Merge branch 'master' of https://github.com/thelia/thelia into coupon
* 'master' of https://github.com/thelia/thelia: (33 commits) permissions finish contact process create contact form create example for mail usage permission cleanup change place where absolute url is create when rewritten url is enabled fix issue #43 fix typo in product breadcrumb update countries list fix issue #35 fix cartItem updateQuantity method add some verification on country default trigger not allowed to delete default country WIP : admin profiles fiw test suite clear cache when a module is removed end module removal create event object for module delete action update insert script new model ... Conflicts: core/lib/Thelia/Controller/Admin/CouponController.php
This commit is contained in:
gmorel
@@ -23,6 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\Exception\FormValidationException;
|
||||
use Thelia\Core\Event\UpdatePositionEvent;
|
||||
|
||||
@@ -40,10 +41,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
protected $orderRequestParameterName;
|
||||
|
||||
// Permissions
|
||||
protected $viewPermissionIdentifier;
|
||||
protected $createPermissionIdentifier;
|
||||
protected $updatePermissionIdentifier;
|
||||
protected $deletePermissionIdentifier;
|
||||
protected $resourceCode;
|
||||
|
||||
// Events
|
||||
protected $createEventIdentifier;
|
||||
@@ -58,10 +56,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
* @param string $defaultListOrder the default object list order, or null if list is not sortable. Example: manual
|
||||
* @param string $orderRequestParameterName Name of the request parameter that set the list order (null if list is not sortable)
|
||||
*
|
||||
* @param string $viewPermissionIdentifier the 'view' permission identifier. Example: "admin.configuration.message.view"
|
||||
* @param string $createPermissionIdentifier the 'create' permission identifier. Example: "admin.configuration.message.create"
|
||||
* @param string $updatePermissionIdentifier the 'update' permission identifier. Example: "admin.configuration.message.update"
|
||||
* @param string $deletePermissionIdentifier the 'delete' permission identifier. Example: "admin.configuration.message.delete"
|
||||
* @param string $resourceCode the 'resource' code. Example: "admin.configuration.message"
|
||||
*
|
||||
* @param string $createEventIdentifier the dispatched create TheliaEvent identifier. Example: TheliaEvents::MESSAGE_CREATE
|
||||
* @param string $updateEventIdentifier the dispatched update TheliaEvent identifier. Example: TheliaEvents::MESSAGE_UPDATE
|
||||
@@ -76,10 +71,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
$defaultListOrder = null,
|
||||
$orderRequestParameterName = null,
|
||||
|
||||
$viewPermissionIdentifier,
|
||||
$createPermissionIdentifier,
|
||||
$updatePermissionIdentifier,
|
||||
$deletePermissionIdentifier,
|
||||
$resourceCode,
|
||||
|
||||
$createEventIdentifier,
|
||||
$updateEventIdentifier,
|
||||
@@ -92,10 +84,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
$this->defaultListOrder = $defaultListOrder;
|
||||
$this->orderRequestParameterName = $orderRequestParameterName;
|
||||
|
||||
$this->viewPermissionIdentifier = $viewPermissionIdentifier;
|
||||
$this->createPermissionIdentifier = $createPermissionIdentifier;
|
||||
$this->updatePermissionIdentifier = $updatePermissionIdentifier;
|
||||
$this->deletePermissionIdentifier = $deletePermissionIdentifier;
|
||||
$this->resourceCode = $resourceCode;
|
||||
|
||||
$this->createEventIdentifier = $createEventIdentifier;
|
||||
$this->updateEventIdentifier = $updateEventIdentifier;
|
||||
@@ -278,7 +267,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
*/
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->viewPermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::VIEW)) return $response;
|
||||
return $this->renderList();
|
||||
}
|
||||
|
||||
@@ -290,7 +279,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function createAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->createPermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::CREATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -351,7 +340,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function updateAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
// Load the object
|
||||
$object = $this->getExistingObject();
|
||||
@@ -377,7 +366,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function processUpdateAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -442,7 +431,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function updatePositionAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
$mode = $this->getRequest()->get('mode', null);
|
||||
@@ -476,7 +465,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
protected function genericUpdatePositionAction($object, $eventName, $doFinalRedirect = true)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
if ($object != null) {
|
||||
|
||||
@@ -510,7 +499,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$changeEvent = $this->createToggleVisibilityEvent($this->getRequest());
|
||||
|
||||
@@ -532,7 +521,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function deleteAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->deletePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::DELETE)) return $response;
|
||||
|
||||
// Get the currency id, and dispatch the delet request
|
||||
$deleteEvent = $this->getDeleteEvent();
|
||||
|
||||
@@ -24,8 +24,9 @@
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\Address\AddressCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Address\AddressEvent;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\AddressCreateForm;
|
||||
use Thelia\Form\AddressUpdateForm;
|
||||
use Thelia\Model\AddressQuery;
|
||||
@@ -45,10 +46,7 @@ class AddressController extends AbstractCrudController
|
||||
null,
|
||||
null,
|
||||
|
||||
AdminResources::ADDRESS_VIEW,
|
||||
AdminResources::ADDRESS_CREATE,
|
||||
AdminResources::ADDRESS_UPDATE,
|
||||
AdminResources::ADDRESS_DELETE,
|
||||
AdminResources::ADDRESS,
|
||||
|
||||
TheliaEvents::ADDRESS_CREATE,
|
||||
TheliaEvents::ADDRESS_UPDATE,
|
||||
@@ -61,7 +59,7 @@ class AddressController extends AbstractCrudController
|
||||
|
||||
public function useAddressAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$address_id = $this->getRequest()->request->get('address_id');
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Area\AreaAddCountryEvent;
|
||||
use Thelia\Core\Event\Area\AreaCreateEvent;
|
||||
use Thelia\Core\Event\Area\AreaDeleteEvent;
|
||||
@@ -31,6 +31,7 @@ use Thelia\Core\Event\Area\AreaRemoveCountryEvent;
|
||||
use Thelia\Core\Event\Area\AreaUpdateEvent;
|
||||
use Thelia\Core\Event\Area\AreaUpdatePostageEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\Area\AreaCountryForm;
|
||||
use Thelia\Form\Area\AreaCreateForm;
|
||||
use Thelia\Form\Area\AreaModificationForm;
|
||||
@@ -53,10 +54,7 @@ class AreaController extends AbstractCrudController
|
||||
null,
|
||||
null,
|
||||
|
||||
AdminResources::AREA_VIEW,
|
||||
AdminResources::AREA_CREATE,
|
||||
AdminResources::AREA_UPDATE,
|
||||
AdminResources::AREA_DELETE,
|
||||
AdminResources::AREA,
|
||||
|
||||
TheliaEvents::AREA_CREATE,
|
||||
TheliaEvents::AREA_UPDATE,
|
||||
@@ -233,7 +231,7 @@ class AreaController extends AbstractCrudController
|
||||
public function addCountry()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$areaCountryForm = new AreaCountryForm($this->getRequest());
|
||||
$error_msg = null;
|
||||
@@ -275,7 +273,7 @@ class AreaController extends AbstractCrudController
|
||||
public function removeCountry()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
$request = $this->getRequest();
|
||||
$removeCountryEvent = new AreaRemoveCountryEvent($request->request->get('areai_id', 0), $request->request->get('country_id', 0));
|
||||
|
||||
@@ -286,7 +284,7 @@ class AreaController extends AbstractCrudController
|
||||
|
||||
public function updatePostageAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$areaUpdateForm = new AreaPostageForm($this->getRequest());
|
||||
$error_msg = null;
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Attribute\AttributeAvDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Attribute\AttributeAvUpdateEvent;
|
||||
|
||||
@@ -23,11 +23,12 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Attribute\AttributeDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Attribute\AttributeUpdateEvent;
|
||||
use Thelia\Core\Event\Attribute\AttributeCreateEvent;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Model\AttributeQuery;
|
||||
use Thelia\Form\AttributeModificationForm;
|
||||
use Thelia\Form\AttributeCreationForm;
|
||||
@@ -51,10 +52,7 @@ class AttributeController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
AdminResources::ATTRIBUTE_VIEW,
|
||||
AdminResources::ATTRIBUTE_CREATE,
|
||||
AdminResources::ATTRIBUTE_UPDATE,
|
||||
AdminResources::ATTRIBUTE_DELETE,
|
||||
AdminResources::ATTRIBUTE,
|
||||
|
||||
TheliaEvents::ATTRIBUTE_CREATE,
|
||||
TheliaEvents::ATTRIBUTE_UPDATE,
|
||||
@@ -254,7 +252,7 @@ class AttributeController extends AbstractCrudController
|
||||
protected function addRemoveFromAllTemplates($eventType)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
if (null !== $object = $this->getExistingObject()) {
|
||||
|
||||
@@ -111,22 +111,24 @@ class BaseAdminController extends BaseController
|
||||
/**
|
||||
* Check current admin user authorisations. An ADMIN role is assumed.
|
||||
*
|
||||
* @param mixed $permissions a single permission or an array of permissions.
|
||||
* @param mixed $resources a single resource or an array of resources.
|
||||
* @param mixed $accesses a single access or an array of accesses.
|
||||
*
|
||||
* @return mixed null if authorization is granted, or a Response object which contains the error page otherwise
|
||||
*
|
||||
*/
|
||||
protected function checkAuth($permissions)
|
||||
protected function checkAuth($resources, $accesses)
|
||||
{
|
||||
$permArr = is_array($permissions) ? $permissions : array($permissions);
|
||||
$resources = is_array($resources) ? $resources : array($resources);
|
||||
$accesses = is_array($accesses) ? $accesses : array($accesses);
|
||||
|
||||
if ($this->getSecurityContext()->isGranted(array("ADMIN"), $permArr)) {
|
||||
if ($this->getSecurityContext()->isGranted(array("ADMIN"), $resources, $accesses)) {
|
||||
// Okay !
|
||||
return null;
|
||||
}
|
||||
|
||||
// Log the problem
|
||||
$this->adminLogAppend("User is not granted for permissions %s", implode(", ", $permArr));
|
||||
$this->adminLogAppend("User is not granted for resources %s with accesses %s", implode(", ", $resources), implode(", ", $accesses));
|
||||
|
||||
// Generate the proper response
|
||||
$response = new Response();
|
||||
|
||||
@@ -24,11 +24,12 @@
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Category\CategoryDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Category\CategoryUpdateEvent;
|
||||
use Thelia\Core\Event\Category\CategoryCreateEvent;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Model\CategoryQuery;
|
||||
use Thelia\Form\CategoryModificationForm;
|
||||
use Thelia\Form\CategoryCreationForm;
|
||||
@@ -55,10 +56,7 @@ class CategoryController extends AbstractCrudController
|
||||
'manual',
|
||||
'category_order',
|
||||
|
||||
AdminResources::CATEGORY_VIEW,
|
||||
AdminResources::CATEGORY_CREATE,
|
||||
AdminResources::CATEGORY_UPDATE,
|
||||
AdminResources::CATEGORY_DELETE,
|
||||
AdminResources::CATEGORY,
|
||||
|
||||
TheliaEvents::CATEGORY_CREATE,
|
||||
TheliaEvents::CATEGORY_UPDATE,
|
||||
@@ -217,7 +215,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new CategoryToggleVisibilityEvent($this->getExistingObject());
|
||||
|
||||
@@ -297,7 +295,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function addRelatedContentAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -327,7 +325,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function addRelatedPictureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) {
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -355,7 +353,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function deleteRelatedContentAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
|
||||
@@ -23,11 +23,12 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Config\ConfigDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Config\ConfigUpdateEvent;
|
||||
use Thelia\Core\Event\Config\ConfigCreateEvent;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Model\ConfigQuery;
|
||||
use Thelia\Form\ConfigModificationForm;
|
||||
use Thelia\Form\ConfigCreationForm;
|
||||
@@ -46,10 +47,7 @@ class ConfigController extends AbstractCrudController
|
||||
'name',
|
||||
'order',
|
||||
|
||||
AdminResources::CONFIG_VIEW,
|
||||
AdminResources::CONFIG_CREATE,
|
||||
AdminResources::CONFIG_UPDATE,
|
||||
AdminResources::CONFIG_DELETE,
|
||||
AdminResources::CONFIG,
|
||||
|
||||
TheliaEvents::CONFIG_CREATE,
|
||||
TheliaEvents::CONFIG_UPDATE,
|
||||
@@ -188,7 +186,7 @@ class ConfigController extends AbstractCrudController
|
||||
public function changeValuesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$variables = $this->getRequest()->get('variable', array());
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Content\ContentAddFolderEvent;
|
||||
use Thelia\Core\Event\Content\ContentCreateEvent;
|
||||
use Thelia\Core\Event\Content\ContentDeleteEvent;
|
||||
@@ -31,6 +31,7 @@ use Thelia\Core\Event\Content\ContentToggleVisibilityEvent;
|
||||
use Thelia\Core\Event\Content\ContentUpdateEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\UpdatePositionEvent;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\ContentCreationForm;
|
||||
use Thelia\Form\ContentModificationForm;
|
||||
use Thelia\Model\ContentQuery;
|
||||
@@ -50,10 +51,7 @@ class ContentController extends AbstractCrudController
|
||||
'manual',
|
||||
'content_order',
