Merge branch 'master' of https://github.com/thelia/thelia into coupon

# By Manuel Raynaud # Via Manuel Raynaud * 'master' of https://github.com/thelia/thelia: add accessDenied method add helper checkXmlHttpRequest don't delete address if this is address is a default one
2013-09-12 17:22:02 +02:00
parent 2e7e31285e 0ca5af597a
commit 93766c56e9
7 changed files with 79 additions and 18 deletions
--- a/core/lib/Thelia/Controller/BaseController.php
+++ b/core/lib/Thelia/Controller/BaseController.php
@@ -25,6 +25,7 @@ namespace Thelia\Controller;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\DependencyInjection\ContainerAware;

+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Routing\Exception\InvalidParameterException;
 use Symfony\Component\Routing\Exception\MissingMandatoryParametersException;
 use Symfony\Component\Routing\Exception\RouteNotFoundException;
@@ -263,4 +264,21 @@ class BaseController extends ContainerAware
    {
        return $this->container->getParameter('kernel.debug');
    }
+
+    protected function accessDenied()
+    {
+        throw new AccessDeniedHttpException();
+    }
+
+    /**
+     * check if the current http request is a XmlHttpRequest.
+     *
+     * If not, send a
+     */
+    protected function checkXmlHttpRequest()
+    {
+        if(false === $this->getRequest()->isXmlHttpRequest() && false === $this->isDebug()) {
+            $this->accessDenied();
+        }
+    }
 }
--- a/core/lib/Thelia/Controller/Front/AddressController.php
+++ b/core/lib/Thelia/Controller/Front/AddressController.php
@@ -39,6 +39,21 @@ use Thelia\Tools\URL;
 class AddressController extends BaseFrontController
 {

+    /**
+     * Controller for generate modal containing update form
+     * Check if request is a XmlHttpRequest and address owner is the current customer
+     * @param $address_id
+     */
+    public function generateModalAction($address_id)
+    {
+        if ($this->getSecurityContext()->hasCustomerUser() === false) {
+            $this->accessDenied();
+        }
+
+        $this->checkXmlHttpRequest();
+
+
+    }
    /**
     * Create controller.
     * Check if customer is logged in
@@ -48,7 +63,7 @@ class AddressController extends BaseFrontController
    public function createAction()
    {
        if ($this->getSecurityContext()->hasCustomerUser() === false) {
-            $this->redirect(URL::getInstance()->getIndexPage());
+            $this->accessDenied()
        }

        $addressCreate = new AddressCreateForm($this->getRequest());