diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php index 7f4a6725..ba337f87 100644 --- a/src/Controller/UserController.php +++ b/src/Controller/UserController.php @@ -16,22 +16,17 @@ class UserController extends BaseController { public function index() { + $this->denyAccessUnlessGranted('user.list', null, 'No access.'); + $params = $this->initParameters('user_list'); - $qb = $this->getDoctrine() - ->getRepository(User::class) - ->createQueryBuilder('q') - ->getQuery(); - - // get all rows - $rows = $qb->getResult(Query::HYDRATE_ARRAY); - - // response return $this->render('user/list.html.twig', $params); } public function rows(Request $req) { + $this->denyAccessUnlessGranted('user.list', null, 'No access.'); + // get query builder $qb = $this->getDoctrine() ->getRepository(User::class) @@ -83,15 +78,45 @@ class UserController extends BaseController } // get rows for this page - $rows = $query->setFirstResult($offset) + $obj_rows = $query->setFirstResult($offset) ->setMaxResults($perpage) ->getQuery() - ->getResult(Query::HYDRATE_ARRAY); + ->getResult(); + // Query::HYDRATE_ARRAY); - // add crud urls - foreach ($rows as $index => $row) { - $rows[$index]['update_url'] = $this->generateUrl('user_update', ['id' => $row['id']]); - $rows[$index]['delete_url'] = $this->generateUrl('user_delete', ['id' => $row['id']]); + // process rows + $rows = []; + foreach ($obj_rows as $orow) { + // add row data + $row['id'] = $orow->getID(); + $row['username'] = $orow->getUsername(); + $row['first_name'] = $orow->getFirstName(); + $row['last_name'] = $orow->getLastName(); + $row['email'] = $orow->getEmail(); + $row['contact_num'] = $orow->getContactNumber(); + $row['enabled'] = $orow->isEnabled(); + + + // add row metadata + $row['meta'] = [ + 'update_url' => '', + 'delete_url' => '' + ]; + + // check if they have access to super admin users + if (!$this->isGranted('user.role.sadmin') && $orow->isSuperAdmin()) + { + $rows[] = $row; + continue; + } + + // add crud urls + if ($this->isGranted('user.update')) + $row['meta']['update_url'] = $this->generateUrl('user_update', ['id' => $row['id']]); + if ($this->isGranted('user.delete')) + $row['meta']['delete_url'] = $this->generateUrl('user_delete', ['id' => $row['id']]); + + $rows[] = $row; } // response @@ -103,6 +128,8 @@ class UserController extends BaseController public function create() { + $this->denyAccessUnlessGranted('user.add', null, 'No access.'); + $params = $this->initParameters('user_list'); // get roles @@ -115,6 +142,8 @@ class UserController extends BaseController public function createSubmit(Request $req, EncoderFactoryInterface $ef, ValidatorInterface $validator) { + $this->denyAccessUnlessGranted('user.add', null, 'No access.'); + // create new row $em = $this->getDoctrine()->getManager(); $row = new User(); @@ -135,9 +164,14 @@ class UserController extends BaseController foreach ($roles as $role_id) { // check if role exists $role = $em->getRepository(Role::class)->find($role_id); - if (!empty($role)) + { + // check access to super user roles + if ($role->isSuperAdmin() && !$this->isGranted('user.role.sadmin')) + continue; + $row->addRole($role); + } } } @@ -191,6 +225,8 @@ class UserController extends BaseController public function update($id) { + $this->denyAccessUnlessGranted('user.update', null, 'No access.'); + $params = $this->initParameters('user_list'); // get row data @@ -214,6 +250,8 @@ class UserController extends BaseController public function updateSubmit(Request $req, EncoderFactoryInterface $ef, ValidatorInterface $validator, $id) { + $this->denyAccessUnlessGranted('user.update', null, 'No access.'); + // get row data $em = $this->getDoctrine()->getManager(); $row = $em->getRepository(User::class)->find($id); @@ -293,6 +331,8 @@ class UserController extends BaseController public function destroy($id) { + $this->denyAccessUnlessGranted('user.delete', null, 'No access.'); + $params = $this->initParameters('user_list'); // get row data diff --git a/src/Entity/User.php b/src/Entity/User.php index 07557716..f52c51a4 100644 --- a/src/Entity/User.php +++ b/src/Entity/User.php @@ -233,4 +233,15 @@ class User implements AdvancedUserInterface, Serializable { return $this->email; } + + public function isSuperAdmin() + { + foreach ($this->roles as $role) + { + if ($role->isSuperAdmin()) + return true; + } + + return false; + } } diff --git a/templates/user/form.html.twig b/templates/user/form.html.twig index fa371bdf..759f4137 100644 --- a/templates/user/form.html.twig +++ b/templates/user/form.html.twig @@ -103,11 +103,14 @@
{% for role in roles %} + {% if role.isSuperAdmin and not is_granted('user.role.sadmin') %} + {% else %} + {% endif %} {% endfor %}
@@ -213,4 +216,4 @@ } }); -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/templates/user/list.html.twig b/templates/user/list.html.twig index 5f1c0d10..5b228166 100644 --- a/templates/user/list.html.twig +++ b/templates/user/list.html.twig @@ -122,10 +122,14 @@ sortable: false, overflow: 'visible', template: function (row, index, datatable) { - var actions = ''; + var actions = ''; + + if (row.meta.update_url != '') { + actions += ''; + } - if (row.id != 'ROLE_SUPER_ADMIN') { - actions += ''; + if (row.meta.delete_url != '') { + actions += ''; } return actions; @@ -173,4 +177,4 @@ }); }); -{% endblock %} \ No newline at end of file +{% endblock %}