]> git.immae.eu Git - github/wallabag/wallabag.git/blobdiff - src/Wallabag/ApiBundle/Controller/DeveloperController.php
projects / github / wallabag / wallabag.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #3245 from wallabag/fix-bc
[github/wallabag/wallabag.git] / src / Wallabag / ApiBundle / Controller / DeveloperController.php
diff --git a/src/Wallabag/ApiBundle/Controller/DeveloperController.php b/src/Wallabag/ApiBundle/Controller/DeveloperController.php
index 5a36a2605595f6e2503a06ab8e493ae0967df544..9cb73f4cf0b1778cc29197b6589de0c1ec894b17 100644 (file)
--- a/src/Wallabag/ApiBundle/Controller/DeveloperController.php
+++ b/src/Wallabag/ApiBundle/Controller/DeveloperController.php
@@ -19,7 +19,7 @@ class DeveloperController extends Controller
      */
     public function indexAction()
     {
-        $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findAll();
+        $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findByUser($this->getUser()->getId());
 
         return $this->render('@WallabagCore/themes/common/Developer/index.html.twig', [
             'clients' => $clients,
@@ -38,12 +38,12 @@ class DeveloperController extends Controller
     public function createClientAction(Request $request)
     {
         $em = $this->getDoctrine()->getManager();
-        $client = new Client();
+        $client = new Client($this->getUser());
         $clientForm = $this->createForm(ClientType::class, $client);
         $clientForm->handleRequest($request);
 
-        if ($clientForm->isValid()) {
-            $client->setAllowedGrantTypes(['token', 'authorization_code', 'password', 'refresh_token']);
+        if ($clientForm->isSubmitted() && $clientForm->isValid()) {
+            $client->setAllowedGrantTypes(['client_credentials', 'token', 'authorization_code', 'password', 'refresh_token']);
             $em->persist($client);
             $em->flush();
 
@@ -75,6 +75,10 @@ class DeveloperController extends Controller
      */
     public function deleteClientAction(Client $client)
     {
+        if (null === $this->getUser() || $client->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException('You can not access this client.');
+        }
+
         $em = $this->getDoctrine()->getManager();
         $em->remove($client);
         $em->flush();
A self hostable application for saving web pages: Save and classify articles. Read them later. Freely.