UlrichHP/p8_todolist_app

Restricting access to users administration page

Closed this issue · 1 comments

UlrichHP commented

Only ROLE_ADMIN users can access the users administration page.

Time estimate : 1 day.

UlrichHP commented

Issues #1, #2, #3, #4 were closed the same day.

  • Updated the project to Symfony 3.3. To make the command php bin/console server:run work, had to add $bundles[] = new Symfony\Bundle\WebServerBundle\WebServerBundle(); in AppKernel.php.
  • Tested the app to see and understand how it works.
  • Updated the README.
  • Created a Many to one relation in task entity to link tasks to users.
  • Added a column roles to User entity to make ROLE_USER and ROLE_ADMIN users.
  • Updated the database.
  • In Form/UserType.php, added the possibility when registering to choose between User and Admin.
  • In TaskController.php, modified the deleteTaskAction. Only the user who created an action can delete his own. And admin users can also delete tasks linked to anonymous users.
  • Modified UserController.php. Only ROLE_ADMIN users can access user_list and user_create. In editAction function protected the form so user can't change his role.
  • Created the OldTasksCommand to link old tasks to an anonymous user.
  • Created Fixtures to test everything is working as intendend in DataFixtures. Installed DoctrineFixturesBundle and added it in AppKernel.php to make it work.
  • Updated security.yml with role_hierarchy.
  • Modified the views to show or hide links and pages depending the role of the user. For example, only an admin can add a new user and see the users list.

With this commit, now tasks are linked to users. Users can't be modified when modifying tasks and existing old tasks can be linked to an anonymous user with the OldTasks command. This anonymous user has a non encoded password so you can't connect with it (issue #1).

When creating a user, possibility to choose between ROLE_USER and ROLE_ADMIN. It is also possible to change it when modifying the user (issue #2).

I also made the users administration page only available to ROLE_ADMIN users (issue #3).

Finally, the last thing i added is the possibility to delete only the tasks you created. Admin users can delete their tasks and anonymous tasks (issue #4).

Done in : 1 day.