Merge branch 'master' of https://github.com/thelia/thelia into coupon

# By Manuel Raynaud # Via Manuel Raynaud * 'master' of https://github.com/thelia/thelia: add accessDenied method add helper checkXmlHttpRequest don't delete address if this is address is a default one
2013-09-12 17:22:02 +02:00
parent 2e7e31285e 0ca5af597a
commit 93766c56e9
7 changed files with 79 additions and 18 deletions
--- a/core/lib/Thelia/Action/HttpException.php
+++ b/core/lib/Thelia/Action/HttpException.php
@@ -32,29 +32,38 @@ use Thelia\Model\ConfigQuery;

 /**
 *
- * Class PageNotFound
+ * Class HttpException
 * @package Thelia\Action
 * @author Etienne Roudeix <eroudeix@openstudio.fr>
 */
-class PageNotFound extends BaseAction implements EventSubscriberInterface
+class HttpException extends BaseAction implements EventSubscriberInterface
 {
-    public function display404(GetResponseForExceptionEvent $event)
+    public function checkHttpException(GetResponseForExceptionEvent $event)
    {
        if ($event->getException() instanceof NotFoundHttpException) {
-
-            $parser = $this->container->get("thelia.parser");
-
-            // Define the template thant shoud be used
-            $parser->setTemplate(ConfigQuery::getActiveTemplate());
-
-            //$event->getRequest()->attributes->set('_view', ConfigQuery::getPageNotFoundView());
-
-            $response = new Response($parser->render(ConfigQuery::getPageNotFoundView()), 404);
-
-            $event->setResponse($response);
+            $this->display404($event);
        }
    }

+    protected function display404(GetResponseForExceptionEvent $event)
+    {
+        $parser = $this->container->get("thelia.parser");
+
+        // Define the template thant shoud be used
+        $parser->setTemplate(ConfigQuery::getActiveTemplate());
+
+        //$event->getRequest()->attributes->set('_view', ConfigQuery::getPageNotFoundView());
+
+        $response = new Response($parser->render(ConfigQuery::getPageNotFoundView()), 404);
+
+        $event->setResponse($response);
+    }
+
+    protected function display403(GetResponseForExceptionEvent $event)
+    {
+        $event->setResponse(new Response("You don't have access to this resources", 403));
+    }
+
    /**
     * Returns an array of event names this subscriber wants to listen to.
     *
@@ -78,7 +87,7 @@ class PageNotFound extends BaseAction implements EventSubscriberInterface
    public static function getSubscribedEvents()
    {
        return array(
-            KernelEvents::EXCEPTION => array("display404", 128),
+            KernelEvents::EXCEPTION => array("checkHttpException", 128),
        );
    }
 }
--- a/core/lib/Thelia/Config/Resources/action.xml
+++ b/core/lib/Thelia/Config/Resources/action.xml
@@ -67,7 +67,7 @@
            <tag name="kernel.event_subscriber"/>
        </service>

-        <service id="thelia.action.pageNotFound" class="Thelia\Action\PageNotFound">
+        <service id="thelia.action.httpException" class="Thelia\Action\HttpException">
            <argument type="service" id="service_container"/>
            <tag name="kernel.event_subscriber"/>
        </service>
--- a/core/lib/Thelia/Config/Resources/routing/front.xml
+++ b/core/lib/Thelia/Config/Resources/routing/front.xml
@@ -66,12 +66,19 @@

    <route id="address.edit" path="/address/edit/{address_id}">
        <default key="_controller">Thelia\Controller\Front\DefaultController::noAction</default>
-        <default key="_view">address_edit</default>
+        <default key="_view">address-edit</default>
    </route>

    <route id="address.update" path="/address/update" >
        <default key="_controller">Thelia\Controller\Front\AddressController::updateAction</default>
    </route>
+
+    <route id="address.generateModal" path="/address/modal/{address_id}" methods="get">
+        <default key="_controller">Thelia\Controller\Front\AddressController::generateModalAction</default>
+        <default key="_view">modal-address</default>
+        <requirement key="address_id">\d+</requirement>
+    </route>
+
    <!-- end customer address routes -->

    <!-- cart routes -->
@@ -94,6 +101,8 @@
        <default key="_view">cart</default>
    </route>

+    <!-- end cart routes -->
+
    <!-- order management process -->
    <route id="order.delivery.add" path="/delivery/choose/{delivery_id}">
        <default key="_controller">Thelia\Controller\Front\DeliveryController::select</default>
--- a/core/lib/Thelia/Controller/BaseController.php
+++ b/core/lib/Thelia/Controller/BaseController.php
@@ -25,6 +25,7 @@ namespace Thelia\Controller;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\DependencyInjection\ContainerAware;

+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Routing\Exception\InvalidParameterException;
 use Symfony\Component\Routing\Exception\MissingMandatoryParametersException;
 use Symfony\Component\Routing\Exception\RouteNotFoundException;
@@ -263,4 +264,21 @@ class BaseController extends ContainerAware
    {
        return $this->container->getParameter('kernel.debug');
    }
+
+    protected function accessDenied()
+    {
+        throw new AccessDeniedHttpException();
+    }
+
+    /**
+     * check if the current http request is a XmlHttpRequest.
+     *
+     * If not, send a
+     */
+    protected function checkXmlHttpRequest()
+    {
+        if(false === $this->getRequest()->isXmlHttpRequest() && false === $this->isDebug()) {
+            $this->accessDenied();
+        }
+    }
 }
--- a/core/lib/Thelia/Controller/Front/AddressController.php
+++ b/core/lib/Thelia/Controller/Front/AddressController.php
@@ -39,6 +39,21 @@ use Thelia\Tools\URL;
 class AddressController extends BaseFrontController
 {

+    /**
+     * Controller for generate modal containing update form
+     * Check if request is a XmlHttpRequest and address owner is the current customer
+     * @param $address_id
+     */
+    public function generateModalAction($address_id)
+    {
+        if ($this->getSecurityContext()->hasCustomerUser() === false) {
+            $this->accessDenied();
+        }
+
+        $this->checkXmlHttpRequest();
+
+
+    }
    /**
     * Create controller.
     * Check if customer is logged in
@@ -48,7 +63,7 @@ class AddressController extends BaseFrontController
    public function createAction()
    {
        if ($this->getSecurityContext()->hasCustomerUser() === false) {
-            $this->redirect(URL::getInstance()->getIndexPage());
+            $this->accessDenied()
        }

        $addressCreate = new AddressCreateForm($this->getRequest());
--- a/core/lib/Thelia/Model/Address.php
+++ b/core/lib/Thelia/Model/Address.php
@@ -71,4 +71,14 @@ class Address extends BaseAddress {
        $this->dispatchEvent(TheliaEvents::AFTER_DELETEADDRESS, new AddressEvent($this));
    }

+    public function preSave()
+    {
+        $valid = true;
+        if($this->getIsDefault()) {
+            $valid =  false;
+        }
+
+        return $valid;
+    }
+
 }
--- a/templates/default/modal-address.html
+++ b/templates/default/modal-address.html