Throw error if the offer is not yours
This commit is contained in:
parent
9fac9e6607
commit
a0576fc1cd
1 changed files with 28 additions and 23 deletions
|
|
@ -13,6 +13,7 @@ use Doctrine\ORM\EntityManagerInterface;
|
|||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Symfony\Component\Routing\Annotation\Route;
|
||||
use Twig\Environment;
|
||||
|
||||
|
|
@ -86,33 +87,37 @@ class OfferController extends AbstractController
|
|||
{
|
||||
$form = $this->createForm(OfferingFormType::class, $offer);
|
||||
$user = $this->getUser();
|
||||
if ($offer->getByUser() === $user)
|
||||
{
|
||||
$form->handleRequest($request);
|
||||
|
||||
$form->handleRequest($request);
|
||||
if ($form->isSubmitted() && $form->isValid()) {
|
||||
$offer->setByUser($user);
|
||||
$offer->setCreatedAt(new \DateTime());
|
||||
|
||||
if ($form->isSubmitted() && $form->isValid()) {
|
||||
$offer->setByUser($user);
|
||||
$offer->setCreatedAt(new \DateTime());
|
||||
|
||||
if ($photo = $form['photo']->getData()) {
|
||||
$filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension();
|
||||
try {
|
||||
$photo->move($photoDir, $filename);
|
||||
} catch (FileException $e) {
|
||||
// unable to upload the photo, give up
|
||||
$this->addFlash("error", "There was an error uploading the photo: ".$e);
|
||||
return $this->redirectToRoute('new_offer');
|
||||
if ($photo = $form['photo']->getData()) {
|
||||
$filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension();
|
||||
try {
|
||||
$photo->move($photoDir, $filename);
|
||||
} catch (FileException $e) {
|
||||
// unable to upload the photo, give up
|
||||
$this->addFlash("error", "There was an error uploading the photo: ".$e);
|
||||
return $this->redirectToRoute('new_offer');
|
||||
}
|
||||
$offer->setPhotoFilename($filename);
|
||||
}
|
||||
$offer->setPhotoFilename($filename);
|
||||
}
|
||||
|
||||
$this->entityManager->persist($offer);
|
||||
$this->entityManager->flush();
|
||||
}
|
||||
$this->entityManager->persist($offer);
|
||||
$this->entityManager->flush();
|
||||
}
|
||||
|
||||
return $this->render('offer/edit.html.twig', [
|
||||
'user' => $this->getUser(),
|
||||
'offer' => $offer,
|
||||
'offer_form' => $form->createView(),
|
||||
]);
|
||||
return $this->render('offer/edit.html.twig', [
|
||||
'user' => $this->getUser(),
|
||||
'offer' => $offer,
|
||||
'offer_form' => $form->createView(),
|
||||
]);
|
||||
}
|
||||
|
||||
throw new HttpException(403, "No permisison");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue