thisfro/pflaenz.li-Symfony
Archived
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases 3 Wiki Activity

Deny permission for removing wishes

Browse source
This commit is contained in:
Jannis Portmann 2021-05-15 10:38:17 +02:00
parent e8b3bdaa34
commit 7c1911fcd9
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/Controller/UserController.php
View file

@ -13,6 +13,7 @@ use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\Annotation\Route;
use Twig\Environment; use Twig\Environment;
@ -90,6 +91,9 @@ class UserController extends AbstractController
#[Route('/wish/delete/{id}', name: 'delete_wish')] #[Route('/wish/delete/{id}', name: 'delete_wish')]
public function deleteWish(Wish $wish): Response public function deleteWish(Wish $wish): Response
{
$user = $this->getUser();
if ($wish->getByUser() === $user)
{ {
$this->entityManager->remove($wish); $this->entityManager->remove($wish);
$this->entityManager->flush(); $this->entityManager->flush();
@ -98,4 +102,7 @@ class UserController extends AbstractController
return $this->redirectToRoute('wishlist'); return $this->redirectToRoute('wishlist');
} }
throw new HttpException(403, "No permission");
}
} }