TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/thelia/thelia into coupon

Browse Source 
# By Manuel Raynaud
# Via Manuel Raynaud
* 'master' of https://github.com/thelia/thelia:
  add accessDenied method
  add helper checkXmlHttpRequest
  don't delete address if this is address is a default one
This commit is contained in:
gmorel
2013-09-12 17:22:02 +02:00
parent 2e7e31285e 0ca5af597a
commit 93766c56e9
7 changed files with 79 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
core/lib/Thelia/Action/PageNotFound.php → core/lib/Thelia/Action/HttpException.php
View File

@@ -32,29 +32,38 @@ use Thelia\Model\ConfigQuery;
/** /**
* *
* Class PageNotFound * Class HttpException
* @package Thelia\Action * @package Thelia\Action
* @author Etienne Roudeix <eroudeix@openstudio.fr> * @author Etienne Roudeix <eroudeix@openstudio.fr>
*/ */
class PageNotFound extends BaseAction implements EventSubscriberInterface class HttpException extends BaseAction implements EventSubscriberInterface
{ {
public function display404(GetResponseForExceptionEvent $event) public function checkHttpException(GetResponseForExceptionEvent $event)
{ {
if ($event->getException() instanceof NotFoundHttpException) { if ($event->getException() instanceof NotFoundHttpException) {
$this->display404($event);
$parser = $this->container->get("thelia.parser");
// Define the template thant shoud be used
$parser->setTemplate(ConfigQuery::getActiveTemplate());
//$event->getRequest()->attributes->set('_view', ConfigQuery::getPageNotFoundView());
$response = new Response($parser->render(ConfigQuery::getPageNotFoundView()), 404);
$event->setResponse($response);
} }
} }
protected function display404(GetResponseForExceptionEvent $event)
{
$parser = $this->container->get("thelia.parser");
// Define the template thant shoud be used
$parser->setTemplate(ConfigQuery::getActiveTemplate());
//$event->getRequest()->attributes->set('_view', ConfigQuery::getPageNotFoundView());
$response = new Response($parser->render(ConfigQuery::getPageNotFoundView()), 404);
$event->setResponse($response);
}
protected function display403(GetResponseForExceptionEvent $event)
{
$event->setResponse(new Response("You don't have access to this resources", 403));
}
/** /**
* Returns an array of event names this subscriber wants to listen to. * Returns an array of event names this subscriber wants to listen to.
* *
@@ -78,7 +87,7 @@ class PageNotFound extends BaseAction implements EventSubscriberInterface
public static function getSubscribedEvents() public static function getSubscribedEvents()
{ {
return array( return array(
KernelEvents::EXCEPTION => array("display404", 128), KernelEvents::EXCEPTION => array("checkHttpException", 128),
); );
} }
} }

2
core/lib/Thelia/Config/Resources/action.xml
View File

@@ -67,7 +67,7 @@
<tag name="kernel.event_subscriber"/> <tag name="kernel.event_subscriber"/>
</service> </service>
<service id="thelia.action.pageNotFound" class="Thelia\Action\PageNotFound"> <service id="thelia.action.httpException" class="Thelia\Action\HttpException">
<argument type="service" id="service_container"/> <argument type="service" id="service_container"/>
<tag name="kernel.event_subscriber"/> <tag name="kernel.event_subscriber"/>
</service> </service>

11
core/lib/Thelia/Config/Resources/routing/front.xml
View File

@@ -66,12 +66,19 @@
<route id="address.edit" path="/address/edit/{address_id}"> <route id="address.edit" path="/address/edit/{address_id}">
<default key="_controller">Thelia\Controller\Front\DefaultController::noAction</default> <default key="_controller">Thelia\Controller\Front\DefaultController::noAction</default>
<default key="_view">address_edit</default> <default key="_view">address-edit</default>
</route> </route>
<route id="address.update" path="/address/update" > <route id="address.update" path="/address/update" >
<default key="_controller">Thelia\Controller\Front\AddressController::updateAction</default> <default key="_controller">Thelia\Controller\Front\AddressController::updateAction</default>
</route> </route>
<route id="address.generateModal" path="/address/modal/{address_id}" methods="get">
<default key="_controller">Thelia\Controller\Front\AddressController::generateModalAction</default>
<default key="_view">modal-address</default>
<requirement key="address_id">\d+</requirement>
</route>
<!-- end customer address routes --> <!-- end customer address routes -->
<!-- cart routes --> <!-- cart routes -->
@@ -94,6 +101,8 @@
<default key="_view">cart</default> <default key="_view">cart</default>
</route> </route>
<!-- end cart routes -->
<!-- order management process --> <!-- order management process -->
<route id="order.delivery.add" path="/delivery/choose/{delivery_id}"> <route id="order.delivery.add" path="/delivery/choose/{delivery_id}">
<default key="_controller">Thelia\Controller\Front\DeliveryController::select</default> <default key="_controller">Thelia\Controller\Front\DeliveryController::select</default>

18
core/lib/Thelia/Controller/BaseController.php
View File

@@ -25,6 +25,7 @@ namespace Thelia\Controller;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\DependencyInjection\ContainerAware; use Symfony\Component\DependencyInjection\ContainerAware;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Exception\InvalidParameterException; use Symfony\Component\Routing\Exception\InvalidParameterException;
use Symfony\Component\Routing\Exception\MissingMandatoryParametersException; use Symfony\Component\Routing\Exception\MissingMandatoryParametersException;
use Symfony\Component\Routing\Exception\RouteNotFoundException; use Symfony\Component\Routing\Exception\RouteNotFoundException;
@@ -263,4 +264,21 @@ class BaseController extends ContainerAware
{ {
return $this->container->getParameter('kernel.debug'); return $this->container->getParameter('kernel.debug');
} }
protected function accessDenied()
{
throw new AccessDeniedHttpException();
}
/**
* check if the current http request is a XmlHttpRequest.
*
* If not, send a
*/
protected function checkXmlHttpRequest()
{
if(false === $this->getRequest()->isXmlHttpRequest() && false === $this->isDebug()) {
$this->accessDenied();
}
}
} }

17
core/lib/Thelia/Controller/Front/AddressController.php
View File

@@ -39,6 +39,21 @@ use Thelia\Tools\URL;
class AddressController extends BaseFrontController class AddressController extends BaseFrontController
{ {
/**
* Controller for generate modal containing update form
* Check if request is a XmlHttpRequest and address owner is the current customer
* @param $address_id
*/
public function generateModalAction($address_id)
{
if ($this->getSecurityContext()->hasCustomerUser() === false) {
$this->accessDenied();
}
$this->checkXmlHttpRequest();
}
/** /**
* Create controller. * Create controller.
* Check if customer is logged in * Check if customer is logged in
@@ -48,7 +63,7 @@ class AddressController extends BaseFrontController
public function createAction() public function createAction()
{ {
if ($this->getSecurityContext()->hasCustomerUser() === false) { if ($this->getSecurityContext()->hasCustomerUser() === false) {
$this->redirect(URL::getInstance()->getIndexPage()); $this->accessDenied()
} }
$addressCreate = new AddressCreateForm($this->getRequest()); $addressCreate = new AddressCreateForm($this->getRequest());

10
core/lib/Thelia/Model/Address.php
View File

@@ -71,4 +71,14 @@ class Address extends BaseAddress {
$this->dispatchEvent(TheliaEvents::AFTER_DELETEADDRESS, new AddressEvent($this)); $this->dispatchEvent(TheliaEvents::AFTER_DELETEADDRESS, new AddressEvent($this));
} }
public function preSave()
{
$valid = true;
if($this->getIsDefault()) {
$valid = false;
}
return $valid;
}
} }

0
templates/default/modal-address.html Normal file
View File