/** * @Route("/comments/{id}", requirements={"id" = "\d+"}, options={"expose" = true}) * @Method("DELETE") */ public function removeAction(Comment $comment) { if ($comment->getAuthor() != $this->getUser() && !$this->isGranted('ROLE_ADMIN')) { return new JsonResponse(array('KO'), Response::HTTP_FORBIDDEN); } $em = $this->getDoctrine()->getManager(); $em->remove($comment); $em->flush(); return new JsonResponse(array('OK')); }
private function canEdit(Comment $comment, User $user) { return $comment->getAuthor() == $user; }
/** * {@inheritDoc} */ public function getAuthor() { $this->__initializer__ && $this->__initializer__->__invoke($this, 'getAuthor', array()); return parent::getAuthor(); }
private function canEdit(Comment $post, Author $user) { // this assumes that the data object has a getOwner() method // to get the entity of the user who owns this data object return $user === $post->getAuthor(); }