|
||||
|
||||
AdminResources::CONTENT_VIEW,
|
||||
AdminResources::CONTENT_CREATE,
|
||||
AdminResources::CONTENT_UPDATE,
|
||||
AdminResources::CONTENT_DELETE,
|
||||
AdminResources::CONTENT,
|
||||
|
||||
TheliaEvents::CONTENT_CREATE,
|
||||
TheliaEvents::CONTENT_UPDATE,
|
||||
@@ -71,7 +69,7 @@ class ContentController extends AbstractCrudController
|
||||
public function addAdditionalFolderAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));
|
||||
|
||||
@@ -99,7 +97,7 @@ class ContentController extends AbstractCrudController
|
||||
public function removeAdditionalFolderAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));
|
||||
|
||||
|
||||
@@ -22,12 +22,13 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Country\CountryCreateEvent;
|
||||
use Thelia\Core\Event\Country\CountryDeleteEvent;
|
||||
use Thelia\Core\Event\Country\CountryToggleDefaultEvent;
|
||||
use Thelia\Core\Event\Country\CountryUpdateEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\CountryCreationForm;
|
||||
use Thelia\Form\CountryModificationForm;
|
||||
use Thelia\Model\CountryQuery;
|
||||
@@ -47,10 +48,7 @@ class CountryController extends AbstractCrudController
|
||||
'manual',
|
||||
'country_order',
|
||||
|
||||
AdminResources::COUNTRY_VIEW,
|
||||
AdminResources::COUNTRY_CREATE,
|
||||
AdminResources::COUNTRY_UPDATE,
|
||||
AdminResources::COUNTRY_DELETE,
|
||||
AdminResources::COUNTRY,
|
||||
|
||||
TheliaEvents::COUNTRY_CREATE,
|
||||
TheliaEvents::COUNTRY_UPDATE,
|
||||
@@ -237,7 +235,7 @@ class CountryController extends AbstractCrudController
|
||||
|
||||
public function toggleDefaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
$content = null;
|
||||
if (null !== $country_id = $this->getRequest()->get('country_id')) {
|
||||
$toogleDefaultEvent = new CountryToggleDefaultEvent($country_id);
|
||||
|
||||
@@ -27,10 +27,13 @@ use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Routing\Router;
|
||||
use Thelia\Condition\ConditionFactory;
|
||||
use Thelia\Condition\ConditionManagerInterface;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Condition\ConditionCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Event\Coupon\CouponConsumeEvent;
|
||||
use Thelia\Core\Event\Coupon\CouponCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Coupon\CouponManager;
|
||||
use Thelia\Coupon\ConditionCollection;
|
||||
use Thelia\Coupon\Type\CouponInterface;
|
||||
@@ -62,7 +65,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function browseAction()
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
|
||||
$args['urlReadCoupon'] = $this->getRoute(
|
||||
'admin.coupon.read',
|
||||
@@ -94,7 +97,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function readAction($couponId)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
|
||||
// Database request repeated in the loop but cached
|
||||
$search = CouponQuery::create();
|
||||
@@ -122,7 +125,7 @@ class CouponController extends BaseAdminController
|
||||
public function createAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
$response = $this->checkAuth(AdminResources::COUPON_CREATE);
|
||||
$response = $this->checkAuth(AdminResources::COUPON, AccessManager::CREATE);
|
||||
if ($response !== null) {
|
||||
return $response;
|
||||
}
|
||||
@@ -170,7 +173,7 @@ class CouponController extends BaseAdminController
|
||||
public function updateAction($couponId)
|
||||
{
|
||||
// Check current user authorization
|
||||
$response = $this->checkAuth(AdminResources::COUPON_UPDATE);
|
||||
$response = $this->checkAuth(AdminResources::COUPON, AccessManager::UPDATE);
|
||||
if ($response !== null) {
|
||||
return $response;
|
||||
}
|
||||
@@ -274,7 +277,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function getConditionInputAction($conditionId)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
@@ -304,7 +307,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function updateConditionsAction($couponId)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Currency\CurrencyDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Currency\CurrencyUpdateEvent;
|
||||
@@ -47,10 +47,7 @@ class CurrencyController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
AdminResources::CURRENCY_VIEW,
|
||||
AdminResources::CURRENCY_CREATE,
|
||||
AdminResources::CURRENCY_UPDATE,
|
||||
AdminResources::CURRENCY_DELETE,
|
||||
AdminResources::CURRENCY,
|
||||
|
||||
TheliaEvents::CURRENCY_CREATE,
|
||||
TheliaEvents::CURRENCY_UPDATE,
|
||||
@@ -187,7 +184,7 @@ class CurrencyController extends AbstractCrudController
|
||||
public function updateRatesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
$this->dispatch(TheliaEvents::CURRENCY_UPDATE_RATES);
|
||||
@@ -205,7 +202,7 @@ class CurrencyController extends AbstractCrudController
|
||||
public function setDefaultAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$changeEvent = new CurrencyUpdateEvent($this->getRequest()->get('currency_id', 0));
|
||||
|
||||
|
||||
@@ -24,11 +24,12 @@
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Propel\Runtime\Exception\PropelException;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Customer\CustomerAddressEvent;
|
||||
use Thelia\Core\Event\Customer\CustomerCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Customer\CustomerEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\CustomerModification;
|
||||
use Thelia\Form\Exception\FormValidationException;
|
||||
use Thelia\Model\CustomerQuery;
|
||||
@@ -43,13 +44,13 @@ class CustomerController extends BaseAdminController
|
||||
{
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::VIEW)) return $response;
|
||||
return $this->render("customers", array("display_customer" => 20));
|
||||
}
|
||||
|
||||
public function viewAction($customer_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::VIEW)) return $response;
|
||||
return $this->render("customer-edit", array(
|
||||
"customer_id" => $customer_id
|
||||
));
|
||||
@@ -63,7 +64,7 @@ class CustomerController extends BaseAdminController
|
||||
*/
|
||||
public function updateAction($customer_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$message = false;
|
||||
|
||||
@@ -119,7 +120,7 @@ class CustomerController extends BaseAdminController
|
||||
|
||||
public function deleteAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_DELETE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::DELETE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Feature\FeatureAvDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Feature\FeatureAvUpdateEvent;
|
||||
|
||||
@@ -23,11 +23,12 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Feature\FeatureDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Feature\FeatureUpdateEvent;
|
||||
use Thelia\Core\Event\Feature\FeatureCreateEvent;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Model\FeatureQuery;
|
||||
use Thelia\Form\FeatureModificationForm;
|
||||
use Thelia\Form\FeatureCreationForm;
|
||||
@@ -51,10 +52,7 @@ class FeatureController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
AdminResources::FEATURE_VIEW,
|
||||
AdminResources::FEATURE_CREATE,
|
||||
AdminResources::FEATURE_UPDATE,
|
||||
AdminResources::FEATURE_DELETE,
|
||||
AdminResources::FEATURE,
|
||||
|
||||
TheliaEvents::FEATURE_CREATE,
|
||||
TheliaEvents::FEATURE_UPDATE,
|
||||
@@ -254,7 +252,7 @@ class FeatureController extends AbstractCrudController
|
||||
protected function addRemoveFromAllTemplates($eventType)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
if (null !== $object = $this->getExistingObject()) {
|
||||
|
||||
@@ -26,12 +26,13 @@ namespace Thelia\Controller\Admin;
|
||||
use Propel\Runtime\Exception\PropelException;
|
||||
use Symfony\Component\HttpFoundation\File\UploadedFile;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Document\DocumentCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Document\DocumentDeleteEvent;
|
||||
use Thelia\Core\Event\Image\ImageCreateOrUpdateEvent;
|
||||
use Thelia\Core\Event\Image\ImageDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\Exception\FormValidationException;
|
||||
use Thelia\Log\Tlog;
|
||||
use Thelia\Model\CategoryDocument;
|
||||
@@ -70,7 +71,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function saveImageAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
if ($this->isParentTypeValid($parentType)) {
|
||||
@@ -146,7 +147,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function saveDocumentAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
if ($this->isParentTypeValid($parentType)) {
|
||||
@@ -210,7 +211,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getImageListAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('imageType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -227,7 +228,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getDocumentListAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('documentType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -244,7 +245,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getImageFormAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('imageType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -261,7 +262,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getDocumentFormAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('documentType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -278,7 +279,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function viewImageAction($imageId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
try {
|
||||
@@ -307,7 +308,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function viewDocumentAction($documentId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
try {
|
||||
@@ -336,7 +337,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function updateImageAction($imageId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -413,7 +414,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function updateDocumentAction($documentId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -490,7 +491,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function deleteImageAction($imageId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
$fileManager = new FileManager($this->container);
|
||||
@@ -533,7 +534,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function deleteDocumentAction($documentId, $parentType)
|
||||
{
|
||||
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
$fileManager = new FileManager($this->container);
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Folder\FolderCreateEvent;
|
||||
use Thelia\Core\Event\Folder\FolderDeleteEvent;
|
||||
use Thelia\Core\Event\Folder\FolderToggleVisibilityEvent;
|
||||
|
||||
@@ -23,7 +23,8 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
|
||||
/**
|
||||
* Class LanguageController
|
||||
@@ -34,7 +35,7 @@ class LanguageController extends BaseAdminController
|
||||
{
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::VIEW)) return $response;
|
||||
return $this->render("languages");
|
||||
}
|
||||
|
||||
|
||||
@@ -23,7 +23,8 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
|
||||
/**
|
||||
* Class MailingSystemController
|
||||
@@ -34,7 +35,7 @@ class MailingSystemController extends BaseAdminController
|
||||
{
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MAILING_SYSTEM_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MAILING_SYSTEM, AccessManager::VIEW)) return $response;
|
||||
return $this->render("mailing-system");
|
||||
}
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Message\MessageDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;use Thelia\Core\Event\Message\MessageUpdateEvent;
|
||||
use Thelia\Core\Event\Message\MessageCreateEvent;
|
||||
|
||||
@@ -23,11 +23,12 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
|
||||
use Thelia\Core\Event\Module\ModuleDeleteEvent;
|
||||
use Thelia\Core\Event\Module\ModuleToggleActivationEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Module\ModuleManagement;
|
||||
|
||||
/**
|
||||
@@ -39,7 +40,7 @@ class ModuleController extends BaseAdminController
|
||||
{
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::VIEW)) return $response;
|
||||
|
||||
$modulemanagement = new ModuleManagement();
|
||||
$modulemanagement->updateModules();
|
||||
@@ -56,7 +57,7 @@ class ModuleController extends BaseAdminController
|
||||
|
||||
public function toggleActivationAction($module_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.module.update")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::UPDATE)) return $response;
|
||||
$message = null;
|
||||
try {
|
||||
$event = new ModuleToggleActivationEvent($module_id);
|
||||
@@ -88,7 +89,7 @@ class ModuleController extends BaseAdminController
|
||||
|
||||
public function deleteAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth("admin.module.delete")) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::DELETE)) return $response;
|
||||
|
||||
$message = null;
|
||||
try {
|
||||
|
||||
@@ -24,11 +24,12 @@
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Order\OrderAddressEvent;
|
||||
use Thelia\Core\Event\Order\OrderEvent;
|
||||
use Thelia\Core\Event\PdfEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\OrderUpdateAddress;
|
||||
use Thelia\Model\ConfigQuery;
|
||||
use Thelia\Model\Base\OrderAddressQuery;
|
||||
@@ -45,7 +46,7 @@ class OrderController extends BaseAdminController
