Remove user reference in tag

[github/wallabag/wallabag.git] / src / Wallabag / ApiBundle / Controller / WallabagRestController.php

diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
index 284dbb25fd272866563e0caa75b1457d60341037..587013f68fbac8999a8f6425e2edcb3e3c2ef7f0 100644 (file)
--- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
@@ -27,7 +27,7 @@ class WallabagRestController extends FOSRestController
                 ->findOneByLabel($label);
 
             if (is_null($tagEntity)) {
-                $tagEntity = new Tag($this->getUser());
+                $tagEntity = new Tag();
                 $tagEntity->setLabel($label);
             }
 
@@ -38,6 +38,13 @@ class WallabagRestController extends FOSRestController
         }
     }
 
+    private function validateAuthentication()
+    {
+        if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
+            throw new AccessDeniedException();
+        }
+    }
+
     /**
      * Retrieve all entries. It could be filtered by many options.
      *
@@ -57,6 +64,8 @@ class WallabagRestController extends FOSRestController
      */
     public function getEntriesAction(Request $request)
     {
+        $this->validateAuthentication();
+
         $isArchived = $request->query->get('archive');
         $isStarred = $request->query->get('star');
         $sort = $request->query->get('sort', 'created');
@@ -65,8 +74,7 @@ class WallabagRestController extends FOSRestController
         $perPage = (int) $request->query->get('perPage', 30);
         $tags = $request->query->get('tags', []);
 
-        $pager = $this
-            ->getDoctrine()
+        $pager = $this->getDoctrine()
             ->getRepository('WallabagCoreBundle:Entry')
             ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order);
 
@@ -97,6 +105,7 @@ class WallabagRestController extends FOSRestController
      */
     public function getEntryAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry, 'json');
@@ -119,6 +128,8 @@ class WallabagRestController extends FOSRestController
      */
     public function postEntriesAction(Request $request)
     {
+        $this->validateAuthentication();
+
         $url = $request->request->get('url');
 
         $entry = $this->get('wallabag_core.content_proxy')->updateEntry(
@@ -159,6 +170,7 @@ class WallabagRestController extends FOSRestController
      */
     public function patchEntriesAction(Entry $entry, Request $request)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $title = $request->request->get('title');
@@ -203,6 +215,7 @@ class WallabagRestController extends FOSRestController
      */
     public function deleteEntriesAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $em = $this->getDoctrine()->getManager();
@@ -225,6 +238,7 @@ class WallabagRestController extends FOSRestController
      */
     public function getEntriesTagsAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
@@ -246,6 +260,7 @@ class WallabagRestController extends FOSRestController
      */
     public function postEntriesTagsAction(Request $request, Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $tags = $request->request->get('tags', '');
@@ -274,6 +289,7 @@ class WallabagRestController extends FOSRestController
      */
     public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $entry->removeTag($tag);
@@ -293,7 +309,13 @@ class WallabagRestController extends FOSRestController
      */
     public function getTagsAction()
     {
-        $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
+        $this->validateAuthentication();
+
+        $tags = $this->getDoctrine()
+            ->getRepository('WallabagCoreBundle:Tag')
+            ->findAllTags($this->getUser()->getId());
+
+        $json = $this->get('serializer')->serialize($tags, 'json');
 
         return $this->renderJsonResponse($json);
     }
@@ -309,7 +331,11 @@ class WallabagRestController extends FOSRestController
      */
     public function deleteTagAction(Tag $tag)
     {
-        $this->validateUserAccess($tag->getUser()->getId());
+        $this->validateAuthentication();
+
+        $this->getDoctrine()
+            ->getRepository('WallabagCoreBundle:Entry')
+            ->removeTag($this->getUser()->getId(), $tag);
 
         $em = $this->getDoctrine()->getManager();
         $em->remove($tag);
@@ -328,7 +354,7 @@ class WallabagRestController extends FOSRestController
      */
     private function validateUserAccess($requestUserId)
     {
-        $user = $this->get('security.context')->getToken()->getUser();
+        $user = $this->get('security.token_storage')->getToken()->getUser();
         if ($requestUserId != $user->getId()) {
             throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
         }