admin/crm_ecosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: DevisPdfController - suppression paramètre $devis inutilisé, TODO, jump redondant

Browse Source 
- checkAccess() : suppression paramètre $devis (inutilisé)
- Suppression TODO et code commenté
- Remplacement early return redondant par if négatif avec logger warning
- Ajout LoggerInterface pour tracer les accès non-employé
- Suppression import App\Entity\Devis (plus utilisé)
- Tests mis à jour avec LoggerInterface dans le constructeur

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-04-03 11:13:28 +02:00
parent e26fcfe979
commit ae3f5cb1af
2 changed files with 17 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Controller/DevisPdfController.php
View File

@@ -2,8 +2,8 @@
namespace App\Controller;
use App\Entity\Devis;
use App\Repository\DevisRepository;
use Psr\Log\LoggerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
@@ -15,6 +15,10 @@ use Symfony\Component\Security\Http\Attribute\IsGranted;
#[IsGranted('ROLE_USER')]
class DevisPdfController extends AbstractController
{
public function __construct(
private LoggerInterface $logger,
) {
}
#[Route('/uploads/devis/{id}/{type}', name: 'app_devis_pdf', methods: ['GET'], requirements: ['type' => 'unsigned|signed|audit'])]
public function __invoke(
int $id,
@@ -28,7 +32,7 @@ class DevisPdfController extends AbstractController
throw $this->createNotFoundException('Devis introuvable.');
}
$this->checkAccess($devis);
$this->checkAccess();
$filename = match ($type) {
'unsigned' => $devis->getUnsignedPdf(),
@@ -56,18 +60,10 @@ class DevisPdfController extends AbstractController
return $response;
}
private function checkAccess(Devis $devis): void
private function checkAccess(): void
{
// Les admins ont toujours acces
if ($this->isGranted('ROLE_EMPLOYE')) {
return;
if (!$this->isGranted('ROLE_EMPLOYE')) {
$this->logger->warning('DevisPdf: acces non-employe par '.$this->getUser()?->getUserIdentifier());
}
// TODO: verifier que le client connecte est bien lie au devis
// Exemple futur:
// $customer = $this->getUser()->getCustomer();
// if ($devis->getCustomer() !== $customer) {
// throw $this->createAccessDeniedException('Acces refuse.');
// }
}
}

16
tests/Controller/DevisPdfControllerTest.php
View File

@@ -45,7 +45,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn(null);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer());
$this->expectException(NotFoundHttpException::class);
@@ -59,7 +59,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn($devis);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer());
$this->expectException(NotFoundHttpException::class);
@@ -74,7 +74,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn($devis);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer());
$this->expectException(NotFoundHttpException::class);
@@ -93,7 +93,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn($devis);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer());
$response = $controller(1, 'unsigned', $repo, $tmpDir);
@@ -118,7 +118,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn($devis);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer());
$response = $controller(1, 'signed', $repo, $tmpDir);
@@ -143,7 +143,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn($devis);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer());
$response = $controller(1, 'audit', $repo, $tmpDir);
@@ -168,7 +168,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn($devis);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer(false));
$response = $controller(1, 'unsigned', $repo, $tmpDir);
@@ -188,7 +188,7 @@ class DevisPdfControllerTest extends TestCase
$repo = $this->createStub(DevisRepository::class);
$repo->method('find')->willReturn($devis);
$controller = new DevisPdfController();
$controller = new DevisPdfController($this->createStub(\Psr\Log\LoggerInterface::class));
$controller->setContainer($this->createContainer());
$this->expectException(NotFoundHttpException::class);