fix: #51 & #52 flush entitymanager after remove operation & remove re…

…dundant voter
stlgaits · Sep 18, 2022 · 57afd09 · 57afd09
1 parent c51f5aa
commit 57afd09
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 13 deletions.
diff --git a/src/DataPersister/CustomerDataPersister.php b/src/DataPersister/CustomerDataPersister.php
@@ -36,6 +36,7 @@ public function persist($data, array $context = [])
         $data->setAccount($user->getAccount());
         $this->entityManager->persist($data);
         $this->entityManager->flush();
+        return $data;
     }
 
     /**
@@ -44,6 +45,7 @@ public function persist($data, array $context = [])
     public function remove($data, array $context = [])
     {
         $this->entityManager->remove($data);
+        $this->entityManager->flush();
     }
 }
 
diff --git a/src/DataPersister/UserDataPersister.php b/src/DataPersister/UserDataPersister.php
@@ -47,6 +47,7 @@ public function persist($data, $context = [])
         $data->setAccount($user->getAccount());
         $this->entityManager->persist($data);
         $this->entityManager->flush();
+        return $data;
     }
 
     /**
@@ -55,5 +56,6 @@ public function persist($data, $context = [])
     public function remove($data, array $context = [])
     {
         $this->entityManager->remove($data);
+        $this->entityManager->flush();
     }
 }
diff --git a/src/Entity/Customer.php b/src/Entity/Customer.php
@@ -13,19 +13,16 @@
 #[ORM\Entity(repositoryClass: CustomerRepository::class)]
 #[ApiResource(
     collectionOperations: [
-        "get" => [
-            "security" => "is_granted('VIEW_CUSTOMER', object)",
-            "security_message" => "So sorry, you can only access Customers linked to your own Account.",
-        ],
+        "get",
         "post"
     ],
     itemOperations: [
-        "get" => [
-            'security' => 'is_granted("ROLE_ADMIN") or object.getAccount() == user.getAccount()',
-            'security_message' => 'Sorry, you can only access Customers linked to your own Account.',
-        ],
-        "delete" => ["security" => "is_granted('ROLE_ADMIN') or object.getAccount() == user.getAccount()"],
-    ],
+        "get",
+        "delete" => [
+            "security" => "is_granted('DELETE_CUSTOMER', object)",
+            'security_message' => 'Sorry, you can only delete Customers linked to your own Account.',
+            ],
+     ],
     attributes: [
         'pagination_items_per_page' => 10,
         'formats' => ['json', 'jsonld'],
@@ -39,6 +36,7 @@ class Customer
     #[ORM\Id]
     #[ORM\GeneratedValue]
     #[ORM\Column(type: 'integer')]
+    #[Groups(['customer:read'])]
     private ?int $id;
 
     #[ORM\Column(type: 'string', length: 255, unique: true)]

diff --git a/src/Security/Voter/CustomerVoter.php b/src/Security/Voter/CustomerVoter.php
@@ -11,7 +11,7 @@
 
 class CustomerVoter extends Voter
 {
-    public const VIEW_CUSTOMER = 'VIEW_CUSTOMER';
+    public const DELETE_CUSTOMER = 'DELETE_CUSTOMER';
 
     private Security $security;
 
@@ -22,7 +22,7 @@ public function __construct(Security $security)
 
     protected function supports(string $attribute, $subject): bool
     {
-        return $attribute == self::VIEW_CUSTOMER
+        return $attribute == self::DELETE_CUSTOMER
             && $subject instanceof Customer;
     }
 
@@ -39,7 +39,7 @@ protected function voteOnAttribute(string $attribute,  $subject, TokenInterface
 
         /** @var Customer $subject */
 
-        if ($attribute == self::VIEW_CUSTOMER) {
+        if ($attribute == self::DELETE_CUSTOMER) {
             if ($subject->getAccount() === $user->getAccount()) {
                 return true;
             }