Added Gedmo stuff, fix translations (#117)

* Added Gedmo stuff, fix translations

* Add CSRF token validation across backoffice forms

- Added CSRF validations to candidate correction, penalty, answer saving, and elimination forms.
- Updated corresponding Twig templates to include CSRF token inputs.
- Adjusted column count in `tab_result` template to maintain layout consistency.

* Add unique index constraint for `quiz_candidate` with soft delete support

- Updated migration to include a unique index on `quiz_candidate` table that excludes soft-deleted records.
- Adjusted `QuizCandidate` entity to reflect the new unique constraint with `deleted_at` condition.

* Add CSRF token validation for quiz-related actions

- Added CSRF validation to `enableQuiz`, `clearQuiz`, `deleteQuiz`, `toggleCandidate`, and `prepareElimination` actions.
- Updated Twig templates to replace links with POST forms to include CSRF tokens.
- Set HTTP method restrictions for related endpoints to `POST`.

* Fix unique index condition for `quiz_candidate` with soft deletes

- Updated condition in unique index definition of `quiz_candidate` to add parentheses for clarity.
- Adjusted related migration to reflect the revised condition.

* Remove if for post an use methods in Route instead

* Refactor CSRF token validation in backoffice controllers

- Applied `#[IsCsrfTokenValid]` attribute for CSRF checks to simplify and standardize validation.
- Removed manual `isCsrfTokenValid` calls and associated exception throwing.
- Updated method signatures across affected endpoints to remove unnecessary `Request` dependency.
- Ensured consistency in route HTTP method restrictions where applicable.

* Add rector and phpstan

* Add validation for answering incorrect quiz question

- Added logic to prevent candidates from answering questions out of sequence in `QuizController`.
- Updated Dutch translations to include the new error message.

* Things
This commit is contained in:
2026-05-24 19:43:30 +02:00
committed by GitHub
parent c033965652
commit 281462fab8
30 changed files with 319 additions and 135 deletions
+10 -1
View File
@@ -9,6 +9,7 @@ use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Attribute\AsController;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsCsrfTokenValid;
use Symfony\Contracts\Translation\TranslatorInterface;
use Tvdt\Entity\Answer;
use Tvdt\Entity\Candidate;
@@ -70,10 +71,12 @@ final class QuizController extends AbstractController
return $this->render('quiz/enter_name.twig', ['season' => $season, 'form' => $form]);
}
#[IsCsrfTokenValid('question', tokenKey: 'token', methods: ['POST'])]
#[Route(
path: '/{seasonCode:season}/{nameHash}',
name: 'tvdt_quiz_quiz_page',
requirements: ['seasonCode' => self::SEASON_CODE_REGEX, 'nameHash' => self::CANDIDATE_HASH_REGEX],
methods: ['GET', 'POST'],
)]
public function quizPage(
Season $season,
@@ -96,7 +99,7 @@ final class QuizController extends AbstractController
return $this->redirectToRoute('tvdt_quiz_enter_name', ['seasonCode' => $season->seasonCode]);
}
if ('POST' === $request->getMethod()) {
if ($request->isMethod('POST')) {
// TODO: Extract saving answer logic to a service
// Check if candidate is inactive for this quiz
$quizCandidate = $this->quizCandidateRepository->findOneBy(['quiz' => $quiz, 'candidate' => $candidate]);
@@ -114,6 +117,12 @@ final class QuizController extends AbstractController
return $this->redirectToRoute('tvdt_quiz_quiz_page', ['seasonCode' => $season->seasonCode, 'nameHash' => $nameHash]);
}
if ($answer->question !== $this->questionRepository->findNextQuestionForCandidate($candidate)) {
$this->addFlash(FlashType::Danger, $this->translator->trans('You cannot answer this question'));
return $this->redirectToRoute('tvdt_quiz_quiz_page', ['seasonCode' => $season->seasonCode, 'nameHash' => $nameHash]);
}
$givenAnswer = new GivenAnswer($candidate, $answer->question->quiz, $answer);
$this->entityManager->persist($givenAnswer);
$this->entityManager->flush();