Added appropriate acl check and edit link to comments

epixa · Sep 21, 2011 · cae438c · cae438c
1 parent c14254b
commit cae438c
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 1 deletion.
diff --git a/src/Epixa/TalkfestBundle/Controller/CommentController.php b/src/Epixa/TalkfestBundle/Controller/CommentController.php
@@ -73,6 +73,10 @@ public function editAction($id, Request $request)
         $service = $this->getCommentService();
         $comment = $service->get($id);
 
+        if (!$this->getCommentService()->canEdit($comment)) {
+            throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException();
+        }
+
         $form = $this->createForm(new CommentType(), $comment);
 
         if ($request->getMethod() == 'POST') {

diff --git a/src/Epixa/TalkfestBundle/Resources/views/Post/view.html.twig b/src/Epixa/TalkfestBundle/Resources/views/Post/view.html.twig
@@ -22,7 +22,11 @@
         {% for comment in comments %}
             <section id="comment-{{ comment.getId() }}" class="{{ cycle(['odd', 'even'], loop.index) }} comment">
                 <section class="author">
-                    <a href="">{{ comment.getAuthor().getUsername() }}</a> posted on {{ comment.getDateCreated().format('F d, Y \\a\\t g:i a') }}
+                    <a href="">{{ comment.getAuthor().getUsername() }}</a>
+                    posted on {{ comment.getDateCreated().format('F d, Y \\a\\t g:i a') }}
+                    {% if is_granted('ROLE_ADMIN') or (app.user and comment.getAuthor().getId() == app.user.getId()) %}
+                    - <a href="{{ path('edit_comment', {'id': comment.getId()}) }}">edit</a>
+                    {% endif %}
                 </section>
 
                 <section class="content">

diff --git a/src/Epixa/TalkfestBundle/Service/CommentService.php b/src/Epixa/TalkfestBundle/Service/CommentService.php
@@ -11,6 +11,7 @@
     Symfony\Component\Security\Acl\Domain\UserSecurityIdentity,
     Epixa\TalkfestBundle\Entity\Comment,
     Epixa\TalkfestBundle\Entity\Post,
+    Epixa\TalkfestBundle\Entity\User,
     InvalidArgumentException;
 
 /**
@@ -128,4 +129,35 @@ public function delete(Comment $comment)
         $em->remove($comment);
         $em->flush();
     }
+
+    /**
+     * Determines if the current user can edit the given comment
+     *
+     * @param \Epixa\TalkfestBundle\Entity\Comment $comment
+     * @return bool
+     */
+    public function canEdit(Comment $comment)
+    {
+        /* @var \Epixa\TalkfestBundle\Entity\User $user */
+        $user = $this->container->get('security.context')->getToken()->getUser();
+
+        // if the user is not logged in
+        if (!$user instanceof User) {
+            return false;
+        }
+
+        // admins should be able to edit any comment
+        foreach ($user->getRoles() as $role) {
+            if ((string)$role == 'ROLE_ADMIN') {
+                return true;
+            }
+        }
+
+        // other than admins, only the original author can edit a comment
+        if ($comment->getAuthor()->getId() === $user->getId()) {
+            return true;
+        }
+
+        return false;
+    }
 }