Thomas Peterson
408b37a5ea
- CardTemplate-Entität (Layout pro Firma; company=null = globale Vorlage)
- CardTemplateFactory: Standardlayout, greift Firmen-Branding + QR ab
- CardPdfRenderer (TCPDF): 85x55mm + 2mm Beschnitt, Schnittmarken, CMYK,
Vorder-/Rückseite, mm-genaue Element-Platzierung, eingebetteter QR
- GET /api/employees/{id}/card.pdf (Auth + Mandantenprüfung)
- Konzept §13 (Druckdaten) ergänzt
Verifiziert: 2 Seiten, CMYK-Farbraum, Schnittmarken, Branding durchgängig.
Offen: PDF/X-1a-Finishing (Ghostscript), Font-Embedding, visueller Editor.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
66 lines
2.4 KiB
PHP
66 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace App\Controller;
|
|
|
|
use App\Entity\Employee;
|
|
use App\Repository\CardTemplateRepository;
|
|
use App\Repository\EmployeeRepository;
|
|
use App\Security\TenantContext;
|
|
use App\Service\CardPdfRenderer;
|
|
use App\Service\CardTemplateFactory;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
use Symfony\Component\Routing\Attribute\Route;
|
|
use Symfony\Component\Security\Http\Attribute\IsGranted;
|
|
use Symfony\Component\Uid\Uuid;
|
|
|
|
/**
|
|
* Erzeugt die druckfertige Visitenkarte (PDF) für einen Mitarbeiter.
|
|
*/
|
|
#[IsGranted('ROLE_COMPANY_ADMIN')]
|
|
final class CardPdfController
|
|
{
|
|
public function __construct(
|
|
private readonly EmployeeRepository $employees,
|
|
private readonly CardTemplateRepository $templates,
|
|
private readonly CardTemplateFactory $factory,
|
|
private readonly CardPdfRenderer $renderer,
|
|
private readonly TenantContext $tenant,
|
|
) {
|
|
}
|
|
|
|
#[Route('/api/employees/{id}/card.pdf', name: 'employee_card_pdf', methods: ['GET'])]
|
|
public function __invoke(string $id): Response
|
|
{
|
|
$employee = $this->employees->find(Uuid::fromString($id));
|
|
if (!$employee instanceof Employee) {
|
|
throw new NotFoundHttpException('Mitarbeiter nicht gefunden.');
|
|
}
|
|
$this->assertAccess($employee);
|
|
|
|
$template = $this->templates->findCardForCompany($employee->getCompany()) ?? $this->factory->default();
|
|
$pdf = $this->renderer->render($employee, $template);
|
|
|
|
return new Response($pdf, 200, [
|
|
'Content-Type' => 'application/pdf',
|
|
'Content-Disposition' => sprintf('inline; filename="visitenkarte-%s.pdf"', $employee->getSlug()),
|
|
]);
|
|
}
|
|
|
|
private function assertAccess(Employee $employee): void
|
|
{
|
|
if ($this->tenant->isPlatformAdmin()) {
|
|
return;
|
|
}
|
|
$reseller = $this->tenant->getReseller();
|
|
if (null === $reseller || $employee->getReseller()?->getId()->equals($reseller->getId()) !== true) {
|
|
throw new AccessDeniedHttpException('Mitarbeiter gehört nicht zum eigenen Mandanten.');
|
|
}
|
|
$own = $this->tenant->getCompany();
|
|
if (null !== $own && !$employee->getCompany()->getId()->equals($own->getId())) {
|
|
throw new AccessDeniedHttpException('Nur Mitarbeiter der eigenen Firma.');
|
|
}
|
|
}
|
|
}
|