From e5a243a52b910e35b10b26c06aa8978356b86769 Mon Sep 17 00:00:00 2001 From: Daniel Weipert Date: Sat, 2 Dec 2023 14:14:34 +0100 Subject: login and events --- src/Controller/Village.php | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'src/Controller/Village.php') diff --git a/src/Controller/Village.php b/src/Controller/Village.php index 16a8981..c678779 100644 --- a/src/Controller/Village.php +++ b/src/Controller/Village.php @@ -3,6 +3,7 @@ namespace App\Controller; use App\DB; +use App\Guard; use App\Model\Event\SendUnits; use App\Model\Event\TrainUnits; use App\Model\Event\UpgradeBuilding; @@ -19,7 +20,15 @@ class Village #[Route(path: '/villages', methods: ['GET'])] public function list(): Response { - $villages = DB::fetch(Model::class, "select * from villages"); + $villages = DB::fetch( + Model::class, + << $_SESSION['user']['id']] + ); return new Response(View::render('villages.twig', [ 'villages' => $villages, @@ -30,6 +39,11 @@ class Village public function show(Request $request): Response { $village = Model::getByCoordinates($request->get('x'), $request->get('y')); + + if (! Guard::ownsVillage($village->id)) { + return new Response(View::render('error.twig', ['message' => 'Insufficient permission']), 403); + } + $events = []; $eventsBuilding = DB::query( @@ -41,7 +55,7 @@ class Village )->fetchAll(); foreach ($eventsBuilding as $row) { - $events['UpgradeBuilding'][] = DB::convertToModel(UpgradeBuilding::class, $row); + $events['UpgradeBuilding'][$row['type']][] = DB::convertToModel(UpgradeBuilding::class, $row); } $eventsUnits = DB::query( @@ -68,7 +82,7 @@ class Village << $village->id] )->fetchAll(); -- cgit v1.2.3