bug fix security in fech bussiness data!
This commit is contained in:
babak alizadeh
parent
81236ce087
commit
ab1b3b2ec3
|
|
@ -42,9 +42,9 @@ class BusinessController extends AbstractController
|
||||||
throw $this->createAccessDeniedException();
|
throw $this->createAccessDeniedException();
|
||||||
|
|
||||||
$archiveUser = $entityManager->getRepository(User::class)->findOneBy([
|
$archiveUser = $entityManager->getRepository(User::class)->findOneBy([
|
||||||
'email'=>'archive@hesabix.ir'
|
'email' => 'archive@hesabix.ir'
|
||||||
]);
|
]);
|
||||||
if(! $archiveUser){
|
if (!$archiveUser) {
|
||||||
$archiveUser = new User();
|
$archiveUser = new User();
|
||||||
$archiveUser->setEmail('archive@hesabix.ir');
|
$archiveUser->setEmail('archive@hesabix.ir');
|
||||||
$archiveUser->setFullName('کاربر آرشیو و بایگانی');
|
$archiveUser->setFullName('کاربر آرشیو و بایگانی');
|
||||||
|
|
@ -61,17 +61,18 @@ class BusinessController extends AbstractController
|
||||||
|
|
||||||
//remove permissions
|
//remove permissions
|
||||||
$permissions = $entityManager->getRepository(Permission::class)->findBy([
|
$permissions = $entityManager->getRepository(Permission::class)->findBy([
|
||||||
'bid'=>$acc['bid']
|
'bid' => $acc['bid']
|
||||||
]);
|
]);
|
||||||
foreach($permissions as $perm){
|
foreach ($permissions as $perm) {
|
||||||
$entityManager->remove($perm);
|
$entityManager->remove($perm);
|
||||||
$entityManager->flush();
|
$entityManager->flush();
|
||||||
}
|
}
|
||||||
return $this->json($extractor->operationSuccess());
|
return $this->json($extractor->operationSuccess());
|
||||||
}
|
}
|
||||||
#[Route('/api/business/list', name: 'api_bussiness_list')]
|
#[Route('/api/business/list', name: 'api_bussiness_list')]
|
||||||
public function api_bussiness_list(#[CurrentUser] ?User $user, EntityManagerInterface $entityManager, Provider $provider): Response
|
public function api_bussiness_list(#[CurrentUser] ?User $user, Access $access, EntityManagerInterface $entityManager, Provider $provider): Response
|
||||||
{
|
{
|
||||||
|
|
||||||
$buss = $entityManager->getRepository(Permission::class)->findBy(['user' => $user]);
|
$buss = $entityManager->getRepository(Permission::class)->findBy(['user' => $user]);
|
||||||
$response = [];
|
$response = [];
|
||||||
foreach ($buss as $bus) {
|
foreach ($buss as $bus) {
|
||||||
|
|
@ -90,9 +91,17 @@ class BusinessController extends AbstractController
|
||||||
* @throws ReflectionException
|
* @throws ReflectionException
|
||||||
*/
|
*/
|
||||||
#[Route('/api/business/get/info/{bid}', name: 'api_business_get_info')]
|
#[Route('/api/business/get/info/{bid}', name: 'api_business_get_info')]
|
||||||
public function api_business_get_info($bid, #[CurrentUser] ?User $user, Provider $provider, EntityManagerInterface $entityManager): Response
|
public function api_business_get_info($bid, #[CurrentUser] ?User $user, Access $access, Provider $provider, EntityManagerInterface $entityManager): Response
|
||||||
{
|
{
|
||||||
$bus = $entityManager->getRepository(Business::class)->findOneBy(['id' => $bid]);
|
$bus = $entityManager->getRepository(Business::class)->findOneBy(['id' => $bid]);
|
||||||
|
if(! $bus)
|
||||||
|
throw $this->createNotFoundException();
|
||||||
|
$perms = $entityManager->getRepository(Permission::class)->findOneBy([
