add admin controller with generation of QR code

[sveneld]

PR Type

Enhancement

---

Description

• Added a new QrCodeGeneratorController for generating QR codes.

• Introduced a new route /admin/qrCodeGenerator for QR code generation.

• Updated security configuration to restrict QR code generation to ROLE_SUPER_ADMIN.

• Removed the old standalone QR code generation script.

---

Changes walkthrough 📝

	Relevant files
Configuration changes	security.php Updated security configuration for QR code generation        config/packages/security.php Added access control for /admin/qrCodeGenerator route. Restricted access to ROLE_SUPER_ADMIN. +4/-0      routes.php Added route for QR code generator                                                config/routes.php Added a new route /admin/qrCodeGenerator. Linked the route to QrCodeGeneratorController::index. +3/-0
Miscellaneous	generate.php Removed old QR code generation script                                        install/generate.php Removed the old standalone QR code generation script. Deprecated in favor of the new controller-based approach. +0/-91
Enhancement	QrCodeGeneratorController.php Added QR Code Generator Controller                                              src/Controller/QrCodeGeneratorController.php Created a new controller for QR code generation. Generates QR codes for bikes and stands. Outputs QR codes as a downloadable PDF. Utilizes repositories for fetching bikes and stands data. +115/-0

---

Need help?

Type /help how to ... in the comments thread for any question about Qodo Merge usage.

Check out the documentation for more information.

[qodo-merge-pro-for-open-source]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns URL Exposure: The QR codes contain absolute URLs that could expose internal domain information. Consider using relative URLs or configuring URL generation based on environment to avoid exposing sensitive infrastructure details.

⚡ Recommended focus areas for review Input Validation The controller accepts bike numbers and stand names without validation before generating QR codes. Should validate input parameters to prevent generating invalid QR codes. foreach ($bikes as $bike) { $this->addPageQrCode( $pdf, (string)$bike["bikeNum"], $this->generateUrl( 'scan_bike', ['bikeNumber' => $bike["bikeNum"]], UrlGeneratorInterface::ABSOLUTE_URL ), ); } Resource Usage Loading all bikes and stands at once could cause memory issues with large datasets. Consider implementing pagination or batching. $bikes = $bikeRepository->findAll(); foreach ($bikes as $bike) { $this->addPageQrCode( $pdf, (string)$bike["bikeNum"], $this->generateUrl( 'scan_bike', ['bikeNumber' => $bike["bikeNum"]], UrlGeneratorInterface::ABSOLUTE_URL ), ); } $stands = $standRepository->findAll(); foreach ($stands as $stand) { if ($stand["serviceTag"] != 0) { continue; } $this->addPageQrCode( $pdf, $stand["standName"], $this->generateUrl( 'scan_stand', ['standName' => $stand["standName"]], UrlGeneratorInterface::ABSOLUTE_URL ), ); }

[qodo-merge-pro-for-open-source]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Add input validation for URL parameters to prevent potential security vulnerabilities Add input validation for $bike["bikeNum"] and $stand["standName"] before using them in URL generation to prevent potential XSS or path traversal attacks. src/Controller/QrCodeGeneratorController.php [61-64] +$bikeNum = filter_var($bike["bikeNum"], FILTER_SANITIZE_STRING); +if ($bikeNum === false) { + throw new \InvalidArgumentException('Invalid bike number'); +} $this->generateUrl( 'scan_bike', - ['bikeNumber' => $bike["bikeNum"]], + ['bikeNumber' => $bikeNum], UrlGeneratorInterface::ABSOLUTE_URL ), Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion addresses a critical security concern by adding validation for user-facing data that's used in URL generation, helping prevent XSS and path traversal attacks.	8
Possible issue	Add error handling for PDF generation process to prevent silent failures Add error handling for PDF generation to gracefully handle failures and provide user feedback. src/Controller/QrCodeGeneratorController.php [84-93] -return new StreamedResponse( - function () use ($pdf) { - $pdf->Output('qrcodes.pdf', 'D'); - }, - Response::HTTP_OK, - [ - 'Content-Type' => 'application/pdf', - 'Content-Disposition' => 'attachment; filename="qrcodes.pdf"' - ] -); +try { + return new StreamedResponse( + function () use ($pdf) { + $pdf->Output('qrcodes.pdf', 'D'); + }, + Response::HTTP_OK, + [ + 'Content-Type' => 'application/pdf', + 'Content-Disposition' => 'attachment; filename="qrcodes.pdf"' + ] + ); +} catch (\Exception $e) { + throw new \RuntimeException('Failed to generate PDF: ' . $e->getMessage()); +} Apply this suggestion Suggestion importance[1-10]: 7 Why: Adding proper error handling for PDF generation is important for system reliability and debugging, preventing silent failures that could confuse users and administrators.	7