Skip to content

Commit

Permalink
added restrictions
Browse files Browse the repository at this point in the history
  • Loading branch information
@msalakhov-smartorange
msalakhov-smartorange committed Nov 14, 2021
1 parent 8831a10 commit 280315f
Showing 1 changed file with 128 additions and 20 deletions.
148 changes: 128 additions & 20 deletions app/src/Controller/ClientController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use App\Repository\ClientRepository;
use App\Form\CreateClientFormType;
use App\Form\CreateClientInsuranceFormType;
use Exception;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
Expand All @@ -26,6 +27,7 @@
use Symfony\Component\HttpFoundation\File\UploadedFile;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;

class ClientController extends AbstractController
{
Expand Down Expand Up @@ -89,11 +91,17 @@ public function create(UserInterface $user, Request $request): Response
}

#[Route('/client/delete/{id}', methods:['DELETE'])]
public function delete($id)
public function delete($id, UserInterface $user)
{
$client = $this->getDoctrine()->getRepository(Client::class)->find($id);
$entityManager = $this->getDoctrine()->getManager();

if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$entityManager = $this->getDoctrine()->getManager();
$entityManager->remove($client);
$entityManager->flush();

Expand All @@ -102,9 +110,16 @@ public function delete($id)
}

#[Route('/client/edit/{id}')]
public function edit(Request $request, $id): Response
public function edit(Request $request, $id, UserInterface $user): Response
{
$client = $this->getDoctrine()->getRepository(Client::class)->find($id);

if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

if ($client->getPhoto()) {
$photo = new File($this->getParameter('photoDir') . '/' . $client->getPhoto());
$fileName = $photo->getFilename();
Expand Down Expand Up @@ -150,10 +165,16 @@ public function edit(Request $request, $id): Response
}

#[Route('/client/{id}', name: 'insuranceList')]
public function insuranceObjects(ClientRepository $clientRepository, $id)
public function insuranceObjects(ClientRepository $clientRepository, $id, UserInterface $user)
{
$client = $clientRepository->find($id);

if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$insuranceList = $this->getDoctrine()->getRepository(ClientInsurance::class)->findBy(['clientId' => $id], ['year' => 'desc']);
$resInsuranceList = $insuranseObjects = null;

Expand Down Expand Up @@ -196,16 +217,30 @@ public function insuranceObjects(ClientRepository $clientRepository, $id)
}

#[Route('/client/{id}/add-insurance', name: 'add-insurance')]
public function addInsurance($id)
public function addInsurance($id, ClientRepository $clientRepository, UserInterface $user)
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

return $this->render('client/add-insurance.html.twig', [
'clientId' => $id
]);
}

#[Route('/client/{id}/add-insurance-home', name: 'add-insurance-home')]
public function addInsuranceHome(Request $request, $id)
public function addInsuranceHome(Request $request, $id, ClientRepository $clientRepository, UserInterface $user)
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$clientInsurance = new ClientInsurance();
$clientInsurance->setClientId($id);

Expand All @@ -229,8 +264,15 @@ public function addInsuranceHome(Request $request, $id)
}

#[Route('/client/{id}/add-insurance-auto', name: 'add-insurance-auto')]
public function addInsuranceAuto(Request $request, $id)
public function addInsuranceAuto(Request $request, $id, ClientRepository $clientRepository, UserInterface $user)
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$clientInsurance = new ClientInsurance();
$clientInsurance->setClientId($id);

Expand All @@ -254,8 +296,15 @@ public function addInsuranceAuto(Request $request, $id)
}

#[Route('/client/{id}/add-insurance-coll', name: 'add-insurance-coll')]
public function addInsuranceColl(Request $request, $id)
public function addInsuranceColl(Request $request, $id, ClientRepository $clientRepository, UserInterface $user)
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$clientInsurance = new ClientInsurance();
$clientInsurance->setClientId($id);

Expand All @@ -279,8 +328,15 @@ public function addInsuranceColl(Request $request, $id)
}

#[Route('/client/{id}/add-insurance-umbrella', name: 'add-insurance-umbrella')]
public function addInsuranceUmbrella(Request $request, $id)
public function addInsuranceUmbrella(Request $request, $id, ClientRepository $clientRepository, UserInterface $user)
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$clientInsurance = new ClientInsurance();
$clientInsurance->setClientId($id);

Expand All @@ -304,8 +360,15 @@ public function addInsuranceUmbrella(Request $request, $id)
}

#[Route('/client/{id}/add-insurance-other', name: 'add-insurance-other')]
public function addInsuranceOther(Request $request, $id)
public function addInsuranceOther(Request $request, $id, ClientRepository $clientRepository, UserInterface $user)
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$clientInsurance = new ClientInsurance();
$clientInsurance->setClientId($id);

Expand All @@ -329,9 +392,17 @@ public function addInsuranceOther(Request $request, $id)
}

#[Route('/client/insurance/delete/{id}', name: 'delete-ins', methods:['DELETE'])]
public function deleteInsurance($id)
public function deleteInsurance($id, ClientRepository $clientRepository, UserInterface $user)
{
$clientInsurance = $this->getDoctrine()->getRepository(ClientInsurance::class)->find($id);

$client = $clientRepository->find($clientInsurance->getClientId());
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$entityManager = $this->getDoctrine()->getManager();

$entityManager->remove($clientInsurance);
Expand All @@ -342,9 +413,17 @@ public function deleteInsurance($id)
}

#[Route('/client/insurance/edit/{id}', name: 'edit-ins')]
public function editInsurance(UserInterface $user, Request $request, $id): Response
public function editInsurance(UserInterface $user, Request $request, $id, ClientRepository $clientRepository): Response
{
$insuranse = $this->getDoctrine()->getRepository(ClientInsurance::class)->find($id);

$client = $clientRepository->find($insuranse->getClientId());
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$type = $insuranse->getInsuranceObjectsTypesId();
$typeName = InsuranceTypes::NAMES[$type];

Expand Down Expand Up @@ -372,19 +451,26 @@ public function editInsurance(UserInterface $user, Request $request, $id): Respo
$entityManager = $this->getDoctrine()->getManager();
$entityManager->flush();

return $this->redirectToRoute('insuranceList', ['id' => $user->getId()]);
return $this->redirectToRoute('insuranceList', ['id' => $insuranse->getClientId()]);
}

return $this->render('client/editInsurance.html.twig', [
'controller_name' => 'ClientController',
'addInsuranceForm' => $form->createView(),
'clientId' => $user->getId()
'clientId' => $insuranse->getClientId()
]);
}

#[Route('/client/{id}/insurance/{insId}/upload-file', name: 'insurance-upload-file')]
public function uploadIns(Request $request, $id, $insId): Response
public function uploadIns(Request $request, $id, $insId, ClientRepository $clientRepository, UserInterface $user): Response
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$attachment = new InsuranceAttachments();
$form = $this->createForm(InsuranceAttachmentsFormType::class, $attachment);
$form->handleRequest($request);
Expand Down Expand Up @@ -423,11 +509,19 @@ public function uploadIns(Request $request, $id, $insId): Response
}

#[Route('/client/insurance/delete-attachment/{attachmentId}', name: 'delete-ins-attachment', methods:['DELETE'])]
public function deleteInsAttachment($attachmentId)
public function deleteInsAttachment($attachmentId, ClientRepository $clientRepository, UserInterface $user)
{
$attachment = $this->getDoctrine()->getRepository(InsuranceAttachments::class)->find($attachmentId);
$entityManager = $this->getDoctrine()->getManager();
$insurance = $this->getDoctrine()->getRepository(ClientInsurance::class)->find($attachment->getInsuranceId());

$client = $clientRepository->find($insurance->getClientId());
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$entityManager = $this->getDoctrine()->getManager();
$entityManager->remove($attachment);
$entityManager->flush();

Expand All @@ -436,11 +530,18 @@ public function deleteInsAttachment($attachmentId)
}

#[Route('/client/delete-attachment/{id}', name: 'delete-attachment', methods:['DELETE'])]
public function deleteAttachment($id)
public function deleteAttachment($id, ClientRepository $clientRepository, UserInterface $user)
{
$attachment = $this->getDoctrine()->getRepository(Attachments::class)->find($id);
$entityManager = $this->getDoctrine()->getManager();

$client = $clientRepository->find($attachment->getUserId());
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$entityManager = $this->getDoctrine()->getManager();
$entityManager->remove($attachment);
$entityManager->flush();

Expand All @@ -449,8 +550,15 @@ public function deleteAttachment($id)
}

#[Route('/client/{id}/upload-file', name: 'upload-file')]
public function upload(Request $request, $id): Response
public function upload(Request $request, $id, ClientRepository $clientRepository, UserInterface $user): Response
{
$client = $clientRepository->find($id);
if ($client->getUser()->getId() != $user->getId()) {
if (!in_array('ADMIN', $user->getRoles())) {
throw new AccessDeniedException();
}
}

$attachment = new Attachments();
$form = $this->createForm(AttachmentsFormType::class, $attachment);
$form->handleRequest($request);
Expand Down

0 comments on commit 280315f

Please sign in to comment.