|
||||||
|
'bid' => $bus,
|
||||||
|
'user'=>$user
|
||||||
|
]);
|
||||||
|
if(!$perms)
|
||||||
|
throw $this->createAccessDeniedException();
|
||||||
$response = [];
|
$response = [];
|
||||||
$response['id'] = $bus->getId();
|
$response['id'] = $bus->getId();
|
||||||
$response['name'] = $bus->getName();
|
$response['name'] = $bus->getName();
|
||||||
|
|
@ -237,7 +246,8 @@ class BusinessController extends AbstractController
|
||||||
return $this->json(['result' => 2]);
|
return $this->json(['result' => 2]);
|
||||||
} else
|
} else
|
||||||
return $this->json(['result' => 2]);
|
return $this->json(['result' => 2]);
|
||||||
if (!$business->getDateSubmit()) $business->setDateSubmit(time());
|
if (!$business->getDateSubmit())
|
||||||
|
$business->setDateSubmit(time());
|
||||||
$entityManager->persist($business);
|
$entityManager->persist($business);
|
||||||
$entityManager->flush();
|
$entityManager->flush();
|
||||||
if ($isNew) {
|
if ($isNew) {
|
||||||
|
|
@ -272,11 +282,13 @@ class BusinessController extends AbstractController
|
||||||
$year->setBid($business);
|
$year->setBid($business);
|
||||||
$year->setHead(true);
|
$year->setHead(true);
|
||||||
$startYearArray = explode('-', $params['year']['start']);
|
$startYearArray = explode('-', $params['year']['start']);
|
||||||
if(count($startYearArray) == 1) $startYearArray = explode('/', $params['year']['start']);
|
if (count($startYearArray) == 1)
|
||||||
|
$startYearArray = explode('/', $params['year']['start']);
|
||||||
|
|
||||||
$year->setStart($jdate->jmktime(0, 0, 0, $startYearArray[1], $startYearArray[2], $startYearArray[0]));
|
$year->setStart($jdate->jmktime(0, 0, 0, $startYearArray[1], $startYearArray[2], $startYearArray[0]));
|
||||||
$endYearArray = explode('-', $params['year']['end']);
|
$endYearArray = explode('-', $params['year']['end']);
|
||||||
if(count($endYearArray) == 1) $endYearArray = explode('/', $params['year']['end']);
|
if (count($endYearArray) == 1)
|
||||||
|
$endYearArray = explode('/', $params['year']['end']);
|
||||||
$year->setEnd($jdate->jmktime(0, 0, 0, $endYearArray[1], $endYearArray[2], $endYearArray[0]));
|
$year->setEnd($jdate->jmktime(0, 0, 0, $endYearArray[1], $endYearArray[2], $endYearArray[0]));
|
||||||
$year->setLabel($params['year']['label']);
|
$year->setLabel($params['year']['label']);
|
||||||
$entityManager->persist($year);
|
$entityManager->persist($year);
|
||||||
|
|
@ -287,15 +299,17 @@ class BusinessController extends AbstractController
|
||||||
'bid' => $business,
|
'bid' => $business,
|
||||||
'head' => true
|
'head' => true
|
||||||
]);
|
]);
|
||||||
if(!$year){
|
if (!$year) {
|
||||||
$year = new Year;
|
$year = new Year;
|
||||||
}
|
}
|
||||||
$startYearArray = explode('-', $params['year']['startShamsi']);
|
$startYearArray = explode('-', $params['year']['startShamsi']);
|
||||||
if(count($startYearArray) == 1) $startYearArray = explode('/', $params['year']['startShamsi']);
|
if (count($startYearArray) == 1)
|
||||||
|
$startYearArray = explode('/', $params['year']['startShamsi']);
|
||||||
|
|
||||||
$year->setStart($jdate->jmktime(0, 0, 0, $startYearArray[1], $startYearArray[2], $startYearArray[0]));
|
$year->setStart($jdate->jmktime(0, 0, 0, $startYearArray[1], $startYearArray[2], $startYearArray[0]));