|
||||
{
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::VIEW)) return $response;
|
||||
return $this->render("orders", array("display_order" => 20));
|
||||
}
|
||||
|
||||
@@ -58,7 +59,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateStatus($order_id = null)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -109,7 +110,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateDeliveryRef($order_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -144,7 +145,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateAddress($order_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -210,7 +211,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
protected function generatePdf($order_id, $fileName)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$html = $this->renderRaw(
|
||||
$fileName,
|
||||
|
||||
@@ -23,13 +23,14 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Product\ProductAddCategoryEvent;
|
||||
use Thelia\Core\Event\Product\ProductDeleteCategoryEvent;
|
||||
use Thelia\Core\Event\Product\ProductDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Product\ProductUpdateEvent;
|
||||
use Thelia\Core\Event\Product\ProductCreateEvent;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Model\ProductQuery;
|
||||
use Thelia\Form\ProductModificationForm;
|
||||
use Thelia\Form\ProductCreationForm;
|
||||
@@ -62,10 +63,7 @@ class ProductController extends AbstractCrudController
|
||||
'manual',
|
||||
'product_order',
|
||||
|
||||
AdminResources::PRODUCT_VIEW,
|
||||
AdminResources::PRODUCT_CREATE,
|
||||
AdminResources::PRODUCT_UPDATE,
|
||||
AdminResources::PRODUCT_DELETE,
|
||||
AdminResources::PRODUCT,
|
||||
|
||||
TheliaEvents::PRODUCT_CREATE,
|
||||
TheliaEvents::PRODUCT_UPDATE,
|
||||
@@ -281,7 +279,7 @@ class ProductController extends AbstractCrudController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new ProductToggleVisibilityEvent($this->getExistingObject());
|
||||
|
||||
@@ -357,7 +355,7 @@ class ProductController extends AbstractCrudController
|
||||
{
|
||||
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -383,7 +381,7 @@ class ProductController extends AbstractCrudController
|
||||
{
|
||||
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -435,7 +433,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addAccessoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$accessory_id = intval($this->getRequest()->get('accessory_id'));
|
||||
|
||||
@@ -460,7 +458,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteAccessoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$accessory_id = intval($this->getRequest()->get('accessory_id'));
|
||||
|
||||
@@ -516,7 +514,7 @@ class ProductController extends AbstractCrudController
|
||||
public function setProductTemplateAction($productId)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$product = ProductQuery::create()->findPk($productId);
|
||||
|
||||
@@ -613,7 +611,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addAdditionalCategoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$category_id = intval($this->getRequest()->request->get('additional_category_id'));
|
||||
|
||||
@@ -638,7 +636,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteAdditionalCategoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$category_id = intval($this->getRequest()->get('additional_category_id'));
|
||||
|
||||
@@ -735,7 +733,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addCombinationAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new ProductCreateCombinationEvent(
|
||||
$this->getExistingObject(),
|
||||
@@ -760,7 +758,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteCombinationAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new ProductDeleteCombinationEvent(
|
||||
$this->getExistingObject(),
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Profile\ProfileEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Form\ProfileCreationForm;
|
||||
@@ -40,10 +40,7 @@ class ProfileController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
AdminResources::PRODUCT_VIEW,
|
||||
AdminResources::PRODUCT_CREATE,
|
||||
AdminResources::PRODUCT_UPDATE,
|
||||
AdminResources::PRODUCT_DELETE,
|
||||
AdminResources::PROFILE,
|
||||
|
||||
TheliaEvents::PROFILE_CREATE,
|
||||
TheliaEvents::PROFILE_UPDATE,
|
||||
|
||||
@@ -22,10 +22,11 @@
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\ShippingZone\ShippingZoneAddAreaEvent;
