Add Security for history

src/Controller/HistoryController.php

@@ -3,6 +3,7 @@
 namespace App\Controller;
 
 use App\Entity\Snip;
+use App\Security\Voter\SnipVoter;
 use App\Service\SnipServiceFactory;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
@@ -20,6 +21,8 @@ class HistoryController extends AbstractController
     #[Route('/', name: '_index')]
     public function index(Snip $snip): Response
     {
+        $this->denyAccessUnlessGranted(SnipVoter::EDIT, $snip);
+
         return $this->render('history/index.html.twig', [
             'snip' => $snip,
             'commits' => $this->snipServiceFactory->create($snip)->getRepo()->getAllCommits(),
@@ -29,6 +32,8 @@ class HistoryController extends AbstractController
     #[Route('/set/{commit}', name: '_set')]
     public function set(Snip $snip, string $commit): Response
     {
+        $this->denyAccessUnlessGranted(SnipVoter::EDIT, $snip);
+
         $this->snipServiceFactory->create($snip)->getRepo()->checkout($commit);
         $this->addFlash('success', 'Snip version set to ' . $commit);
         return $this->redirectToRoute('snip_single', ['snip' => $snip->getId()]);

templates/history/index.html.twig

@@ -6,9 +6,10 @@
     <a href="{{ path('snip_single', {snip: snip.id}) }}" class="btn btn-primary">
         <i class="fa fa-arrow-left"></i> Back
     </a>
-    <a href="{{ path('history_set', {commit: 'master', snip: snip.id}) }}" class="btn btn-primary">
+    <a href="{{ path('history_set', {commit: 'master', snip: snip.id}) }}" class="btn btn-warning">
-        <i class="fa fa-reset"></i> Reset to latest
+        <i class="fa fa-refresh"></i> Master
     </a>
+    <br><br>
     <div class="list-group">
         {% for commit in commits %}
             <a class="list-group-item" href="{{ path('history_set', {commit: commit.hash, snip: snip.id}) }}">