Deny permission for removing wishes
This commit is contained in:
parent
e8b3bdaa34
commit
7c1911fcd9
1 changed files with 11 additions and 4 deletions
|
@ -13,6 +13,7 @@ use Doctrine\ORM\EntityManagerInterface;
|
|||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Symfony\Component\Routing\Annotation\Route;
|
||||
use Twig\Environment;
|
||||
|
||||
|
@ -90,6 +91,9 @@ class UserController extends AbstractController
|
|||
|
||||
#[Route('/wish/delete/{id}', name: 'delete_wish')]
|
||||
public function deleteWish(Wish $wish): Response
|
||||
{
|
||||
$user = $this->getUser();
|
||||
if ($wish->getByUser() === $user)
|
||||
{
|
||||
$this->entityManager->remove($wish);
|
||||
$this->entityManager->flush();
|
||||
|
@ -98,4 +102,7 @@ class UserController extends AbstractController
|
|||
|
||||
return $this->redirectToRoute('wishlist');
|
||||
}
|
||||
|
||||
throw new HttpException(403, "No permission");
|
||||
}
|
||||
}
|
||||
|
|
Reference in a new issue