<?php
-namespace Wallabag\CoreBundle\Controller;
+namespace Wallabag\ApiBundle\Controller;
use Nelmio\ApiDocBundle\Annotation\ApiDoc;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
return array($user->getSalt() ?: null);
}
+
/**
* Retrieve all entries. It could be filtered by many options.
*
$order = $request->query->get('order', 'desc');
$page = (int) $request->query->get('page', 1);
$perPage = (int) $request->query->get('perPage', 30);
- $tags = $request->query->get('tags', array());
+ $tags = $request->query->get('tags', []);
$pager = $this
->getDoctrine()
->getRepository('WallabagCoreBundle:Entry')
->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order);
- if (0 === $pager->getNbResults()) {
- throw $this->createNotFoundException();
- }
-
$pager->setCurrentPage($page);
$pager->setMaxPerPage($perPage);
$json = $this->get('serializer')->serialize($paginatedCollection, 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
*/
public function getEntryAction(Entry $entry)
{
- if ($entry->getUser()->getId() != $this->getUser()->getId()) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
- }
+ $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
$json = $this->get('serializer')->serialize($entry, 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
$json = $this->get('serializer')->serialize($entry, 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
*/
public function patchEntriesAction(Entry $entry, Request $request)
{
- if ($entry->getUser()->getId() != $this->getUser()->getId()) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
- }
+ $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
$title = $request->request->get("title");
$isArchived = $request->request->get("archive");
$json = $this->get('serializer')->serialize($entry, 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
*/
public function deleteEntriesAction(Entry $entry)
{
- if ($entry->getUser()->getId() != $this->getUser()->getId()) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
- }
+ $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
$em = $this->getDoctrine()->getManager();
$em->remove($entry);
$json = $this->get('serializer')->serialize($entry, 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
*/
public function getEntriesTagsAction(Entry $entry)
{
- if ($entry->getUser()->getId() != $this->getUser()->getId()) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
- }
+ $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
$json = $this->get('serializer')->serialize($entry->getTags(), 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
*/
public function postEntriesTagsAction(Request $request, Entry $entry)
{
- if ($entry->getUser()->getId() != $this->getUser()->getId()) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
- }
+ $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
$tags = $request->request->get('tags', '');
if (!empty($tags)) {
$json = $this->get('serializer')->serialize($entry, 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
*
* @ApiDoc(
* requirements={
- * {"name"="tag", "dataType"="string", "requirement"="\w+", "description"="The tag"},
+ * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag ID"},
* {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
* }
* )
*/
public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
{
- if ($entry->getUser()->getId() != $this->getUser()->getId()) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$entry->getUser()->getId().', logged user id: '.$this->getUser()->getId());
- }
+ $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
$entry->removeTag($tag);
$em = $this->getDoctrine()->getManager();
$json = $this->get('serializer')->serialize($entry, 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
{
$json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
- return new Response($json, 200, array('application/json'));
+ return $this->renderJsonResponse($json);
}
/**
*
* @ApiDoc(
* requirements={
- * {"name"="tag", "dataType"="string", "requirement"="\w+", "description"="The tag"}
+ * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag"}
* }
* )
*/
public function deleteTagAction(Tag $tag)
{
- if ($tag->getUser()->getId() != $this->getUser()->getId()) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$tag->getUser()->getId().', logged user id: '.$this->getUser()->getId());
- }
+ $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId());
$em = $this->getDoctrine()->getManager();
$em->remove($tag);
$json = $this->get('serializer')->serialize($tag, 'json');
+ return $this->renderJsonResponse($json);
+ }
+
+ /**
+ * Validate that the first id is equal to the second one.
+ * If not, throw exception. It means a user try to access information from an other user
+ *
+ * @param integer $requestUserId User id from the requested source
+ * @param integer $currentUserId User id from the retrieved source
+ */
+ private function validateUserAccess($requestUserId, $currentUserId)
+ {
+ if ($requestUserId != $currentUserId) {
+ throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId);
+ }
+ }
+
+ /**
+ * Send a JSON Response.
+ * We don't use the Symfony JsonRespone, because it takes an array as parameter instead of a JSON string
+ *
+ * @param string $json
+ *
+ * @return Response
+ */
+ private function renderJsonResponse($json)
+ {
return new Response($json, 200, array('application/json'));
}
}