Throw error if the offer is not yours
This commit is contained in:
parent
9fac9e6607
commit
a0576fc1cd
1 changed files with 28 additions and 23 deletions
|
|
@ -13,6 +13,7 @@ use Doctrine\ORM\EntityManagerInterface;
|
||||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||||
use Symfony\Component\Routing\Annotation\Route;
|
use Symfony\Component\Routing\Annotation\Route;
|
||||||
use Twig\Environment;
|
use Twig\Environment;
|
||||||
|
|
||||||
|
|
@ -86,33 +87,37 @@ class OfferController extends AbstractController
|
||||||
{
|
{
|
||||||
$form = $this->createForm(OfferingFormType::class, $offer);
|
$form = $this->createForm(OfferingFormType::class, $offer);
|
||||||
$user = $this->getUser();
|
$user = $this->getUser();
|
||||||
|
if ($offer->getByUser() === $user)
|
||||||
|
{
|
||||||
|
$form->handleRequest($request);
|
||||||
|
|
||||||
$form->handleRequest($request);
|
if ($form->isSubmitted() && $form->isValid()) {
|
||||||
|
$offer->setByUser($user);
|
||||||
|
$offer->setCreatedAt(new \DateTime());
|
||||||
|
|
||||||
if ($form->isSubmitted() && $form->isValid()) {
|
if ($photo = $form['photo']->getData()) {
|
||||||
$offer->setByUser($user);
|
$filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension();
|
||||||
$offer->setCreatedAt(new \DateTime());
|
try {
|
||||||
|
$photo->move($photoDir, $filename);
|
||||||
if ($photo = $form['photo']->getData()) {
|
} catch (FileException $e) {
|
||||||
$filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension();
|
// unable to upload the photo, give up
|
||||||
try {
|
$this->addFlash("error", "There was an error uploading the photo: ".$e);
|
||||||
$photo->move($photoDir, $filename);
|
return $this->redirectToRoute('new_offer');
|
||||||
} catch (FileException $e) {
|
}
|
||||||
// unable to upload the photo, give up
|
$offer->setPhotoFilename($filename);
|
||||||
$this->addFlash("error", "There was an error uploading the photo: ".$e);
|
|
||||||
return $this->redirectToRoute('new_offer');
|
|
||||||
}
|
}
|
||||||
$offer->setPhotoFilename($filename);
|
|
||||||
|
$this->entityManager->persist($offer);
|
||||||
|
$this->entityManager->flush();
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->entityManager->persist($offer);
|
return $this->render('offer/edit.html.twig', [
|
||||||
$this->entityManager->flush();
|
'user' => $this->getUser(),
|
||||||
|
'offer' => $offer,
|
||||||
|
'offer_form' => $form->createView(),
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->render('offer/edit.html.twig', [
|
throw new HttpException(403, "No permisison");
|
||||||
'user' => $this->getUser(),
|
|
||||||
'offer' => $offer,
|
|
||||||
'offer_form' => $form->createView(),
|
|
||||||
]);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Reference in a new issue