Deny permission for removing wishes

This commit is contained in:
Jannis Portmann 2021-05-15 10:38:17 +02:00
parent e8b3bdaa34
commit 7c1911fcd9

View file

@ -13,6 +13,7 @@ use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\Annotation\Route;
use Twig\Environment; use Twig\Environment;
@ -91,11 +92,17 @@ class UserController extends AbstractController
#[Route('/wish/delete/{id}', name: 'delete_wish')] #[Route('/wish/delete/{id}', name: 'delete_wish')]
public function deleteWish(Wish $wish): Response public function deleteWish(Wish $wish): Response
{ {
$this->entityManager->remove($wish); $user = $this->getUser();
$this->entityManager->flush(); if ($wish->getByUser() === $user)
{
$this->entityManager->remove($wish);
$this->entityManager->flush();
$this->addFlash("success", "Successfully removed the wish!"); $this->addFlash("success", "Successfully removed the wish!");
return $this->redirectToRoute('wishlist'); return $this->redirectToRoute('wishlist');
}
throw new HttpException(403, "No permission");
} }
} }