]>
Commit | Line | Data |
---|---|---|
f8bf8952 NL |
1 | <?php |
2 | ||
769e19dc | 3 | namespace Wallabag\ApiBundle\Controller; |
f8bf8952 | 4 | |
fcb1fba5 | 5 | use FOS\RestBundle\Controller\FOSRestController; |
b0b893ea | 6 | use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
be463487 | 7 | use Wallabag\CoreBundle\Entity\Entry; |
864c1dd2 JB |
8 | use Nelmio\ApiDocBundle\Annotation\ApiDoc; |
9 | use Symfony\Component\HttpFoundation\JsonResponse; | |
f8bf8952 | 10 | |
fcb1fba5 | 11 | class WallabagRestController extends FOSRestController |
f8bf8952 | 12 | { |
2b477030 | 13 | /** |
6f8310b4 TC |
14 | * Retrieve version number. |
15 | * | |
16 | * @ApiDoc() | |
2b477030 | 17 | * |
60faee00 | 18 | * @return JsonResponse |
2b477030 V |
19 | */ |
20 | public function getVersionAction() | |
21 | { | |
22 | $version = $this->container->getParameter('wallabag_core.version'); | |
2b477030 | 23 | $json = $this->get('serializer')->serialize($version, 'json'); |
864c1dd2 | 24 | |
60faee00 | 25 | return (new JsonResponse())->setJson($json); |
2b477030 | 26 | } |
769e19dc | 27 | |
900c8448 | 28 | protected function validateAuthentication() |
ac8cf632 | 29 | { |
18f8f32f | 30 | if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) { |
77273253 | 31 | throw new AccessDeniedException(); |
ac8cf632 | 32 | } |
ac8cf632 JB |
33 | } |
34 | ||
769e19dc J |
35 | /** |
36 | * Validate that the first id is equal to the second one. | |
4346a860 | 37 | * If not, throw exception. It means a user try to access information from an other user. |
769e19dc | 38 | * |
4346a860 | 39 | * @param int $requestUserId User id from the requested source |
769e19dc | 40 | */ |
900c8448 | 41 | protected function validateUserAccess($requestUserId) |
769e19dc | 42 | { |
18f8f32f | 43 | $user = $this->get('security.token_storage')->getToken()->getUser(); |
fcb1fba5 NL |
44 | if ($requestUserId != $user->getId()) { |
45 | throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId()); | |
769e19dc J |
46 | } |
47 | } | |
7df80cb3 | 48 | } |