From 68fc3519f7333e25e7397e4fa866b9493cc57c5c Mon Sep 17 00:00:00 2001
From: "aurian.jault" <aurian.jault@etu.uca.fr>
Date: Thu, 13 Jun 2024 08:05:24 +0200
Subject: [PATCH 1/2] Added athentication on DELETE post

---
 src/Controller/PostController.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/Controller/PostController.php b/src/Controller/PostController.php
index 50f58ab..3dd31f5 100644
--- a/src/Controller/PostController.php
+++ b/src/Controller/PostController.php
@@ -79,9 +79,11 @@ class PostController extends AbstractController
     public function removePost(int $id): Response
     {
         $post = $this->em->getRepository(Post::class)->find($id);
-        $this->em->remove($post);
-        $this->em->flush();
-
+        if($post->getProfil()->getId() === $this->getUser()->getId())
+        {
+            $this->em->remove($post);
+            $this->em->flush();
+        }
         return new Response();
     }
 }

From 842a7d264e623e19a0ced9df5c1b8c87d8d00fef Mon Sep 17 00:00:00 2001
From: "aurian.jault" <aurian.jault@etu.uca.fr>
Date: Thu, 13 Jun 2024 08:37:06 +0200
Subject: [PATCH 2/2] Adding connection verification

---
 src/Controller/ProfilController.php | 30 +++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/src/Controller/ProfilController.php b/src/Controller/ProfilController.php
index 742a049..2d1b473 100644
--- a/src/Controller/ProfilController.php
+++ b/src/Controller/ProfilController.php
@@ -66,6 +66,12 @@ class ProfilController extends AbstractController
     #[Route('/profil/{id}/unfollow', name: 'profil_unfollow', requirements: ['page' => '\d+'])]
     public function unfollowProfil(int $id): Response
     {
+        try{
+            $this->denyAccessUnlessGranted('IS_AUTHENTICATED');
+        }catch (\Exception $e){
+            return $this->redirectToRoute('app_login');
+        }
+        
         $profil = $this->mgr->find(Profil::class, $id);
         if ($profil instanceof Profil) {
             $profil->removeFollower($this->getUser());
@@ -101,14 +107,6 @@ class ProfilController extends AbstractController
         ]);
     }
 
-    // #[Route('/profil/new', name: 'profil_new')]
-    // public function new(): Response
-    // {
-    //     $profil = new Profil();
-
-    //     return $this->redirectToRoute('profil_show', ['id' => $profil->getId()]);
-    // }
-
     #[Route('/profil/{id}/edit', name: 'profil_edit', requirements: ['page' => '\d'])]
     public function editProfil(int $id, Request $request): Response
     {
@@ -134,12 +132,20 @@ class ProfilController extends AbstractController
     #[Route('/profil/{id}/follow', name: 'profil_follow', requirements: ['page' => '\d+'])]
     public function followProfil(int $id): Response
     {
+        try{
+            $this->denyAccessUnlessGranted('IS_AUTHENTICATED');
+        }catch (\Exception $e){
+            return $this->redirectToRoute('app_login');
+        }
         $profil = $this->mgr->find(Profil::class, $id);
+
         if ($profil instanceof Profil) {
-            $profil->addFollower($this->getUser());
-            $this->mgr->persist($profil);
-            $this->mgr->flush();
-            $this->addFlash('success', '');
+            if ($profil->getId() !== $this->getUser()->getId()) {
+                $profil->addFollower($this->getUser());
+                $this->mgr->persist($profil);
+                $this->mgr->flush();
+                $this->addFlash('success', '');
+            }
             return $this->redirectToRoute('profil_show', ['id' => $id]);
         } else {
             $this->addFlash('error', '');