|
||||
use Thelia\Core\Event\ShippingZone\ShippingZoneRemoveAreaEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\Exception\FormValidationException;
|
||||
use Thelia\Form\ShippingZone\ShippingZoneAddArea;
|
||||
use Thelia\Form\ShippingZone\ShippingZoneRemoveArea;
|
||||
@@ -41,13 +42,13 @@ class ShippingZoneController extends BaseAdminController
|
||||
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response;
|
||||
return $this->render("shipping-zones", array("display_shipping_zone" => 20));
|
||||
}
|
||||
|
||||
public function updateAction($shipping_zones_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response;
|
||||
return $this->render("shipping-zones-edit", array(
|
||||
"shipping_zones_id" => $shipping_zones_id
|
||||
));
|
||||
@@ -58,7 +59,7 @@ class ShippingZoneController extends BaseAdminController
|
||||
*/
|
||||
public function addArea()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$shippingAreaForm = new ShippingZoneAddArea($this->getRequest());
|
||||
$error_msg = null;
|
||||
@@ -93,7 +94,7 @@ class ShippingZoneController extends BaseAdminController
|
||||
|
||||
public function removeArea()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$shippingAreaForm = new ShippingZoneRemoveArea($this->getRequest());
|
||||
$error_msg = null;
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Tax\TaxEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Form\TaxCreationForm;
|
||||
|
||||
@@ -23,9 +23,10 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Tax\TaxRuleEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\TaxRuleCreationForm;
|
||||
use Thelia\Form\TaxRuleModificationForm;
|
||||
use Thelia\Form\TaxRuleTaxListUpdateForm;
|
||||
@@ -41,10 +42,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
'manual',
|
||||
'order',
|
||||
|
||||
AdminResources::TAX_VIEW,
|
||||
AdminResources::TAX_CREATE,
|
||||
AdminResources::TAX_UPDATE,
|
||||
AdminResources::TAX_DELETE,
|
||||
AdminResources::TAX,
|
||||
|
||||
TheliaEvents::TAX_RULE_CREATE,
|
||||
TheliaEvents::TAX_RULE_UPDATE,
|
||||
@@ -221,7 +219,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
|
||||
public function updateAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$object = $this->getExistingObject();
|
||||
|
||||
@@ -239,7 +237,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
|
||||
public function setDefaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$setDefaultEvent = new TaxRuleEvent();
|
||||
|
||||
@@ -257,7 +255,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
public function processUpdateTaxesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -23,11 +23,12 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\AdminResources;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
use Thelia\Core\Event\Template\TemplateDeleteEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Event\Template\TemplateUpdateEvent;
|
||||
use Thelia\Core\Event\Template\TemplateCreateEvent;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Model\TemplateQuery;
|
||||
use Thelia\Form\TemplateModificationForm;
|
||||
use Thelia\Form\TemplateCreationForm;
|
||||
@@ -52,10 +53,7 @@ class TemplateController extends AbstractCrudController
|
||||
null,
|
||||
null,
|
||||
|
||||
AdminResources::TEMPLATE_VIEW,
|
||||
AdminResources::TEMPLATE_CREATE,
|
||||
AdminResources::TEMPLATE_UPDATE,
|
||||
AdminResources::TEMPLATE_DELETE,
|
||||
AdminResources::TEMPLATE,
|
||||
|
||||
TheliaEvents::TEMPLATE_CREATE,
|
||||
TheliaEvents::TEMPLATE_UPDATE,
|
||||
@@ -213,7 +211,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function addAttributeAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$attribute_id = intval($this->getRequest()->get('attribute_id'));
|
||||
|
||||
@@ -237,7 +235,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function deleteAttributeAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new TemplateDeleteAttributeEvent(
|
||||
$this->getExistingObject(),
|
||||
@@ -272,7 +270,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function addFeatureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$feature_id = intval($this->getRequest()->get('feature_id'));
|
||||
|
||||
@@ -296,7 +294,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function deleteFeatureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new TemplateDeleteFeatureEvent(
|
||||
$this->getExistingObject(),
|
||||
|
||||
Reference in New Issue
Block a user