update access logic

2025-07-29 16:07:51 +02:00 · 2025-07-29 16:07:51 +02:00 · cde6c529a9
parent a3f993b858
commit cde6c529a9
1 changed files with 15 additions and 20 deletions
--- a/src/Controller/OrganizationController.php
+++ b/src/Controller/OrganizationController.php
@ -2,6 +2,7 @@

 namespace App\Controller;

+use App\Entity\Roles;
 use App\Entity\UsersOrganizations;
 use App\Service\OrganizationsService;
 use App\Service\UserOrganizationService;
@ -52,35 +53,29 @@ class OrganizationController extends AbstractController
    #[Route(path: '/{id}', name: 'show', methods: ['GET'])]
    public function show(int $id): Response
    {
-        if (!$this->isGranted('ROLE_ADMIN')) {
+        if ($this->isGranted('ROLE_ADMIN')) {
            $user = $this->getUser();
            if (!$user) {
                return $this->redirectToRoute('app_login');
            }
-            $userIdentifier = $user->getUserIdentifier();
-
-            $organization = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy([
-                'userEmail' => $userIdentifier,
+            $roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name' => 'ADMIN']);
+            $uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy([
+                'users' => $user,
                'organization' => $id,
-                'roleName' => 'ADMIN'
+                'role' => $roleAdmin
            ]);
-
-            if (!$organization) {
+            if (!$uo) {
                throw $this->createNotFoundException(self::ACCESS_DENIED);
            }
-        }
-        $organization = $this->entityManager->getRepository(Organizations::class)->find($id);
-        if (!$organization) {
-            throw $this->createNotFoundException(self::NOT_FOUND);
-        }
-
-        $newUsers = $this->entityManager->getRepository(UsersOrganizations::class)->getLastNewActiveUsersByOrganization($organization);
-        $adminUsers = $this->entityManager->getRepository(UsersOrganizations::class)->getAdminUsersByOrganization($organization);
+            //Don't care about the null pointer because if no UO found, it won't pass the previous check
+            $organization = $this->entityManager->getRepository(Organizations::class)->find($id);
+            $newUsers = $this->entityManager->getRepository(UsersOrganizations::class)->getLastNewActiveUsersByOrganization($organization);
+            $adminUsers = $this->entityManager->getRepository(UsersOrganizations::class)->getAdminUsersByOrganization($organization);
 //        reusing the method to avoid code duplication even though it returns an array of UsersOrganizations
-        $org = $this->usersOrganizationService->findActiveUsersByOrganizations([$organization]);
-
-
-
+            $org = $this->usersOrganizationService->findActiveUsersByOrganizations([$organization]);
+        }else{
+            throw $this->createNotFoundException(self::ACCESS_DENIED);
+        }

        return $this->render('organization/show.html.twig', [
            'organization' => $organization,