From 14968b773d91b80239cae64f1f1f644c1d18cbed Mon Sep 17 00:00:00 2001 From: "mael.daim" Date: Mon, 11 Dec 2023 09:48:16 +0100 Subject: [PATCH] added different default color in teams insertion form, display a team where you are not in is now forbidden --- sql/setup-tables.sql | 2 +- src/App/Controller/TeamController.php | 15 +++++++++++++-- src/App/Views/insert_team.html.twig | 2 +- src/Core/Gateway/MemberGateway.php | 20 ++++++++++++++++++++ src/Core/Gateway/TeamGateway.php | 11 ++--------- src/Core/Model/TeamModel.php | 16 ++++++++++------ 6 files changed, 47 insertions(+), 19 deletions(-) diff --git a/sql/setup-tables.sql b/sql/setup-tables.sql index 7c012eb..ebde8b2 100644 --- a/sql/setup-tables.sql +++ b/sql/setup-tables.sql @@ -10,7 +10,7 @@ CREATE TABLE Account email varchar UNIQUE NOT NULL, username varchar NOT NULL, token varchar UNIQUE NOT NULL, - hash varchar NOT NULL + hash varchar NOT NULL, ); CREATE TABLE Tactic diff --git a/src/App/Controller/TeamController.php b/src/App/Controller/TeamController.php index 01fdb14..01538f6 100644 --- a/src/App/Controller/TeamController.php +++ b/src/App/Controller/TeamController.php @@ -5,10 +5,12 @@ namespace IQBall\App\Controller; use IQBall\App\Session\SessionHandle; use IQBall\App\ViewHttpResponse; use IQBall\Core\Data\Account; +use IQBall\Core\Http\HttpCodes; use IQBall\Core\Http\HttpRequest; use IQBall\Core\Http\HttpResponse; use IQBall\Core\Model\TeamModel; use IQBall\Core\Validation\FieldValidationFail; +use IQBall\Core\Validation\ValidationFail; use IQBall\Core\Validation\Validators; class TeamController { @@ -129,8 +131,15 @@ class TeamController { * @return ViewHttpResponse a view that displays given team information */ public function displayTeam(int $id, SessionHandle $session): ViewHttpResponse { - $result = $this->model->getTeam($id); - return ViewHttpResponse::twig('display_team.html.twig', ['team' => $result]); + $result = $this->model->getTeam($id,$session->getAccount()->getId()); + if($result == null){ + return ViewHttpResponse::twig('error.html.twig', [ + 'failures' => [ValidationFail::unauthorized("Vous n'avez pas accès à cette équipe.")], + ], HttpCodes::FORBIDDEN); + } + else{ + return ViewHttpResponse::twig('display_team.html.twig', ['team' => $result]); + } } /** @@ -167,4 +176,6 @@ class TeamController { ]); return $this->displayTeam($this->model->deleteMember($request['email'], intval($request['team'])), $session); } + + } diff --git a/src/App/Views/insert_team.html.twig b/src/App/Views/insert_team.html.twig index 65cd096..9f4694b 100644 --- a/src/App/Views/insert_team.html.twig +++ b/src/App/Views/insert_team.html.twig @@ -68,7 +68,7 @@ - + diff --git a/src/Core/Gateway/MemberGateway.php b/src/Core/Gateway/MemberGateway.php index 4c8bb8a..c82281b 100644 --- a/src/Core/Gateway/MemberGateway.php +++ b/src/Core/Gateway/MemberGateway.php @@ -66,4 +66,24 @@ class MemberGateway { ); } + public function isCoach(string $email, int $idTeam): ?string { + return $this->con->fetch( + "SELECT role FROM Member WHERE id_team=:team AND id_user = (SELECT id FROM Account WHERE email=:email)", + [ + "team" => [$idTeam, PDO::PARAM_INT], + "email" => [$email, PDO::PARAM_STR] + ] + )[0]['role'] ?? null; + } + + public function isMemberOfTeam(int $idTeam,int $idCurrentUser): ?int { + return $this->con->fetch( + "SELECT id_user FROM Member WHERE id_team = :team AND id_user = :user", + [ + "team" => [$idTeam, PDO::PARAM_INT], + "user" => [$idCurrentUser, PDO::PARAM_INT] + ] + )[0]['idUser'] ?? null; + } + } diff --git a/src/Core/Gateway/TeamGateway.php b/src/Core/Gateway/TeamGateway.php index ba882a6..240aa40 100644 --- a/src/Core/Gateway/TeamGateway.php +++ b/src/Core/Gateway/TeamGateway.php @@ -79,15 +79,7 @@ class TeamGateway { )[0]['id'] ?? null; } - public function isCoach(string $email, int $idTeam): ?string { - return $this->con->fetch( - "SELECT role FROM Member WHERE id_team=:team AND id_user = (SELECT id FROM Account WHERE email=:email)", - [ - "team" => [$idTeam, PDO::PARAM_INT], - "email" => [$email, PDO::PARAM_STR] - ] - )[0]['role'] ?? null; - } + public function deleteTeam(int $idTeam): void { $this->con->exec( @@ -103,4 +95,5 @@ class TeamGateway { ] ); } + } diff --git a/src/Core/Model/TeamModel.php b/src/Core/Model/TeamModel.php index 0661206..09f52cd 100644 --- a/src/Core/Model/TeamModel.php +++ b/src/Core/Model/TeamModel.php @@ -57,12 +57,16 @@ class TeamModel { } /** - * @param int $id - * @return Team + * @param int $idTeam + * @param int $idCurrentUser + * @return ?Team */ - public function getTeam(int $id): Team { - $teamInfo = $this->teams->getTeamById($id); - $members = $this->members->getMembersOfTeam($id); + public function getTeam(int $idTeam, int $idCurrentUser): ?Team { + if($this->members->isMemberOfTeam($idTeam,$idCurrentUser) == null){ + return null; + } + $teamInfo = $this->teams->getTeamById($idTeam); + $members = $this->members->getMembersOfTeam($idTeam); return new Team($teamInfo, $members); } @@ -79,7 +83,7 @@ class TeamModel { } public function deleteTeam(string $email, int $idTeam): int{ - if($this->teams->isCoach($email,$idTeam) == "Coach" ){ + if($this->members->isCoach($email,$idTeam) == "Coach" ){ $this->teams->deleteTeam($idTeam); return 0; }