Skip to content
Snippets Groups Projects
Commit 5578f620 authored by Camille Simiand's avatar Camille Simiand
Browse files

Add security user can duplicate and delete a capsule

parent fc4b2c3f
Branches
Tags
1 merge request!44tuleap-80-duplicate-a-capsule
Pipeline #729 passed
......@@ -27,7 +27,7 @@ class CapsuleController extends AbstractController
* @Route("/", name="home")
*/
public function index(
CapsuleRepository $capsuleRepository,
CapsuleRepository $capsule_repository,
PaginatorInterface $paginator,
Request $request
): Response {
......@@ -37,7 +37,7 @@ class CapsuleController extends AbstractController
return $this->redirectToRoute('app_logout');
}
$all_capsules = $capsuleRepository->findBy(['creation_author' => $current_user]);
$all_capsules = $capsule_repository->findBy(['creation_author' => $current_user]);
$capsules = $paginator->paginate(
$all_capsules,
......@@ -134,7 +134,8 @@ class CapsuleController extends AbstractController
public function delete(
int $id,
Request $request,
TranslatorInterface $translator
TranslatorInterface $translator,
CapsuleRepository $capsule_repository
): Response {
$form = $this->createForm(DeleteCapsuleFormType::class);
$form->handleRequest($request);
......@@ -154,6 +155,22 @@ class CapsuleController extends AbstractController
}
$capsule_name = $capsule->getName();
$do_capsule_belongs_to_user = $capsule_repository->doCapsuleBelongsToUser($capsule, $current_user);
if (! $do_capsule_belongs_to_user) {
$this->addFlash(
'capsule_deleted_error',
$translator->trans(
'capsule.delete.error',
[
'capsule_name' => $capsule_name
]
)
);
return $this->redirectToRoute('capsule_list');
}
if ($form->isSubmitted() && $form->isValid()) {
$entityManager->remove($capsule);
$entityManager->flush();
......@@ -184,7 +201,8 @@ class CapsuleController extends AbstractController
int $id,
Request $request,
Filesystem $file_system,
TranslatorInterface $translator
TranslatorInterface $translator,
CapsuleRepository $capsule_repository
): Response {
$form = $this->createForm(DuplicateCapsuleFormType::class);
$form->handleRequest($request);
......@@ -198,7 +216,22 @@ class CapsuleController extends AbstractController
$parent_capsule = $entityManager->getRepository(Capsule::class)->find($id);
if (! $parent_capsule instanceof Capsule) {
throw new \Exception('The retrieved capsule is not an instance of Caspule.');
throw new \Exception('The retrieved capsule is not an instance of Capsule.');
}
if (! $capsule_repository->doCapsuleBelongsToUser($parent_capsule, $current_user)) {
$this->addFlash(
'capsule_deleted_error',
$translator->trans(
'capsule.delete.error',
[
'capsule_name' => $parent_capsule->getName()
]
)
);
return $this->redirectToRoute('capsule_list');
}
$parent_directory_name = $parent_capsule->getLinkPath();
......
......@@ -3,6 +3,7 @@
namespace App\Repository;
use App\Entity\Capsule;
use App\Entity\User;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
......@@ -20,4 +21,11 @@ class CapsuleRepository extends ServiceEntityRepository
{
parent::__construct($registry, Capsule::class);
}
public function doCapsuleBelongsToUser(Capsule $capsule, User $user): bool
{
return
$capsule->getCreationAuthor() === $user ||
$capsule->getUpdateAuthor() === $user;
}
}
......@@ -41,6 +41,12 @@
</div>
{% endfor %}
{% for flashSuccess in app.flashes('capsule_deleted_error') %}
<div class="text-center alert alert-warning col-5 mx-auto my-5" role="alert">
{{ flashSuccess }}
</div>
{% endfor %}
{% for flashWarning in app.flashes('project_does_not_exist') %}
<div class="text-center alert alert-warning col-5 mx-auto my-5" role="alert">
{{ flashWarning }}
......@@ -52,6 +58,12 @@
{{ flashSuccess }}
</div>
{% endfor %}
{% for flashSuccess in app.flashes('capsule_duplicated_error') %}
<div class="text-center alert alert-warning> col-5 mx-auto my-5" role="alert">
{{ flashSuccess }}
</div>
{% endfor %}
</div>
<div class="capsules-list d-flex flex-column m-6">
......
......@@ -74,13 +74,15 @@ capsule:
title: Duplicate capsule
title_name: Duplicate capsule %capsule_name%
new_name: Enter the name of the new capsule
success: The capsule has been successfully duplicated into capsule_name. You can see it at the end of your list.
success: The capsule has been successfully duplicated into capsule_name. You can see it at the end of your list
error: You don't have the permission to delete this capsule
delete:
link: Delete capsule
button: Delete
title: Delete capsule
text: Do you really want to delete the capsule %capsule_name%?
success: Capsule capsule_name was deleted successfully
error: You don't have the permission to delete this capsule
project:
already_exists: Project capsule_name already exists so the capsule could not be created
......
......@@ -71,7 +71,8 @@ capsule:
title: Dupliquer la capsule
title_name: Dupliquer la capsule %capsule_name%
new_name: Saisissez le nom de la nouvelle capsule
success: La capsule a bien été dupliquée en capsule_name. Vous la retrouverez à la suite des capsules.
success: La capsule a bien été dupliquée en capsule_name. Vous la retrouverez à la suite des capsules
error: Vous n'avez pas les droits nécessaires pour dupliquer cette capsule
delete:
link: Supprimer la capsule
not_found: Le projet n'existe pas
......@@ -79,6 +80,7 @@ capsule:
title: Supprimer la capsule
text: Souhaitez-vous vraiment supprimer la capsule %capsule_name% ?
success: La capsule capsule_name a bien été supprimée
error: Vous n'avez pas les droits nécessaires pour supprimer cette capsule
project:
already_exists: Le projet capsule_name existe déjà. La capsule n'a pas pu être créée
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment