X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FApiBundle%2FController%2FDeveloperController.php;h=3224d7893c1d26dfdbee88a0b25794e5026aa2ef;hb=48b0163d247554d7e2f1ec63b717c8216ea9ec59;hp=5a36a2605595f6e2503a06ab8e493ae0967df544;hpb=99731f0bb1f6fd2815eeb9af504ce86df927657b;p=github%2Fwallabag%2Fwallabag.git

diff --git a/src/Wallabag/ApiBundle/Controller/DeveloperController.php b/src/Wallabag/ApiBundle/Controller/DeveloperController.php
index 5a36a260..3224d789 100644
--- a/src/Wallabag/ApiBundle/Controller/DeveloperController.php
+++ b/src/Wallabag/ApiBundle/Controller/DeveloperController.php
@@ -2,9 +2,9 @@
 
 namespace Wallabag\ApiBundle\Controller;
 
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
-use Symfony\Component\HttpFoundation\Request;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Annotation\Route;
 use Wallabag\ApiBundle\Entity\Client;
 use Wallabag\ApiBundle\Form\Type\ClientType;
 
@@ -19,7 +19,7 @@ class DeveloperController extends Controller
      */
     public function indexAction()
     {
-        $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findAll();
+        $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findByUser($this->getUser()->getId());
 
         return $this->render('@WallabagCore/themes/common/Developer/index.html.twig', [
             'clients' => $clients,
@@ -29,8 +29,6 @@ class DeveloperController extends Controller
     /**
      * Create a client (an app).
      *
-     * @param Request $request
-     *
      * @Route("/developer/client/create", name="developer_create_client")
      *
      * @return \Symfony\Component\HttpFoundation\Response
@@ -38,11 +36,11 @@ class DeveloperController extends Controller
     public function createClientAction(Request $request)
     {
         $em = $this->getDoctrine()->getManager();
-        $client = new Client();
+        $client = new Client($this->getUser());
         $clientForm = $this->createForm(ClientType::class, $client);
         $clientForm->handleRequest($request);
 
-        if ($clientForm->isValid()) {
+        if ($clientForm->isSubmitted() && $clientForm->isValid()) {
             $client->setAllowedGrantTypes(['token', 'authorization_code', 'password', 'refresh_token']);
             $em->persist($client);
             $em->flush();
@@ -67,14 +65,16 @@ class DeveloperController extends Controller
     /**
      * Remove a client.
      *
-     * @param Client $client
-     *
      * @Route("/developer/client/delete/{id}", requirements={"id" = "\d+"}, name="developer_delete_client")
      *
      * @return \Symfony\Component\HttpFoundation\RedirectResponse
      */
     public function deleteClientAction(Client $client)
     {
+        if (null === $this->getUser() || $client->getUser()->getId() !== $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException('You can not access this client.');
+        }
+
         $em = $this->getDoctrine()->getManager();
         $em->remove($client);
         $em->flush();