[github/wallabag/wallabag.git] / src / Wallabag / ApiBundle / Controller / WallabagRestController.php

<?php

namespace Wallabag\ApiBundle\Controller;

use FOS\RestBundle\Controller\FOSRestController;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Wallabag\CoreBundle\Entity\Entry;
use Nelmio\ApiDocBundle\Annotation\ApiDoc;
use Symfony\Component\HttpFoundation\JsonResponse;

class WallabagRestController extends FOSRestController
{
    /**
     * Retrieve version number.
     *
     * @ApiDoc()
     *
     * @return JsonResponse
     */
    public function getVersionAction()
    {
        $version = $this->container->getParameter('wallabag_core.version');
        $json = $this->get('serializer')->serialize($version, 'json');

        return (new JsonResponse())->setJson($json);
    }

    protected function validateAuthentication()
    {
        if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
            throw new AccessDeniedException();
        }
    }

    /**
     * Validate that the first id is equal to the second one.
     * If not, throw exception. It means a user try to access information from an other user.
     *
     * @param int $requestUserId User id from the requested source
     */
    protected function validateUserAccess($requestUserId)
    {
        $user = $this->get('security.token_storage')->getToken()->getUser();
        if ($requestUserId != $user->getId()) {
            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
        }
    }
}
Commit	Line	Data
f8bf8952 NL	1	<?php
f8bf8952 NL	2
769e19dc	3	namespace Wallabag\ApiBundle\Controller;
f8bf8952	4
fcb1fba5	5	use FOS\RestBundle\Controller\FOSRestController;
b0b893ea	6	use Symfony\Component\Security\Core\Exception\AccessDeniedException;
be463487	7	use Wallabag\CoreBundle\Entity\Entry;
864c1dd2 JB	8	use Nelmio\ApiDocBundle\Annotation\ApiDoc;
864c1dd2 JB	9	use Symfony\Component\HttpFoundation\JsonResponse;
f8bf8952	10
fcb1fba5	11	class WallabagRestController extends FOSRestController
f8bf8952	12	{
2b477030	13	/**
6f8310b4 TC	14	* Retrieve version number.
	15	*
	16	* @ApiDoc()
2b477030	17	*
60faee00	18	* @return JsonResponse
2b477030 V	19	*/
	20	public function getVersionAction()
	21	{
	22	$version = $this->container->getParameter('wallabag_core.version');
2b477030	23	$json = $this->get('serializer')->serialize($version, 'json');
864c1dd2	24
60faee00	25	return (new JsonResponse())->setJson($json);
2b477030	26	}
769e19dc	27
900c8448	28	protected function validateAuthentication()
ac8cf632	29	{
18f8f32f	30	if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
77273253	31	throw new AccessDeniedException();
ac8cf632	32	}
ac8cf632 JB	33	}
ac8cf632 JB	34
769e19dc J	35	/**
769e19dc J	36	* Validate that the first id is equal to the second one.
4346a860	37	* If not, throw exception. It means a user try to access information from an other user.
769e19dc	38	*
4346a860	39	* @param int $requestUserId User id from the requested source
769e19dc	40	*/
900c8448	41	protected function validateUserAccess($requestUserId)
769e19dc	42	{
18f8f32f	43	$user = $this->get('security.token_storage')->getToken()->getUser();
fcb1fba5 NL	44	if ($requestUserId != $user->getId()) {
fcb1fba5 NL	45	throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
769e19dc J	46	}
769e19dc J	47	}
7df80cb3	48	}