|
@@ -18,10 +18,13 @@ use App\Service\DateTimeHelper;
|
|
|
|
|
|
|
|
final class SlotController extends AbstractController
|
|
final class SlotController extends AbstractController
|
|
|
{
|
|
{
|
|
|
- #[IsGranted(new Expression('is_granted("ROLE_ADMIN") or is_granted("ROLE_MANAGER")'))]
|
|
|
|
|
#[Route('/api/slot/{id}/nexts', name: 'api_slot_nexts', requirements: ['id' => '\d+'], methods: ['POST'])]
|
|
#[Route('/api/slot/{id}/nexts', name: 'api_slot_nexts', requirements: ['id' => '\d+'], methods: ['POST'])]
|
|
|
public function apiSlotNexts(?Slot $slot, SlotRepository $repository): JsonResponse
|
|
public function apiSlotNexts(?Slot $slot, SlotRepository $repository): JsonResponse
|
|
|
{
|
|
{
|
|
|
|
|
+ // Accès uniquement aux gestionnaires ou admin
|
|
|
|
|
+ if (!$this->isGranted('ROLE_MANAGER')) {
|
|
|
|
|
+ return $this->json(['error' => 'Unauthorized'], 403);
|
|
|
|
|
+ }
|
|
|
if (!$slot) {
|
|
if (!$slot) {
|
|
|
return $this->json(['error' => 'Slot not found'], 404);
|
|
return $this->json(['error' => 'Slot not found'], 404);
|
|
|
}
|
|
}
|
garthh