|
||||||
$endYearArray = explode('-', $params['year']['endShamsi']);
|
$endYearArray = explode('-', $params['year']['endShamsi']);
|
||||||
if(count($endYearArray) == 1) $endYearArray = explode('/', $params['year']['endShamsi']);
|
if (count($endYearArray) == 1)
|
||||||
|
$endYearArray = explode('/', $params['year']['endShamsi']);
|
||||||
$year->setEnd($jdate->jmktime(0, 0, 0, $endYearArray[1], $endYearArray[2], $endYearArray[0]));
|
$year->setEnd($jdate->jmktime(0, 0, 0, $endYearArray[1], $endYearArray[2], $endYearArray[0]));
|
||||||
$year->setLabel($params['year']['label']);
|
$year->setLabel($params['year']['label']);
|
||||||
$entityManager->persist($year);
|
$entityManager->persist($year);
|
||||||
|
|
@ -626,9 +640,9 @@ class BusinessController extends AbstractController
|
||||||
}
|
}
|
||||||
|
|
||||||
#[Route('/api/business/stat', name: 'api_business_stat')]
|
#[Route('/api/business/stat', name: 'api_business_stat')]
|
||||||
public function api_business_stat(Jdate $jdate,Request $request, #[CurrentUser] ?User $user, EntityManagerInterface $entityManager): Response
|
public function api_business_stat(Jdate $jdate, Request $request, #[CurrentUser] ?User $user, EntityManagerInterface $entityManager): Response
|
||||||
{
|
{
|
||||||
$dateNow = $jdate->jdate('Y/m/d',time());
|
$dateNow = $jdate->jdate('Y/m/d', time());
|
||||||
$buss = $entityManager->getRepository(Business::class)->find(
|
$buss = $entityManager->getRepository(Business::class)->find(
|
||||||
$request->headers->get('activeBid')
|
$request->headers->get('activeBid')
|
||||||
);
|
);
|
||||||
|
|
@ -674,7 +688,7 @@ class BusinessController extends AbstractController
|
||||||
}
|
}
|
||||||
if ($canAdd) {
|
if ($canAdd) {
|
||||||
$buysTotal += $item->getAmount();
|
$buysTotal += $item->getAmount();
|
||||||
if($item->getDate() == $dateNow){
|
if ($item->getDate() == $dateNow) {
|
||||||
$buysToday += $item->getAmount();
|
$buysToday += $item->getAmount();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -695,7 +709,7 @@ class BusinessController extends AbstractController
|
||||||
}
|
}
|
||||||
if ($canAdd) {
|
if ($canAdd) {
|
||||||
$sellsTotal += $item->getAmount();
|
$sellsTotal += $item->getAmount();
|
||||||
if($item->getDate() == $dateNow){
|
if ($item->getDate() == $dateNow) {
|
||||||
$sellsToday += $item->getAmount();
|
$sellsToday += $item->getAmount();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -716,7 +730,7 @@ class BusinessController extends AbstractController
|
||||||
}
|
}
|
||||||
if ($canAdd) {
|
if ($canAdd) {
|
||||||
$sendsTotal += $item->getAmount();
|
$sendsTotal += $item->getAmount();
|
||||||
if($item->getDate() == $dateNow){
|
if ($item->getDate() == $dateNow) {
|
||||||
$sendsToday += $item->getAmount();
|
$sendsToday += $item->getAmount();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -737,7 +751,7 @@ class BusinessController extends AbstractController
|
||||||
}
|
}
|
||||||
if ($canAdd) {
|
if ($canAdd) {
|
||||||
$recsTotal += $item->getAmount();
|
$recsTotal += $item->getAmount();
|
||||||
if($item->getDate() == $dateNow){
|
if ($item->getDate() == $dateNow) {
|
||||||
$recsToday += $item->getAmount();
|
$recsToday += $item->getAmount();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue