Record deletion logic (maybe)

src/Controller/BibliographyController.php

@@ -6,19 +6,19 @@ use App\Entity\Bibliography;
 use App\Entity\Collection;
 use App\Entity\Collector;
 use App\Form\BibliographyType;
-//use App\Security\Voter\VocabVoter;
+use App\Security\Voter\RecordVoter;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
-//use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
 class BibliographyController extends AbstractController
 {
     #[Route('/bibliography/{id<\d+>}', name: 'app_bibliography')]
     public function index(Bibliography $bibliography, EntityManagerInterface $em): Response
     {
+
         $repo = $em->getRepository(Collection::class);
         $collections = $repo->findAllByBibliography($bibliography->getId());
         $repo = $em->getRepository(Collector::class);
@@ -71,15 +71,23 @@ class BibliographyController extends AbstractController
         ]);
     }
     /**
-     * @todo Permissions!
+     * @todo Permissions! Return JSON with 403 when AJAX
      */
     #[Route('/bibliography/delete/{id<\d+>}', name: 'app_bibliography_del')]
     public function delete(Bibliography $bibliography, EntityManagerInterface $em): Response
     {
+        try {
+            $this->denyAccessUnlessGranted(RecordVoter::DELETE, $bibliography);
+        }
+        catch (AccessDeniedException) {
+            $this->addFlash('warning', 'You are not authorized to delete this record');
+            return $this->redirectToRoute('app_home');
+        }
+
         $em->remove($bibliography);
         $em->flush();
 
-        $this->addFlash('notice', 'Term deleted successfully');
+        $this->addFlash('notice', 'Record deleted successfully');
 
         return $this->redirectToRoute('app_bibliography_landing');
     }