fix: CaseController
* add permission validation
This commit is contained in:
parent
fe622ef794
commit
520409b0b4
@ -8,6 +8,7 @@ use App\Entity\CompanyDocument;
|
|||||||
use App\Entity\Location;
|
use App\Entity\Location;
|
||||||
use App\Entity\Member;
|
use App\Entity\Member;
|
||||||
use App\Entity\MemberCase;
|
use App\Entity\MemberCase;
|
||||||
|
use App\Entity\MemberDocument;
|
||||||
use App\Entity\ReferralSource;
|
use App\Entity\ReferralSource;
|
||||||
use App\Entity\User;
|
use App\Entity\User;
|
||||||
use App\Entity\UserCase;
|
use App\Entity\UserCase;
|
||||||
@ -23,7 +24,9 @@ use Doctrine\ORM\EntityManagerInterface;
|
|||||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||||
use Symfony\Component\Routing\Attribute\Route;
|
use Symfony\Component\Routing\Attribute\Route;
|
||||||
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
||||||
use Symfony\Component\Security\Http\Attribute\CurrentUser;
|
use Symfony\Component\Security\Http\Attribute\CurrentUser;
|
||||||
|
|
||||||
class CaseController extends AbstractController
|
class CaseController extends AbstractController
|
||||||
@ -39,6 +42,10 @@ class CaseController extends AbstractController
|
|||||||
#[Route('/my-cases', name: 'app_my_cases')]
|
#[Route('/my-cases', name: 'app_my_cases')]
|
||||||
public function myCases(#[CurrentUser()] User $user, Request $request): Response
|
public function myCases(#[CurrentUser()] User $user, Request $request): Response
|
||||||
{
|
{
|
||||||
|
if (!$this->isGranted('IS_AUTHENTICATED_FULLY')) {
|
||||||
|
return $this->redirectToRoute('app_login');
|
||||||
|
}
|
||||||
|
|
||||||
$this->navLinks['my_cases'] = NavList::PRESENT_LINK;
|
$this->navLinks['my_cases'] = NavList::PRESENT_LINK;
|
||||||
$this->navLinks['case_list'] = NavList::DEFAULT;
|
$this->navLinks['case_list'] = NavList::DEFAULT;
|
||||||
|
|
||||||
@ -58,7 +65,7 @@ class CaseController extends AbstractController
|
|||||||
'breadcrumbs' => [
|
'breadcrumbs' => [
|
||||||
(
|
(
|
||||||
strpos($request->server->get('HTTP_REFERER'), 'list-cases') !== false
|
strpos($request->server->get('HTTP_REFERER'), 'list-cases') !== false
|
||||||
? new Breadcrumb($this->generateUrl('app_list_cases'), 'List Cases')
|
? new Breadcrumb($this->generateUrl('app_list_cases'), 'Cases')
|
||||||
: new Breadcrumb($this->generateUrl('app_my_cases'), 'My Cases')
|
: new Breadcrumb($this->generateUrl('app_my_cases'), 'My Cases')
|
||||||
),
|
),
|
||||||
],
|
],
|
||||||
@ -103,7 +110,9 @@ class CaseController extends AbstractController
|
|||||||
$case = $this->entityManager->getRepository(MemberCase::class)->find($caseId);
|
$case = $this->entityManager->getRepository(MemberCase::class)->find($caseId);
|
||||||
|
|
||||||
/** @todo validate user has access to case, check for admin, case manager of case worker */
|
/** @todo validate user has access to case, check for admin, case manager of case worker */
|
||||||
//$uc = $this->entityManager->getRepository(UserCase::class)
|
if (!Libs::checkPermissions($user, $case, $this->entityManager)) {
|
||||||
|
throw new AccessDeniedException();
|
||||||
|
}
|
||||||
|
|
||||||
$sources = $this->entityManager->getRepository(ReferralSource::class)->findAll();
|
$sources = $this->entityManager->getRepository(ReferralSource::class)->findAll();
|
||||||
|
|
||||||
@ -115,7 +124,7 @@ class CaseController extends AbstractController
|
|||||||
'case' => $case,
|
'case' => $case,
|
||||||
'sources' => $sources,
|
'sources' => $sources,
|
||||||
'breadcrumbs' => [
|
'breadcrumbs' => [
|
||||||
new Breadcrumb($this->generateUrl('app_list_cases'), 'List Cases'),
|
new Breadcrumb($this->generateUrl('app_list_cases'), 'Cases'),
|
||||||
new Breadcrumb($this->generateUrl('app_view_case', ['caseId' => $case->getId()]), 'View Case')
|
new Breadcrumb($this->generateUrl('app_view_case', ['caseId' => $case->getId()]), 'View Case')
|
||||||
],
|
],
|
||||||
'notifications' => Libs::getMessages($user, $this->entityManager),
|
'notifications' => Libs::getMessages($user, $this->entityManager),
|
||||||
@ -452,10 +461,4 @@ class CaseController extends AbstractController
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[Route('/sign-case-doc/{caseId}/{docId}/{memberId}', name: 'app_display_case_document')]
|
|
||||||
public function displayCaseDocument(string $caseId, string $docId, Request $request, #[CurrentUser()] User $user): Response
|
|
||||||
{
|
|
||||||
return new Response();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user