src/Ox/HoardBundle/Controller/ObjectController.php line 27

Open in your IDE?
  1. <?php
  2.     
  3. namespace App\Ox\HoardBundle\Controller;
  5. use Symfony\Component\HttpFoundation\Request;
  6. use Symfony\Component\HttpFoundation\Response;
  7. use Symfony\Component\HttpFoundation\JsonResponse;
  8. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  9. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
  10. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
  11. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
  12. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  13. use Symfony\Component\Security\Core\Security;
  14. use Symfony\Component\Form\Extension\Core\Type\SubmitType;
  15. use Symfony\Component\Form\Extension\Core\Type\ButtonType;
  17. use App\Ox\HoardBundle\Entity\HObject;
  18. use App\Ox\HoardBundle\Entity\ObjectImage;
  19. use App\Ox\HoardBundle\Entity\Image;
  20. use App\Ox\HoardBundle\Form\ObjectType;
  22. /**
  23.  * Object controller
  24.  *
  25.  * @Route("/object")
  26.  */
  27.  class ObjectController extends AbstractController
  28.  {
  29.     private $security;
  30.     public function __construct(Security $security)
  31.     {
  32.         $this->security $security;
  33.     }
  35.      /**
  36.       * @Route("/{id}/edit", name="object_edit", methods={"GET"})
  37.      * @Template("@OxHoardBundle/hObject/edit.html.twig")
  38.       */
  39.       public function editAction(Request $request$id)
  40.       {
  41.           $em $this->getDoctrine()->getManager();
  42.           
  43.           $object $em->getRepository('OxHoardBundle:HObject')->find($id);
  44.           
  45.           $this->checkAccess($object'edit');
  47.           if(!$object) {
  48.               throw $this->createNotFoundException('Unable to find object entity.');
  49.           }
  50.           
  51.           // $deleteForm = $this->createDeleteForm($id);
  52.           $editForm $this->createEditForm($object);
  53.           
  54.           $isAjax $request->isXmlHttpRequest();
  55.           
  56.           $template = ($isAjax '@OxHoardBundle/hObject/edit_form.html.twig' '@OxHoardBundle/hObject/edit.html.twig');
  58.           $referenceTypes $em->createQuery('SELECT rt FROM OxHoardBundle:ReferenceType rt ORDER BY rt.referenceType')->getResult();
  60.           return $this->render($template, array(
  61.               'ajax' => $request->isXmlHttpRequest(),
  62.               'object' => $object,
  63.               'edit_form' => $editForm->createView(),
  64.               // 'delete_form' => $deleteForm->createView(),
  65.               'reference_types' => $referenceTypes
  66.           ));
  67.       }
  68.       
  69.     /**
  70.      * Creates a form to delete an Object entity by id.
  71.      *
  72.      * @param mixed $id The entity id
  73.      *
  74.      * @return \Symfony\Component\Form\Form The form
  75.      */
  76.     private function createDeleteForm($id)
  77.     {
  78.         return $this->createFormBuilder()
  79.             ->setAction($this->generateUrl('object_delete', array('id' => $id)))
  80.             ->setMethod('DELETE')
  81.             ->add('submit'ButtonType::class, array(
  82.                 'label' => 'Delete this object',
  83.                 'attr' => array(
  84.                     'class' => 'delete-button btn-danger'
  85.                 )
  86.             ))
  87.             ->getForm()
  88.             ;
  89.     }
  90.       
  91.     /**
  92.      * Creates a form to edit an Object entity.
  93.      *
  94.      * @param HObject $entity The entity
  95.      *
  96.      * @return \Symfony\Component\Form\Form The form
  97.      */
  98.     private function createEditForm(HObject $entity)
  99.     {
  100.         $form $this->createForm(ObjectType::class, $entity, array(
  101.             'action' => $this->generateUrl('object_update', array('id' => $entity->getId())),
  102.             'method' => 'PUT',
  103.             'hoard' => $entity->getHoard()
  104.         ));
  106.         $form->add('submit'SubmitType::class, array('label' => 'Update'));
  108.         return $form;
  109.     }
  110.     
  111.     /**
  112.      * Edits an existing Object entity.
