afornerot/ninedad
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

srcf

Browse Source
This commit is contained in:
afornerot
2025-09-17 14:36:05 +02:00
parent b7b07e5abf
commit 91022d2037
11 changed files with 31 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@@ -40,6 +40,7 @@
"symfony/property-info": "^7.2",
"symfony/runtime": "^7.2",
"symfony/security-bundle": "^7.2",
"symfony/security-csrf": "^7.2",
"symfony/serializer": "^7.2",
"symfony/stimulus-bundle": "^2.21",
"symfony/string": "^7.2",

2
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "67e324518270930150d990299cd0b613",
"content-hash": "31c3ee9a06365c5a9df6f2ed45712eb3",
"packages": [
{
"name": "apereo/phpcas",

8
config/packages/framework.yaml
View File

@@ -1,10 +1,14 @@
# see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
secret: '%env(APP_SECRET)%'
#csrf_protection: true
csrf_protection: true
# Note that the session will be started ONLY if you read or write from it.
session: true
session:
enabled: true
handler_id: null
cookie_secure: auto
#esi: true
#fragments: true

2
config/packages/security.yaml
View File

@@ -23,6 +23,8 @@ security:
login_path: app_login
check_path: app_login
enable_csrf: true
csrf_token_id: authenticate
csrf_parameter: _csrf_token
default_target_path: /
logout:
path: app_logout

34
src/Controller/UserController.php
View File

@@ -2,18 +2,17 @@
namespace App\Controller;
use App\Entity\Project;
use App\Entity\User;
use App\Form\UserType;
use App\Repository\UserRepository;
use Doctrine\ORM\EntityManagerInterface;
use Ramsey\Uuid\Uuid;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
class UserController extends AbstractController
{
@@ -127,8 +126,11 @@ class UserController extends AbstractController
}
#[Route('/user', name: 'app_user_profil')]
public function profil(Request $request, UserPasswordHasherInterface $passwordHasher, EntityManagerInterface $em): Response
public function profil(CsrfTokenManagerInterface $csrfTokenManager, Request $request, UserPasswordHasherInterface $passwordHasher, EntityManagerInterface $em): Response
{
$token = $csrfTokenManager->getToken('user')->getValue();
dump($token);
$user = $em->getRepository(User::class)->find($this->getUser());
if (!$user) {
return $this->redirectToRoute('app_home');
@@ -162,30 +164,4 @@ class UserController extends AbstractController
'form' => $form,
]);
}
#[Route('/user/selectproject', name: 'app_user_selectproject')]
public function selectproject(Request $request, EntityManagerInterface $em): JsonResponse
{
$id = $request->get('id');
$project = $em->getRepository(Project::class)->find($id);
if (!$project) {
return new JsonResponse(['status' => 'KO', 'message' => 'ID non fourni'], Response::HTTP_NOT_FOUND);
}
$user = $this->getUser();
if (!$user instanceof User) {
throw new \LogicException('L\'utilisateur actuel n\'est pas une instance de App\Entity\User.');
}
$projects = $user->getProjects();
if (!$projects->contains($project)) {
return new JsonResponse(['status' => 'KO', 'message' => 'Projet non autorisée'], Response::HTTP_FORBIDDEN);
}
$user->setProject($project);
$em->flush();
return new JsonResponse(['status' => 'OK', 'message' => 'Projet selectionnée'], Response::HTTP_OK);
}
}

3
src/Form/GroupType.php
View File

@@ -61,6 +61,9 @@ class GroupType extends AbstractType
{
$resolver->setDefaults([
'data_class' => Group::class,
'csrf_protection' => true,
'csrf_field_name' => '_token',
'csrf_token_id' => static::class,
'mode' => 'submit',
]);
}

3
src/Form/OptionType.php
View File

@@ -39,6 +39,9 @@ class OptionType extends AbstractType
{
$resolver->setDefaults([
'data_class' => ProjectOption::class,
'csrf_protection' => true,
'csrf_field_name' => '_token',
'csrf_token_id' => static::class,
'mode' => 'submit',
]);
}

3
src/Form/ProjectType.php
View File

@@ -71,6 +71,9 @@ class ProjectType extends AbstractType
{
$resolver->setDefaults([
'data_class' => Project::class,
'csrf_protection' => true,
'csrf_field_name' => '_token',
'csrf_token_id' => static::class,
'mode' => 'submit',
]);
}

3
src/Form/ProjectVotedType.php
View File

@@ -54,6 +54,9 @@ class ProjectVotedType extends AbstractType
{
$resolver->setDefaults([
'data_class' => Project::class,
'csrf_protection' => true,
'csrf_field_name' => '_token',
'csrf_token_id' => static::class,
'mode' => 'submit',
]);
}

3
src/Form/UserType.php
View File

@@ -81,6 +81,9 @@ class UserType extends AbstractType
{
$resolver->setDefaults([
'data_class' => User::class,
'csrf_protection' => true,
'csrf_field_name' => '_token',
'csrf_token_id' => static::class,
'mode' => 'submit',
'modeAuth' => 'SQL',
]);

1
templates/user/edit.html.twig
View File

@@ -7,6 +7,7 @@
{{ form_start(form) }}
{{ form_widget(form.submit) }}
<a href="{{ path(routecancel) }}" class="btn btn-secondary ms-1">Annuler</a>
{%if mode=="update" %}<a href="{{ path(routedelete,{id:form.vars.value.id}) }}" class="btn btn-danger float-end" onclick="return confirm('Confirmez-vous la suppression de cet enregistrement ?')">Supprimer</a>{%endif%}