Throw error if the offer is not yours

This commit is contained in:
Jannis Portmann 2021-05-09 17:53:41 +02:00
parent 9fac9e6607
commit a0576fc1cd

View file

@ -13,6 +13,7 @@ use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\Annotation\Route;
use Twig\Environment; use Twig\Environment;
@ -86,33 +87,37 @@ class OfferController extends AbstractController
{ {
$form = $this->createForm(OfferingFormType::class, $offer); $form = $this->createForm(OfferingFormType::class, $offer);
$user = $this->getUser(); $user = $this->getUser();
if ($offer->getByUser() === $user)
{
$form->handleRequest($request);
$form->handleRequest($request); if ($form->isSubmitted() && $form->isValid()) {
$offer->setByUser($user);
$offer->setCreatedAt(new \DateTime());
if ($form->isSubmitted() && $form->isValid()) { if ($photo = $form['photo']->getData()) {
$offer->setByUser($user); $filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension();
$offer->setCreatedAt(new \DateTime()); try {
$photo->move($photoDir, $filename);
if ($photo = $form['photo']->getData()) { } catch (FileException $e) {
$filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension(); // unable to upload the photo, give up
try { $this->addFlash("error", "There was an error uploading the photo: ".$e);
$photo->move($photoDir, $filename); return $this->redirectToRoute('new_offer');
} catch (FileException $e) { }
// unable to upload the photo, give up $offer->setPhotoFilename($filename);
$this->addFlash("error", "There was an error uploading the photo: ".$e);
return $this->redirectToRoute('new_offer');
} }
$offer->setPhotoFilename($filename);
}
$this->entityManager->persist($offer); $this->entityManager->persist($offer);
$this->entityManager->flush(); $this->entityManager->flush();
} }
return $this->render('offer/edit.html.twig', [ return $this->render('offer/edit.html.twig', [
'user' => $this->getUser(), 'user' => $this->getUser(),
'offer' => $offer, 'offer' => $offer,
'offer_form' => $form->createView(), 'offer_form' => $form->createView(),
]); ]);
}
throw new HttpException(403, "No permisison");
} }
} }