->actionService->createAction("Edit user information", $actingUser, $org, $user->getUserIdentifier()); - return $this->redirectToRoute('user_show', ['id' => $user->getId(), 'organizationId' => $request->get('organizationId')]); - } - } else { - $this->actionService->createAction("Edit user information", $actingUser, null, $user->getUserIdentifier()); - return $this->redirectToRoute('user_show', ['id' => $user->getId()]); + try{ + $this->denyAccessUnlessGranted('ROLE_USER'); + $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); + if ($this->userService->hasAccessTo($actingUser)) { + $user = $this->userRepository->find($id); + if (!$user) { + $this->userManagementLogger->notice('User not found for edit', [ + 'target_user_id' => $user->getId(), + 'acting_user_id' => $actingUser->getId(), + 'ip' => $request->getClientIp(), + 'timestamp' => (new \DateTimeImmutable('now'))->format(DATE_ATOM), + ]); + throw $this->createNotFoundException(self::NOT_FOUND); } - } + $form = $this->createForm(UserForm::class, $user); + $form->handleRequest($request); + $this->userManagementLogger->notice('Format test', [ + 'target_user_id' => $user->getId(), + 'acting_user_id' => $actingUser->getId(), + 'ip' => $request->getClientIp(), + 'timestamp' => (new \DateTimeImmutable('now'))->format(DATE_ATOM), + ]); - return $this->render('user/edit.html.twig', [ - 'user' => $user, - 'form' => $form->createView(), - 'organizationId' => $request->get('organizationId') - ]); + + if ($form->isSubmitted() && $form->isValid()) { + // Handle user edit + $picture = $form->get('pictureUrl')->getData(); + $this->userService->formatNewUserData($user, $picture); + $user->setModifiedAt(new \DateTimeImmutable('now')); + + $this->entityManager->persist($user); + $this->entityManager->flush(); + + //log and action + $this->userManagementLogger->notice('User information edited', [ + 'target_user_id' => $user->getId(), + 'acting_user_id' => $actingUser->getId(), + 'organization_id' => $request->get('organizationId'), + 'ip' => $request->getClientIp(), + 'timestamp' => (new \DateTimeImmutable('now'))->format(DATE_ATOM), + ]); + if ($request->get('organizationId')) { + $org = $this->organizationRepository->find($request->get('organizationId')); + if ($org) { + $this->actionService->createAction("Edit user information", $actingUser, $org, $user->getUserIdentifier()); + $this->organizationManagementLogger->info('User edited within organization context', [ + 'target_user_id' => $user->getId(), + 'organization_id' => $org->getId(), + 'acting_user' => $actingUser->getUserIdentifier(), + 'ip' => $request->getClientIp(), + ]); + return $this->redirectToRoute('user_show', ['id' => $user->getId(), 'organizationId' => $request->get('organizationId')]); + } + } else { + $this->actionService->createAction("Edit user information", $actingUser, null, $user->getUserIdentifier()); + return $this->redirectToRoute('user_show', ['id' => $user->getId()]); + } + } + + return $this->render('user/edit.html.twig', [ + 'user' => $user, + 'form' => $form->createView(), + 'organizationId' => $request->get('organizationId') + ]); + } + }catch (\Exception $e){ + $this->errorLogger->critical($e->getMessage()); } + $this->SecurityLogger->warning('Access denied on user edit', [ + 'target_user_id' => $id, + 'acting_user' => $actingUser?->getId(), + 'ip' => $request->getClientIp(), + ]); throw $this->createAccessDeniedException(self::ACCESS_DENIED); }