Skip to content

Commit

Permalink
Fixed user comparison for AlbumController:checkAlbumOwning method
Browse files Browse the repository at this point in the history
  • Loading branch information
@spolischook
spolischook committed Nov 18, 2014
1 parent 1f8715b commit 0b5e294
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
8 changes: 7 additions & 1 deletion Controller/AlbumController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,15 @@ protected function getAlbumUrl(AlbumInterface $album)
return $this->container->get('foq_album.url_generator')->getAlbumUrl('foq_album_album_show', $album);
}

/**
* @param AlbumInterface $album
* @throws AccessDeniedException
* @return void
*/
protected function checkAlbumOwning(AlbumInterface $album)
{
if ($album->getUser() !== $this->container->get('foq_album.security_helper')->getUser()) {
if (!$this->container->get('foq_album.security_helper') ||
$album->getUser()->getId() !== $this->container->get('foq_album.security_helper')->getUser()->getId()) {
throw new AccessDeniedException();
}
}
Expand Down
3 changes: 3 additions & 0 deletions SecurityHelper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ public function __construct(SecurityContext $securityContext)
$this->securityContext = $securityContext;
}

/**
* @return void|User
*/
public function getUser()
{
if ($token = $this->securityContext->getToken()) {
Expand Down

0 comments on commit 0b5e294

Please sign in to comment.