]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | ||
3 | namespace Wallabag\ApiBundle\Controller; | |
4 | ||
5 | use FOS\RestBundle\Controller\FOSRestController; | |
6 | use Nelmio\ApiDocBundle\Annotation\ApiDoc; | |
7 | use Symfony\Component\HttpFoundation\JsonResponse; | |
8 | use Symfony\Component\Security\Core\Exception\AccessDeniedException; | |
9 | ||
10 | class WallabagRestController extends FOSRestController | |
11 | { | |
12 | /** | |
13 | * Retrieve version number. | |
14 | * | |
15 | * @ApiDoc() | |
16 | * | |
17 | * @return JsonResponse | |
18 | */ | |
19 | public function getVersionAction() | |
20 | { | |
21 | $version = $this->container->getParameter('wallabag_core.version'); | |
22 | $json = $this->get('serializer')->serialize($version, 'json'); | |
23 | ||
24 | return (new JsonResponse())->setJson($json); | |
25 | } | |
26 | ||
27 | protected function validateAuthentication() | |
28 | { | |
29 | if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) { | |
30 | throw new AccessDeniedException(); | |
31 | } | |
32 | } | |
33 | ||
34 | /** | |
35 | * Validate that the first id is equal to the second one. | |
36 | * If not, throw exception. It means a user try to access information from an other user. | |
37 | * | |
38 | * @param int $requestUserId User id from the requested source | |
39 | */ | |
40 | protected function validateUserAccess($requestUserId) | |
41 | { | |
42 | $user = $this->get('security.token_storage')->getToken()->getUser(); | |
43 | if ($requestUserId != $user->getId()) { | |
44 | throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId()); | |
45 | } | |
46 | } | |
47 | } |