Move API stuff in ApiBundle

[github/wallabag/wallabag.git] / src / Wallabag / ApiBundle / Controller / WallabagRestController.php

diff --git a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
similarity index 79%
rename from src/Wallabag/CoreBundle/Controller/WallabagRestController.php
rename to src/Wallabag/ApiBundle/Controller/WallabagRestController.php
index 14f42c488bcad3f2b912aa87590ce3a171d00ad4..21e4552dbe255d8357bb9d90ed9091a3d44835df 100644 (file)
--- a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Wallabag\CoreBundle\Controller;
+namespace Wallabag\ApiBundle\Controller;
 
 use Nelmio\ApiDocBundle\Annotation\ApiDoc;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
@@ -62,6 +62,7 @@ class WallabagRestController extends Controller
 
         return array($user->getSalt() ?: null);
     }
+
     /**
      * Retrieve all entries. It could be filtered by many options.
      *
@@ -86,17 +87,13 @@ class WallabagRestController extends Controller
         $order      = $request->query->get('order', 'desc');
         $page       = (int) $request->query->get('page', 1);
         $perPage    = (int) $request->query->get('perPage', 30);
-        $tags       = $request->query->get('tags', array());
+        $tags       = $request->query->get('tags', []);
 
         $pager = $this
             ->getDoctrine()
             ->getRepository('WallabagCoreBundle:Entry')
             ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order);
 
-        if (0 === $pager->getNbResults()) {
-            throw $this->createNotFoundException();
-        }
-
         $pager->setCurrentPage($page);
         $pager->setMaxPerPage($perPage);
 
@@ -108,7 +105,7 @@ class WallabagRestController extends Controller
 
         $json = $this->get('serializer')->serialize($paginatedCollection, 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -123,13 +120,11 @@ class WallabagRestController extends Controller
      */
     public function getEntryAction(Entry $entry)
     {
-        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
-        }
+        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry, 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -165,7 +160,7 @@ class WallabagRestController extends Controller
 
         $json = $this->get('serializer')->serialize($entry, 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -186,9 +181,7 @@ class WallabagRestController extends Controller
      */
     public function patchEntriesAction(Entry $entry, Request $request)
     {
-        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
-        }
+        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
 
         $title      = $request->request->get("title");
         $isArchived = $request->request->get("archive");
@@ -216,7 +209,7 @@ class WallabagRestController extends Controller
 
         $json = $this->get('serializer')->serialize($entry, 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -231,9 +224,7 @@ class WallabagRestController extends Controller
      */
     public function deleteEntriesAction(Entry $entry)
     {
-        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
-        }
+        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
 
         $em = $this->getDoctrine()->getManager();
         $em->remove($entry);
@@ -241,7 +232,7 @@ class WallabagRestController extends Controller
 
         $json = $this->get('serializer')->serialize($entry, 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -255,13 +246,11 @@ class WallabagRestController extends Controller
      */
     public function getEntriesTagsAction(Entry $entry)
     {
-        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
-        }
+        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -278,9 +267,7 @@ class WallabagRestController extends Controller
      */
     public function postEntriesTagsAction(Request $request, Entry $entry)
     {
-        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
-        }
+        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
 
         $tags = $request->request->get('tags', '');
         if (!empty($tags)) {
@@ -293,7 +280,7 @@ class WallabagRestController extends Controller
 
         $json = $this->get('serializer')->serialize($entry, 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -301,16 +288,14 @@ class WallabagRestController extends Controller
      *
      * @ApiDoc(
      *      requirements={
-     *          {"name"="tag", "dataType"="string", "requirement"="\w+", "description"="The tag"},
+     *          {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag ID"},
      *          {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
      *      }
      * )
      */
     public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
     {
-        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
-        }
+        $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
 
         $entry->removeTag($tag);
         $em = $this->getDoctrine()->getManager();
@@ -319,7 +304,7 @@ class WallabagRestController extends Controller
 
         $json = $this->get('serializer')->serialize($entry, 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -331,7 +316,7 @@ class WallabagRestController extends Controller
     {
         $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
 
-        return new Response($json, 200, array('application/json'));
+        return $this->renderJsonResponse($json);
     }
 
     /**
@@ -339,15 +324,13 @@ class WallabagRestController extends Controller
      *
      * @ApiDoc(
      *      requirements={
-     *          {"name"="tag", "dataType"="string", "requirement"="\w+", "description"="The tag"}
+     *          {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag"}
      *      }
      * )
      */
     public function deleteTagAction(Tag $tag)
     {
-        if ($tag->getUser()->getId() != $this->getUser()->getId()) {
-            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$tag->getUser()->getId().', logged user id: '.$this->getUser()->getId());
-        }
+        $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId());
 
         $em = $this->getDoctrine()->getManager();
         $em->remove($tag);
@@ -355,6 +338,33 @@ class WallabagRestController extends Controller
 
         $json = $this->get('serializer')->serialize($tag, 'json');
 
+        return $this->renderJsonResponse($json);
+    }
+
+    /**
+     * Validate that the first id is equal to the second one.
+     * If not, throw exception. It means a user try to access information from an other user
+     *
+     * @param integer $requestUserId User id from the requested source
+     * @param integer $currentUserId User id from the retrieved source
+     */
+    private function validateUserAccess($requestUserId, $currentUserId)
+    {
+        if ($requestUserId != $currentUserId) {
+            throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId);
+        }
+    }
+
+    /**
+     * Send a JSON Response.
+     * We don't use the Symfony JsonRespone, because it takes an array as parameter instead of a JSON string
+     *
+     * @param string $json
+     *
+     * @return Response
+     */
+    private function renderJsonResponse($json)
+    {
         return new Response($json, 200, array('application/json'));
     }
 }