namespace Wallabag\ApiBundle\Controller;
+use FOS\RestBundle\Controller\FOSRestController;
use Nelmio\ApiDocBundle\Annotation\ApiDoc;
-use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Wallabag\CoreBundle\Entity\Entry;
use Wallabag\CoreBundle\Entity\Tag;
-use Wallabag\CoreBundle\Service\Extractor;
use Hateoas\Configuration\Route;
use Hateoas\Representation\Factory\PagerfantaFactory;
-class WallabagRestController extends Controller
+class WallabagRestController extends FOSRestController
{
/**
* @param Entry $entry
}
}
- /**
- * Retrieve salt for a giver user.
- *
- * @ApiDoc(
- * parameters={
- * {"name"="username", "dataType"="string", "required"=true, "description"="username"}
- * }
- * )
- *
- * @return array
- */
- public function getSaltAction($username)
+ private function validateAuthentication()
{
- $user = $this
- ->getDoctrine()
- ->getRepository('WallabagCoreBundle:User')
- ->findOneByUsername($username);
-
- if (is_null($user)) {
- throw $this->createNotFoundException();
+ if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
+ throw new AccessDeniedException();
}
-
- return array($user->getSalt() ?: null);
}
/**
*/
public function getEntriesAction(Request $request)
{
+ $this->validateAuthentication();
+
$isArchived = $request->query->get('archive');
- $isStarred = $request->query->get('star');
- $sort = $request->query->get('sort', 'created');
- $order = $request->query->get('order', 'desc');
- $page = (int) $request->query->get('page', 1);
- $perPage = (int) $request->query->get('perPage', 30);
- $tags = $request->query->get('tags', []);
+ $isStarred = $request->query->get('star');
+ $sort = $request->query->get('sort', 'created');
+ $order = $request->query->get('order', 'desc');
+ $page = (int) $request->query->get('page', 1);
+ $perPage = (int) $request->query->get('perPage', 30);
+ $tags = $request->query->get('tags', []);
$pager = $this
->getDoctrine()
$pager->setCurrentPage($page);
$pager->setMaxPerPage($perPage);
- $pagerfantaFactory = new PagerfantaFactory('page', 'perPage');
+ $pagerfantaFactory = new PagerfantaFactory('page', 'perPage');
$paginatedCollection = $pagerfantaFactory->createRepresentation(
$pager,
new Route('api_get_entries', [], $absolute = true)
*/
public function getEntryAction(Entry $entry)
{
- $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+ $this->validateAuthentication();
+ $this->validateUserAccess($entry->getUser()->getId());
$json = $this->get('serializer')->serialize($entry, 'json');
*/
public function postEntriesAction(Request $request)
{
+ $this->validateAuthentication();
+
$url = $request->request->get('url');
- $content = Extractor::extract($url);
- $entry = new Entry($this->getUser());
- $entry->setUrl($url);
- $entry->setTitle($request->request->get('title') ?: $content->getTitle());
- $entry->setContent($content->getBody());
+ $entry = $this->get('wallabag_core.content_proxy')->updateEntry(
+ new Entry($this->getUser()),
+ $url
+ );
$tags = $request->request->get('tags', '');
if (!empty($tags)) {
*/
public function patchEntriesAction(Entry $entry, Request $request)
{
- $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+ $this->validateAuthentication();
+ $this->validateUserAccess($entry->getUser()->getId());
- $title = $request->request->get('title');
- $isArchived = $request->request->get('archive');
- $isStarred = $request->request->get('star');
+ $title = $request->request->get('title');
+ $isArchived = $request->request->get('is_archived');
+ $isStarred = $request->request->get('is_starred');
if (!is_null($title)) {
$entry->setTitle($title);
*/
public function deleteEntriesAction(Entry $entry)
{
- $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+ $this->validateAuthentication();
+ $this->validateUserAccess($entry->getUser()->getId());
$em = $this->getDoctrine()->getManager();
$em->remove($entry);
*/
public function getEntriesTagsAction(Entry $entry)
{
- $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+ $this->validateAuthentication();
+ $this->validateUserAccess($entry->getUser()->getId());
$json = $this->get('serializer')->serialize($entry->getTags(), 'json');
*/
public function postEntriesTagsAction(Request $request, Entry $entry)
{
- $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+ $this->validateAuthentication();
+ $this->validateUserAccess($entry->getUser()->getId());
$tags = $request->request->get('tags', '');
if (!empty($tags)) {
*/
public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
{
- $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId());
+ $this->validateAuthentication();
+ $this->validateUserAccess($entry->getUser()->getId());
$entry->removeTag($tag);
$em = $this->getDoctrine()->getManager();
*/
public function getTagsAction()
{
+ $this->validateAuthentication();
$json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
return $this->renderJsonResponse($json);
*/
public function deleteTagAction(Tag $tag)
{
- $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId());
+ $this->validateAuthentication();
+ $this->validateUserAccess($tag->getUser()->getId());
$em = $this->getDoctrine()->getManager();
$em->remove($tag);
* If not, throw exception. It means a user try to access information from an other user.
*
* @param int $requestUserId User id from the requested source
- * @param int $currentUserId User id from the retrieved source
*/
- private function validateUserAccess($requestUserId, $currentUserId)
+ private function validateUserAccess($requestUserId)
{
- if ($requestUserId != $currentUserId) {
- throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId);
+ $user = $this->get('security.token_storage')->getToken()->getUser();
+ if ($requestUserId != $user->getId()) {
+ throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
}
}