X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FApiBundle%2FController%2FWallabagRestController.php;h=316d45be606b456acfc91d059e09ca9a5d25eb41;hb=f808b01692a835673f328d7221ba8c212caa9b61;hp=2f5923c8bd99b31b4293794de14103562d4b6dd8;hpb=2878416f8b4d94fb5e64c2fa61861526a7654d3d;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php index 2f5923c8..71da2a64 100644 --- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php +++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php @@ -2,349 +2,33 @@ namespace Wallabag\ApiBundle\Controller; +use FOS\RestBundle\Controller\FOSRestController; use Nelmio\ApiDocBundle\Annotation\ApiDoc; -use Symfony\Bundle\FrameworkBundle\Controller\Controller; -use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\HttpFoundation\Response; -use Wallabag\CoreBundle\Entity\Entry; -use Wallabag\CoreBundle\Entity\Tag; -use Wallabag\CoreBundle\Service\Extractor; -use Hateoas\Configuration\Route; -use Hateoas\Representation\Factory\PagerfantaFactory; +use Symfony\Component\HttpFoundation\JsonResponse; +use Symfony\Component\Security\Core\Exception\AccessDeniedException; -class WallabagRestController extends Controller +class WallabagRestController extends FOSRestController { /** - * @param Entry $entry - * @param string $tags - */ - private function assignTagsToEntry(Entry $entry, $tags) - { - foreach (explode(',', $tags) as $label) { - $label = trim($label); - $tagEntity = $this - ->getDoctrine() - ->getRepository('WallabagCoreBundle:Tag') - ->findOneByLabel($label); - - if (is_null($tagEntity)) { - $tagEntity = new Tag($this->getUser()); - $tagEntity->setLabel($label); - } - - // only add the tag on the entry if the relation doesn't exist - if (!$entry->getTags()->contains($tagEntity)) { - $entry->addTag($tagEntity); - } - } - } - - /** - * Retrieve salt for a giver user. - * - * @ApiDoc( - * parameters={ - * {"name"="username", "dataType"="string", "required"=true, "description"="username"} - * } - * ) - * - * @return array - */ - public function getSaltAction($username) - { - $user = $this - ->getDoctrine() - ->getRepository('WallabagCoreBundle:User') - ->findOneByUsername($username); - - if (is_null($user)) { - throw $this->createNotFoundException(); - } - - return array($user->getSalt() ?: null); - } - - /** - * Retrieve all entries. It could be filtered by many options. - * - * @ApiDoc( - * parameters={ - * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by archived status."}, - * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by starred status."}, - * {"name"="sort", "dataType"="string", "required"=false, "format"="'created' or 'updated', default 'created'", "description"="sort entries by date."}, - * {"name"="order", "dataType"="string", "required"=false, "format"="'asc' or 'desc', default 'desc'", "description"="order of sort."}, - * {"name"="page", "dataType"="integer", "required"=false, "format"="default '1'", "description"="what page you want."}, - * {"name"="perPage", "dataType"="integer", "required"=false, "format"="default'30'", "description"="results per page."}, - * {"name"="tags", "dataType"="string", "required"=false, "format"="api%2Crest", "description"="a list of tags url encoded. Will returns entries that matches ALL tags."}, - * } - * ) - * - * @return Entry - */ - public function getEntriesAction(Request $request) - { - $isArchived = $request->query->get('archive'); - $isStarred = $request->query->get('star'); - $sort = $request->query->get('sort', 'created'); - $order = $request->query->get('order', 'desc'); - $page = (int) $request->query->get('page', 1); - $perPage = (int) $request->query->get('perPage', 30); - $tags = $request->query->get('tags', []); - - $pager = $this - ->getDoctrine() - ->getRepository('WallabagCoreBundle:Entry') - ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order); - - $pager->setCurrentPage($page); - $pager->setMaxPerPage($perPage); - - $pagerfantaFactory = new PagerfantaFactory('page', 'perPage'); - $paginatedCollection = $pagerfantaFactory->createRepresentation( - $pager, - new Route('api_get_entries', [], $absolute = true) - ); - - $json = $this->get('serializer')->serialize($paginatedCollection, 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Retrieve a single entry. - * - * @ApiDoc( - * requirements={ - * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} - * } - * ) - * - * @return Entry - */ - public function getEntryAction(Entry $entry) - { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); - - $json = $this->get('serializer')->serialize($entry, 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Create an entry. - * - * @ApiDoc( - * parameters={ - * {"name"="url", "dataType"="string", "required"=true, "format"="http://www.test.com/article.html", "description"="Url for the entry."}, - * {"name"="title", "dataType"="string", "required"=false, "description"="Optional, we'll get the title from the page."}, - * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, - * } - * ) - * - * @return Entry - */ - public function postEntriesAction(Request $request) - { - $url = $request->request->get('url'); - - $content = Extractor::extract($url); - $entry = new Entry($this->getUser()); - $entry->setUrl($url); - $entry->setTitle($request->request->get('title') ?: $content->getTitle()); - $entry->setContent($content->getBody()); - - $tags = $request->request->get('tags', ''); - if (!empty($tags)) { - $this->assignTagsToEntry($entry, $tags); - } - - $em = $this->getDoctrine()->getManager(); - $em->persist($entry); - $em->flush(); - - $json = $this->get('serializer')->serialize($entry, 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Change several properties of an entry. - * - * @ApiDoc( - * requirements={ - * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} - * }, - * parameters={ - * {"name"="title", "dataType"="string", "required"=false}, - * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, - * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false", "description"="archived the entry."}, - * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false", "description"="starred the entry."}, - * } - * ) - * - * @return Entry - */ - public function patchEntriesAction(Entry $entry, Request $request) - { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); - - $title = $request->request->get('title'); - $isArchived = $request->request->get('archive'); - $isStarred = $request->request->get('star'); - - if (!is_null($title)) { - $entry->setTitle($title); - } - - if (!is_null($isArchived)) { - $entry->setArchived($isArchived); - } - - if (!is_null($isStarred)) { - $entry->setStarred($isStarred); - } - - $tags = $request->request->get('tags', ''); - if (!empty($tags)) { - $this->assignTagsToEntry($entry, $tags); - } - - $em = $this->getDoctrine()->getManager(); - $em->flush(); - - $json = $this->get('serializer')->serialize($entry, 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Delete **permanently** an entry. + * Retrieve version number. * - * @ApiDoc( - * requirements={ - * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} - * } - * ) - * - * @return Entry - */ - public function deleteEntriesAction(Entry $entry) - { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); - - $em = $this->getDoctrine()->getManager(); - $em->remove($entry); - $em->flush(); - - $json = $this->get('serializer')->serialize($entry, 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Retrieve all tags for an entry. + * @ApiDoc() * - * @ApiDoc( - * requirements={ - * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} - * } - * ) + * @return JsonResponse */ - public function getEntriesTagsAction(Entry $entry) + public function getVersionAction() { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + $version = $this->container->getParameter('wallabag_core.version'); + $json = $this->get('serializer')->serialize($version, 'json'); - $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); - - return $this->renderJsonResponse($json); + return (new JsonResponse())->setJson($json); } - /** - * Add one or more tags to an entry. - * - * @ApiDoc( - * requirements={ - * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} - * }, - * parameters={ - * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, - * } - * ) - */ - public function postEntriesTagsAction(Request $request, Entry $entry) + protected function validateAuthentication() { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); - - $tags = $request->request->get('tags', ''); - if (!empty($tags)) { - $this->assignTagsToEntry($entry, $tags); + if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) { + throw new AccessDeniedException(); } - - $em = $this->getDoctrine()->getManager(); - $em->persist($entry); - $em->flush(); - - $json = $this->get('serializer')->serialize($entry, 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Permanently remove one tag for an entry. - * - * @ApiDoc( - * requirements={ - * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag ID"}, - * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} - * } - * ) - */ - public function deleteEntriesTagsAction(Entry $entry, Tag $tag) - { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); - - $entry->removeTag($tag); - $em = $this->getDoctrine()->getManager(); - $em->persist($entry); - $em->flush(); - - $json = $this->get('serializer')->serialize($entry, 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Retrieve all tags. - * - * @ApiDoc() - */ - public function getTagsAction() - { - $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); - - return $this->renderJsonResponse($json); - } - - /** - * Permanently remove one tag from **every** entry. - * - * @ApiDoc( - * requirements={ - * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag"} - * } - * ) - */ - public function deleteTagAction(Tag $tag) - { - $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId()); - - $em = $this->getDoctrine()->getManager(); - $em->remove($tag); - $em->flush(); - - $json = $this->get('serializer')->serialize($tag, 'json'); - - return $this->renderJsonResponse($json); } /** @@ -352,25 +36,12 @@ class WallabagRestController extends Controller * If not, throw exception. It means a user try to access information from an other user. * * @param int $requestUserId User id from the requested source - * @param int $currentUserId User id from the retrieved source */ - private function validateUserAccess($requestUserId, $currentUserId) + protected function validateUserAccess($requestUserId) { - if ($requestUserId != $currentUserId) { - throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId); + $user = $this->get('security.token_storage')->getToken()->getUser(); + if ($requestUserId !== $user->getId()) { + throw $this->createAccessDeniedException('Access forbidden. Entry user id: ' . $requestUserId . ', logged user id: ' . $user->getId()); } } - - /** - * Send a JSON Response. - * We don't use the Symfony JsonRespone, because it takes an array as parameter instead of a JSON string. - * - * @param string $json - * - * @return Response - */ - private function renderJsonResponse($json) - { - return new Response($json, 200, array('application/json')); - } }