->findOneByLabel($label);
if (is_null($tagEntity)) {
- $tagEntity = new Tag($this->getUser());
+ $tagEntity = new Tag();
$tagEntity->setLabel($label);
}
}
}
+ private function validateAuthentication()
+ {
+ if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
+ throw new AccessDeniedException();
+ }
+ }
+
/**
* Retrieve all entries. It could be filtered by many options.
*
*/
public function getEntriesAction(Request $request)
{
+ $this->validateAuthentication();
+
$isArchived = $request->query->get('archive');
$isStarred = $request->query->get('star');
$sort = $request->query->get('sort', 'created');
$perPage = (int) $request->query->get('perPage', 30);
$tags = $request->query->get('tags', []);
- $pager = $this
- ->getDoctrine()
+ $pager = $this->getDoctrine()
->getRepository('WallabagCoreBundle:Entry')
->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order);
*/
public function getEntryAction(Entry $entry)
{
+ $this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId());
$json = $this->get('serializer')->serialize($entry, 'json');
*/
public function postEntriesAction(Request $request)
{
+ $this->validateAuthentication();
+
$url = $request->request->get('url');
$entry = $this->get('wallabag_core.content_proxy')->updateEntry(
*/
public function patchEntriesAction(Entry $entry, Request $request)
{
+ $this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId());
$title = $request->request->get('title');
*/
public function deleteEntriesAction(Entry $entry)
{
+ $this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId());
$em = $this->getDoctrine()->getManager();
*/
public function getEntriesTagsAction(Entry $entry)
{
+ $this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId());
$json = $this->get('serializer')->serialize($entry->getTags(), 'json');
*/
public function postEntriesTagsAction(Request $request, Entry $entry)
{
+ $this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId());
$tags = $request->request->get('tags', '');
*/
public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
{
+ $this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId());
$entry->removeTag($tag);
*/
public function getTagsAction()
{
- $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
+ $this->validateAuthentication();
+
+ $tags = $this->getDoctrine()
+ ->getRepository('WallabagCoreBundle:Tag')
+ ->findAllTags($this->getUser()->getId());
+
+ $json = $this->get('serializer')->serialize($tags, 'json');
return $this->renderJsonResponse($json);
}
*/
public function deleteTagAction(Tag $tag)
{
- $this->validateUserAccess($tag->getUser()->getId());
+ $this->validateAuthentication();
+
+ $this->getDoctrine()
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->removeTag($this->getUser()->getId(), $tag);
$em = $this->getDoctrine()->getManager();
$em->remove($tag);
*/
private function validateUserAccess($requestUserId)
{
- $user = $this->get('security.context')->getToken()->getUser();
+ $user = $this->get('security.token_storage')->getToken()->getUser();
if ($requestUserId != $user->getId()) {
throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
}