]> git.immae.eu Git - github/wallabag/wallabag.git/blobdiff - src/Wallabag/ApiBundle/Controller/WallabagRestController.php
projects / github / wallabag / wallabag.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #1583 from wallabag/v2-fix-delete
[github/wallabag/wallabag.git] / src / Wallabag / ApiBundle / Controller / WallabagRestController.php
diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
index 284dbb25fd272866563e0caa75b1457d60341037..d9035cac716440bc2d08111db6053a51c45e1070 100644 (file)
--- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
@@ -3,13 +3,14 @@
 namespace Wallabag\ApiBundle\Controller;
 
 use FOS\RestBundle\Controller\FOSRestController;
+use Hateoas\Configuration\Route;
+use Hateoas\Representation\Factory\PagerfantaFactory;
 use Nelmio\ApiDocBundle\Annotation\ApiDoc;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Wallabag\CoreBundle\Entity\Entry;
 use Wallabag\CoreBundle\Entity\Tag;
-use Hateoas\Configuration\Route;
-use Hateoas\Representation\Factory\PagerfantaFactory;
 
 class WallabagRestController extends FOSRestController
 {
@@ -27,7 +28,7 @@ class WallabagRestController extends FOSRestController
                 ->findOneByLabel($label);
 
             if (is_null($tagEntity)) {
-                $tagEntity = new Tag($this->getUser());
+                $tagEntity = new Tag();
                 $tagEntity->setLabel($label);
             }
 
@@ -38,6 +39,13 @@ class WallabagRestController extends FOSRestController
         }
     }
 
+    private function validateAuthentication()
+    {
+        if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
+            throw new AccessDeniedException();
+        }
+    }
+
     /**
      * Retrieve all entries. It could be filtered by many options.
      *
@@ -53,10 +61,12 @@ class WallabagRestController extends FOSRestController
      *       }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function getEntriesAction(Request $request)
     {
+        $this->validateAuthentication();
+
         $isArchived = $request->query->get('archive');
         $isStarred = $request->query->get('star');
         $sort = $request->query->get('sort', 'created');
@@ -65,8 +75,7 @@ class WallabagRestController extends FOSRestController
         $perPage = (int) $request->query->get('perPage', 30);
         $tags = $request->query->get('tags', []);
 
-        $pager = $this
-            ->getDoctrine()
+        $pager = $this->getDoctrine()
             ->getRepository('WallabagCoreBundle:Entry')
             ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order);
 
@@ -76,7 +85,7 @@ class WallabagRestController extends FOSRestController
         $pagerfantaFactory = new PagerfantaFactory('page', 'perPage');
         $paginatedCollection = $pagerfantaFactory->createRepresentation(
             $pager,
-            new Route('api_get_entries', [], $absolute = true)
+            new Route('api_get_entries', [], UrlGeneratorInterface::ABSOLUTE_URL)
         );
 
         $json = $this->get('serializer')->serialize($paginatedCollection, 'json');
@@ -93,10 +102,11 @@ class WallabagRestController extends FOSRestController
      *      }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function getEntryAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry, 'json');
@@ -115,10 +125,12 @@ class WallabagRestController extends FOSRestController
      *       }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function postEntriesAction(Request $request)
     {
+        $this->validateAuthentication();
+
         $url = $request->request->get('url');
 
         $entry = $this->get('wallabag_core.content_proxy')->updateEntry(
@@ -155,15 +167,16 @@ class WallabagRestController extends FOSRestController
      *      }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function patchEntriesAction(Entry $entry, Request $request)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $title = $request->request->get('title');
-        $isArchived = $request->request->get('is_archived');
-        $isStarred = $request->request->get('is_starred');
+        $isArchived = $request->request->get('archive');
+        $isStarred = $request->request->get('star');
 
         if (!is_null($title)) {
             $entry->setTitle($title);
@@ -199,10 +212,11 @@ class WallabagRestController extends FOSRestController
      *      }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function deleteEntriesAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $em = $this->getDoctrine()->getManager();
@@ -222,9 +236,12 @@ class WallabagRestController extends FOSRestController
      *          {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
      *      }
      * )
+     *
+     * @return Response
      */
     public function getEntriesTagsAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
@@ -243,9 +260,12 @@ class WallabagRestController extends FOSRestController
      *          {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."},
      *       }
      * )
+     *
+     * @return Response
      */
     public function postEntriesTagsAction(Request $request, Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $tags = $request->request->get('tags', '');
@@ -271,9 +291,12 @@ class WallabagRestController extends FOSRestController
      *          {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
      *      }
      * )
+     *
+     * @return Response
      */
     public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $entry->removeTag($tag);
@@ -290,10 +313,18 @@ class WallabagRestController extends FOSRestController
      * Retrieve all tags.
      *
      * @ApiDoc()
+     *
+     * @return Response
      */
     public function getTagsAction()
     {
-        $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
+        $this->validateAuthentication();
+
+        $tags = $this->getDoctrine()
+            ->getRepository('WallabagCoreBundle:Tag')
+            ->findAllTags($this->getUser()->getId());
+
+        $json = $this->get('serializer')->serialize($tags, 'json');
 
         return $this->renderJsonResponse($json);
     }
@@ -306,14 +337,16 @@ class WallabagRestController extends FOSRestController
      *          {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag"}
      *      }
      * )
+     *
+     * @return Response
      */
     public function deleteTagAction(Tag $tag)
     {
-        $this->validateUserAccess($tag->getUser()->getId());
+        $this->validateAuthentication();
 
-        $em = $this->getDoctrine()->getManager();
-        $em->remove($tag);
-        $em->flush();
+        $this->getDoctrine()
+            ->getRepository('WallabagCoreBundle:Entry')
+            ->removeTag($this->getUser()->getId(), $tag);
 
         $json = $this->get('serializer')->serialize($tag, 'json');
 
@@ -328,7 +361,7 @@ class WallabagRestController extends FOSRestController
      */
     private function validateUserAccess($requestUserId)
     {
-        $user = $this->get('security.context')->getToken()->getUser();
+        $user = $this->get('security.token_storage')->getToken()->getUser();
         if ($requestUserId != $user->getId()) {
             throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
         }
A self hostable application for saving web pages: Save and classify articles. Read them later. Freely.