diff --git a/src/Controller/JobOrderController.php b/src/Controller/JobOrderController.php index a1dc2f97..334242b8 100644 --- a/src/Controller/JobOrderController.php +++ b/src/Controller/JobOrderController.php @@ -264,7 +264,15 @@ class JobOrderController extends Controller { $this->denyAccessUnlessGranted('jo_in.list', null, 'No access.'); - $params = $jo_handler->initializeIncomingVehicleForm($cvid); + try + { + $params = $jo_handler->initializeIncomingVehicleForm($cvid); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); + } + $params['submit_url'] = $this->generateUrl('jo_in_submit'); $params['return_url'] = $this->generateUrl('jo_in'); @@ -582,7 +590,19 @@ class JobOrderController extends Controller { $this->denyAccessUnlessGranted('jo_proc.list', null, 'No access.'); - $params = $jo_handler->initializeDispatchForm($id, $map_tools); + try + { + $params = $jo_handler->initializeDispatchForm($id, $map_tools); + } + catch (AccessDeniedHttpException $e) + { + throw $this->createAccessDeniedException($e->getMessage()); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); + } + $params['submit_url'] = $this->generateUrl('jo_proc_submit', ['id' => $id]); $params['return_url'] = $this->generateUrl('jo_proc'); @@ -597,7 +617,18 @@ class JobOrderController extends Controller // initialize error list $error_array = []; - $error_array = $jo_handler->dispatchJobOrder($req, $id, $mclient); + try + { + $error_array = $jo_handler->dispatchJobOrder($req, $id, $mclient); + } + catch (AccessDeniedHttpException $e) + { + throw $this->createAccessDeniedException($e->getMessage()); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); + } // check if any errors were found if (!empty($error_array)) @@ -618,79 +649,25 @@ class JobOrderController extends Controller /** * @Menu(selected="jo_assign") */ - public function assigningForm(MapTools $map_tools, $id) + public function assigningForm($id, JobOrderHandlerInterface $jo_handler) { $this->denyAccessUnlessGranted('jo_assign.list', null, 'No access.'); - $em = $this->getDoctrine()->getManager(); - - // manual transaction since we're locking - $em->getConnection()->beginTransaction(); - - $params['mode'] = 'update-assigning'; - try { - // get row data - $obj = $em->getRepository(JobOrder::class)->find($id); - - // make sure this row exists - if (empty($obj)) - { - $em->getConnection()->rollback(); - throw $this->createNotFoundException('The job order does not exist'); - } - - // check status - if ($obj->getStatus() != JOStatus::RIDER_ASSIGN) - { - $em->getConnection()->rollback(); - throw $this->createNotFoundException('The job order does not have an assigning status'); - } - - // check if super user - $user = $this->getUser(); - if ($user->isSuperAdmin()) - { - // do nothing, just allow page to be accessed - } - else - { - // check if hub is assigned to current user - $user_hubs = $this->getUser()->getHubs(); - if (!in_array($obj->getHub()->getID(), $user_hubs)) - { - $em->getConnection()->rollback(); - throw $this->createNotFoundException('The job order is not on a hub assigned to this user'); - } - - // check if we are the assignor - $assignor = $obj->getAssignedBy(); - - if ($assignor != null && $assignor->getID() != $user->getID()) - { - $em->getConnection()->rollback(); - throw $this->createAccessDeniedException('Not the assignor'); - } - - // make this user be the assignor - $obj->setAssignedBy($user); - $em->flush(); - } - - $em->getConnection()->commit(); + $params = $jo_handler->initializeAssignForm($id); } - catch (PessimisticLockException $e) + catch (AccessDeniedHttpException $e) { - throw $this->createAccessDeniedException('Not the assignor'); + throw $this->createAccessDeniedException($e->getMessage()); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); } - $this->fillDropdownParameters($params); - $this->fillFormTags($params); - $params['obj'] = $obj; - $params['status_cancelled'] = JOStatus::CANCELLED; - $params['submit_url'] = $this->generateUrl('jo_assign_submit', ['id' => $obj->getID()]); + $params['submit_url'] = $this->generateUrl('jo_assign_submit', ['id' => $id]); $params['return_url'] = $this->generateUrl('jo_assign'); // response @@ -704,7 +681,14 @@ class JobOrderController extends Controller // initialize error list $error_array = []; - $error_array = $jo_handler->assignJobOrder($req, $id, $mclient, $aclient); + try + { + $error_array = $jo_handler->assignJobOrder($req, $id, $mclient, $aclient); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); + } // check if any errors were found if (!empty($error_array)) { @@ -825,7 +809,15 @@ class JobOrderController extends Controller // initialize error list $error_array = []; - $error_array = $jo_handler->fulfillJobOrder($req, $id, $mclient); + try + { + $error_array = $jo_handler->fulfillJobOrder($req, $id, $mclient); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); + } + // check if any errors were found if (!empty($error_array)) { @@ -1202,7 +1194,15 @@ class JobOrderController extends Controller { $this->denyAccessUnlessGranted('jo_all.list', null, 'No access.'); - $params = $jo_handler->initializeAllForm($id); + try + { + $params = $jo_handler->initializeAllForm($id); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); + } + $params['return_url'] = $this->generateUrl('jo_all'); $params['submit_url'] = ''; @@ -1592,7 +1592,14 @@ class JobOrderController extends Controller ], 422); } - $jo_handler->cancelJobOrder($req, $id, $mclient); + try + { + $jo_handler->cancelJobOrder($req, $id, $mclient); + } + catch (NotFoundHttpException $e) + { + throw $this->createNotFoundException($e->getMessage()); + } // return successful response return $this->json([ diff --git a/src/Service/JobOrderHandler/CMBJobOrderHandler.php b/src/Service/JobOrderHandler/CMBJobOrderHandler.php index 73a1bbfe..d3770fab 100644 --- a/src/Service/JobOrderHandler/CMBJobOrderHandler.php +++ b/src/Service/JobOrderHandler/CMBJobOrderHandler.php @@ -6,6 +6,9 @@ use Symfony\Component\Security\Core\Security; use Symfony\Component\Validator\Validator\ValidatorInterface; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; +use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; + use Doctrine\ORM\EntityManagerInterface; use Doctrine\DBAL\Connection; use Doctrine\DBAL\LockMode; @@ -194,22 +197,22 @@ class CMBJobOrderHandler implements JobOrderHandlerInterface // check if we're the one processing, return error otherwise if ($processor == null) - throw $this->createAccessDeniedException('Not the processor'); + throw new AccessDeniedHttpException('Not the processor'); if ($processor != null && $processor->getID() != $user->getID()) - throw $this->createAccessDeniedException('Not the processor'); + throw new AccessDeniedHttpException('Not the processor'); // initialize error list $error_array = []; // make sure this object exists if (empty($obj)) - throw $this->createNotFoundException('The item does not exist'); + throw new NotFoundHttpException('The item does not exist'); // check if cancelled already if (!$obj->canDispatch()) { - throw $this->createNotFoundException('Could not dispatch. Job Order is not pending.'); + throw new NotFoundHttpException('Could not dispatch. Job Order is not pending.'); // TODO: have this handled better, so UI shows the error // $error_array['dispatch'] = 'Could not dispatch. Job Order is not pending.'; } @@ -704,7 +707,7 @@ class CMBJobOrderHandler implements JobOrderHandlerInterface if ($processor != null && $processor->getID() != $user->getID()) { $em->getConnection()->rollback(); - throw $this->createAccessDeniedException('Not the processor'); + throw new AccessDeniedHttpException('Not the processor'); } // make this user be the processor @@ -786,6 +789,87 @@ class CMBJobOrderHandler implements JobOrderHandlerInterface return $params; } + // initialize assign job order form + public function initializeAssignForm($id) + { + $em = $this->em; + + // manual transaction since we're locking + $em->getConnection()->beginTransaction(); + + $params['mode'] = 'update-assigning'; + + try + { + // get row data + $obj = $em->getRepository(JobOrder::class)->find($id); + + // make sure this row exists + if (empty($obj)) + { + $em->getConnection()->rollback(); + throw $this->createNotFoundException('The job order does not exist'); + } + + // check status + if ($obj->getStatus() != JOStatus::RIDER_ASSIGN) + { + $em->getConnection()->rollback(); + throw $this->createNotFoundException('The job order does not have an assigning status'); + } + + // check if super user + $user = $this->security->getUser(); + if ($user != null) + { + if ($user->isSuperAdmin()) + { + // do nothing, just allow page to be accessed + } + else + { + // check if hub is assigned to current user + $user_hubs = $user->getHubs(); + if (!in_array($obj->getHub()->getID(), $user_hubs)) + { + $em->getConnection()->rollback(); + throw $this->createNotFoundException('The job order is not on a hub assigned to this user'); + } + + // check if we are the assignor + $assignor = $obj->getAssignedBy(); + + if ($assignor != null && $assignor->getID() != $user->getID()) + { + $em->getConnection()->rollback(); + throw $this->createAccessDeniedException('Not the assignor'); + } + + // make this user be the assignor + $obj->setAssignedBy($user); + } + } + + $em->flush(); + + $em->getConnection()->commit(); + } + catch (PessimisticLockException $e) + { + throw $this->createAccessDeniedException('Not the