  113.      *
  114.      * @Route("/{id}", name="object_update", methods={"PUT"}) PUT doesn't seem to work...
  115.      * @Template("@OxHoardBundle/hObject/edit.html.twig")
  116.      */
  117.     public function updateAction(Request $request$id)
  118.     {
  119.         $em $this->getDoctrine()->getManager();
  121.         $object $em->getRepository('OxHoardBundle:HObject')->find($id);
  123.         $this->checkAccess($object'edit');
  125.         if (!$object) {
  126.             throw $this->createNotFoundException('Unable to find Object entity.');
  127.         }
  129.         // $deleteForm = $this->createDeleteForm($id);
  130.         $editForm $this->createEditForm($object);
  131.         $editForm->handleRequest($request);
  133.         if ($editForm->isValid()) {
  134.             //mark as unvalidated since it has changed
  135.             if(!$this->userIsAdmin())
  136.             {
  137.                 if($object->getHoard())
  138.                 {
  139.                     $object->getHoard()->markUnvalidatedByAdmin();
  140.                 }
  141.             }
  142.             
  144.             //persist object references
  145.             $objectReferences $object->getObjectReferences();
  146.             foreach($objectReferences as $ref)
  147.             {
  148.                 if($ref->getDeleted())
  149.                 {
  150.                     //do soft delete
  151.                     //persist deleted flag
  152.                     $em->persist($ref);
  153.                     //clear link to object
  154.                     $ref->setObject(null);
  156.                     //flush before removing;
  157.                     $em->flush();
  158.                     $em->remove($ref);
  159.                 }
  160.                 else
  161.                 {
  162.                     $ref->setObject($object);
  163.                     $em->persist($ref);
  164.                 }
  165.             }
  166.             
  167.             $em->flush();
  168.             
  169.             return $this->redirect($this->generateUrl('object_show', array('id' => $id)));
  170.         } else {
  171.             $referenceTypes $em->createQuery('SELECT rt FROM OxHoardBundle:ReferenceType rt ORDER BY rt.referenceType')->getResult();
  172.             return $this->render('@OxHoardBundle/hObject/edit_form.html.twig', array(
  173.                 'object' => $object,
  174.                 'edit_form' => $editForm->createView(),
  175.                 'reference_types' => $referenceTypes
  176.             ));
  177.         }
  179.         $referenceTypes $em->createQuery('SELECT rt FROM OxHoardBundle:ReferenceType rt ORDER BY rt.referenceType')->getResult();
  181.         return array(
  182.             'object'      => $object,
  183.             'edit_form'   => $editForm->createView(),
  184.             // 'delete_form' => $deleteForm->createView(),
  185.             'reference_types' => $referenceTypes
  186.         );
  187.     }
  188.     
  189.     /**
  190.      * Finds and displays an object entity.
  191.      *
  192.      * @Route("/{id}", name="object_show", methods={"GET"})
  193.      * @Template("@OxHoardBundle/hObject/show.html.twig")
  194.      */
  195.     public function showAction(Request $request$id)
  196.     {
  197.         $em $this->getDoctrine()->getManager();
  199.         $object $em->getRepository('OxHoardBundle:HObject')->find($id);
  201.         $this->checkAccess($object'view');
  203.         if (!$object) {
  204.             throw $this->createNotFoundException('Unable to find Object entity.');
  205.         }
  207.         $isAjax $request->isXmlHttpRequest();
  209.         $template = ($isAjax '@OxHoardBundle/hObject/show_modal.html.twig' '@OxHoardBundle/hObject/show.html.twig');
  211.         return $this->render($template, array(
  212.             'object'      => $object,
  213.         ));
  214.     }
  215.     
  216.     /**
  217.      * Adds a new image file, creating an Image entity, and an ObjectImage entity
  218.      *
  219.      * @Route("/{id}/ajax_add_image", methods={"POST"})
  220.      */
  221.      public function ajaxAddImage(Request $request$id)
  222.      {
  223.          $em $this->getDoctrine()->getManager();
  224.          
  225.          $file $request->files->get('image');
  226.          $object $em->getRepository('OxHoardBundle:HObject')->find($id);
  227.          
  228.          //validate the file - TODO
  229.          
  230.          $this->checkAccess($object'edit');
  231.          
  232.          //move to desired location/name
  233.          $count $object->getObjectImages()->count();
  234.          $fileName $id.$count.'.'.$file->guessExtension();
  235.          $file $file->move($this->getPermanentObjectImageUploadDir(), $fileName);
  236.          
  237.          //create Image entity
  238.          $image = new Image();
  239.          $image->setFileName($fileName);
  240.          $em->persist($image);
  241.          
  242.          //create ObjectImage entity
  243.          $objectImage = new ObjectImage();
  244.          $objectImage->setObject($object);
  245.          $objectImage->setImage($image);
  246.          $em->persist($objectImage);
  247.          
  248.            //mark as unvalidated since it has changed
  249.             if(!$this->userIsAdmin())
  250.             {
  251.              if($object->getHoard())
  252.              {
  253.                    $object->getHoard()->markUnvalidatedByAdmin();
  254.              }
  255.          }
  256.          $em->persist($object);
  257.          $em->flush();
  258.          
  259.          return new JsonResponse(array(
  260.              'fileName'=>$fileName,
  261.              'object_image_id'=>$objectImage->getId()
  262.          ));
  263.      }
  264.      
  265.      /**
  266.       * soft-delete the given object image from the object
  267.       *
  268.       * @Route("/{id}/ajax_remove_image/{objectImage_id}", methods={"POST"})
  269.       */
  270.       public function ajaxRemoveImage(Request $request$id$objectImage_id)
  271.       {
  272.           $em $this->getDoctrine()->getManager();
  273.           
  274.           $object $em->getRepository('OxHoardBundle:HObject')->find($id);
  275.           
  276.           $this->checkAccess($object'edit');
  277.           
  278.           if(!$object)
  279.           {
  280.             return $this->removeImageFailed('Object not found');
  281.           }
  282.           $objectImage $em->getRepository('OxHoardBundle:ObjectImage')->find($objectImage_id);
  283.           if(!$objectImage)
  284.           {
  285.             return $this->removeImageFailed('Object Image not found');
  286.           }
  287.           
  288.           if($objectImage->getObject() != $object)
  289.           {
  290.               return $this->removeImageFailed('Image does not belong to specified object');
  291.           }
  292.           
  293.           //Remove the objectImage (performs soft delete)
  294.           $em->remove($objectImage);
  295.           
  296.           //mark as unvalidated since it has changed
  297.           if(!$this->userIsAdmin())
  298.           {
  299.               if($object->getHoard())
  300.               {
  301.                   $object->getHoard()->markUnvalidatedByAdmin();
  302.               }
  303.           }
  304.           $em->flush();
  305.           
  306.           return new JsonResponse( array(
  307.               'removedImage'=>$objectImage_id,
  308.           ));
  309.       }
  310.       
  311.       private function removeImageFailed($reason)
  312.       {
  313.         return new JsonResponse( array(
  314.           'removedImage'=>null,
  315.           'error'=> $reason
  316.         ));
  317.       }
  318.       
  319.       /**
  320.        * checks permission of user's current request
  321.        *
  322.        * @param mixed $entity The entity being validated
  323.        *
  324.        * @param string $attribute - 'view' or 'edit' or 'delete'
  325.        * @return boolean
  326.        *
  327.        * @throws \Symfony\Component\Security\Core\Exception\AccessDeniedException
  328.        */
  329.       private function checkAccess($entity$attribute) {
  330.           // call security voter(s)
  331.           if (false === $this->security->isGranted($attribute$entity->getHoard())) {
  332.               throw new AccessDeniedException('Unauthorised access!');
  333.           }
  334.           return true;
  335.       }
  336.       
  337.       private function userIsAdmin() {
  338.           if($this->getUser() && ($this->getUser()->hasRole('ROLE_ADMIN') || $this->getUser()->hasRole('ROLE_SUPER_ADMIN')))
  339.           {
  340.               return true;
  341.           }
  342.           return false;
  343.       }
  345.      private function getPermanentObjectImageUploadDir() {
  346.          return '/srv/hoards_object_images';
  347.      }
  349.  }