assignor'); + } + + $this->fillDropdownParameters($params); + $this->fillFormTags($params); + + $params['obj'] = $obj; + $params['status_cancelled'] = JOStatus::CANCELLED; + + return $params; + + + } + protected function fillDropdownParameters(&$params) { $em = $this->em; diff --git a/src/Service/JobOrderHandler/ResqJobOrderHandler.php b/src/Service/JobOrderHandler/ResqJobOrderHandler.php index 052dce72..c012f262 100644 --- a/src/Service/JobOrderHandler/ResqJobOrderHandler.php +++ b/src/Service/JobOrderHandler/ResqJobOrderHandler.php @@ -6,6 +6,9 @@ use Symfony\Component\Security\Core\Security; use Symfony\Component\Validator\Validator\ValidatorInterface; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; +use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; + use Doctrine\ORM\EntityManagerInterface; use Doctrine\DBAL\Connection; use Doctrine\DBAL\LockMode; @@ -194,22 +197,22 @@ class ResqJobOrderHandler implements JobOrderHandlerInterface // check if we're the one processing, return error otherwise if ($processor == null) - throw $this->createAccessDeniedException('Not the processor'); + throw new AccessDeniedHttpException('Not the processor'); if ($processor != null && $processor->getID() != $user->getID()) - throw $this->createAccessDeniedException('Not the processor'); + throw new AccessDeniedHttpException('Not the processor'); // initialize error list $error_array = []; // make sure this object exists if (empty($obj)) - throw $this->createNotFoundException('The item does not exist'); + throw new NotFoundHttpException('The item does not exist'); // check if cancelled already if (!$obj->canDispatch()) { - throw $this->createNotFoundException('Could not dispatch. Job Order is not pending.'); + throw new NotFoundHttpException('Could not dispatch. Job Order is not pending.'); // TODO: have this handled better, so UI shows the error // $error_array['dispatch'] = 'Could not dispatch. Job Order is not pending.'; } @@ -704,7 +707,7 @@ class ResqJobOrderHandler implements JobOrderHandlerInterface if ($processor != null && $processor->getID() != $user->getID()) { $em->getConnection()->rollback(); - throw $this->createAccessDeniedException('Not the processor'); + throw new AccessDeniedHttpException('Not the processor'); } // make this user be the processor @@ -786,6 +789,87 @@ class ResqJobOrderHandler implements JobOrderHandlerInterface return $params; } + // initialize assign job order form + public function initializeAssignForm($id) + { + $em = $this->em; + + // manual transaction since we're locking + $em->getConnection()->beginTransaction(); + + $params['mode'] = 'update-assigning'; + + try + { + // get row data + $obj = $em->getRepository(JobOrder::class)->find($id); + + // make sure this row exists + if (empty($obj)) + { + $em->getConnection()->rollback(); + throw $this->createNotFoundException('The job order does not exist'); + } + + // check status + if ($obj->getStatus() != JOStatus::RIDER_ASSIGN) + { + $em->getConnection()->rollback(); + throw $this->createNotFoundException('The job order does not have an assigning status'); + } + + // check if super user + $user = $this->security->getUser(); + if ($user != null) + { + if ($user->isSuperAdmin()) + { + // do nothing, just allow page to be accessed + } + else + { + // check if hub is assigned to current user + $user_hubs = $user->getHubs(); + if (!in_array($obj->getHub()->getID(), $user_hubs)) + { + $em->getConnection()->rollback(); + throw $this->createNotFoundException('The job order is not on a hub assigned to this user'); + } + + // check if we are the assignor + $assignor = $obj->getAssignedBy(); + + if ($assignor != null && $assignor->getID() != $user->getID()) + { + $em->getConnection()->rollback(); + throw $this->createAccessDeniedException('Not the assignor'); + } + + // make this user be the assignor + $obj->setAssignedBy($user); + } + } + + $em->flush(); + + $em->getConnection()->commit(); + } + catch (PessimisticLockException $e) + { + throw $this->createAccessDeniedException('Not the assignor'); + } + + $this->fillDropdownParameters($params); + $this->fillFormTags($params); + + $params['obj'] = $obj; + $params['status_cancelled'] = JOStatus::CANCELLED; + + return $params; + + + } + protected function fillDropdownParameters(&$params) { $em = $this->em; diff --git a/src/Service/JobOrderHandlerInterface.php b/src/Service/JobOrderHandlerInterface.php index 4dae3034..0add57a5 100644 --- a/src/Service/JobOrderHandlerInterface.php +++ b/src/Service/JobOrderHandlerInterface.php @@ -39,4 +39,7 @@ interface JobOrderHandlerInterface // initialize dispatch/processing job order form public function initializeDispatchForm(int $id, MapTools $map_tools); + + // initialize assign job order form + public function initializeAssignForm(int $id); }