X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FApiBundle%2FController%2FWallabagRestController.php;h=354a6f8e7a0b750c63ec06b26fb68a4f6506a81f;hb=4aa29971062dd41df89939b8e6c20e3ed2ed7183;hp=284dbb25fd272866563e0caa75b1457d60341037;hpb=fcb1fba5c2fdb12c9f4041bd334aaced6f302d91;p=github%2Fwallabag%2Fwallabag.git

diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
index 284dbb25..354a6f8e 100644
--- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
@@ -27,7 +27,7 @@ class WallabagRestController extends FOSRestController
                 ->findOneByLabel($label);
 
             if (is_null($tagEntity)) {
-                $tagEntity = new Tag($this->getUser());
+                $tagEntity = new Tag();
                 $tagEntity->setLabel($label);
             }
 
@@ -38,6 +38,13 @@ class WallabagRestController extends FOSRestController
         }
     }
 
+    private function validateAuthentication()
+    {
+        if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
+            throw new AccessDeniedException();
+        }
+    }
+
     /**
      * Retrieve all entries. It could be filtered by many options.
      *
@@ -53,10 +60,12 @@ class WallabagRestController extends FOSRestController
      *       }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function getEntriesAction(Request $request)
     {
+        $this->validateAuthentication();
+
         $isArchived = $request->query->get('archive');
         $isStarred = $request->query->get('star');
         $sort = $request->query->get('sort', 'created');
@@ -65,8 +74,7 @@ class WallabagRestController extends FOSRestController
         $perPage = (int) $request->query->get('perPage', 30);
         $tags = $request->query->get('tags', []);
 
-        $pager = $this
-            ->getDoctrine()
+        $pager = $this->getDoctrine()
             ->getRepository('WallabagCoreBundle:Entry')
             ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order);
 
@@ -93,10 +101,11 @@ class WallabagRestController extends FOSRestController
      *      }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function getEntryAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry, 'json');
@@ -115,10 +124,12 @@ class WallabagRestController extends FOSRestController
      *       }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function postEntriesAction(Request $request)
     {
+        $this->validateAuthentication();
+
         $url = $request->request->get('url');
 
         $entry = $this->get('wallabag_core.content_proxy')->updateEntry(
@@ -155,15 +166,16 @@ class WallabagRestController extends FOSRestController
      *      }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function patchEntriesAction(Entry $entry, Request $request)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $title = $request->request->get('title');
-        $isArchived = $request->request->get('is_archived');
-        $isStarred = $request->request->get('is_starred');
+        $isArchived = $request->request->get('archive');
+        $isStarred = $request->request->get('star');
 
         if (!is_null($title)) {
             $entry->setTitle($title);
@@ -199,10 +211,11 @@ class WallabagRestController extends FOSRestController
      *      }
      * )
      *
-     * @return Entry
+     * @return Response
      */
     public function deleteEntriesAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $em = $this->getDoctrine()->getManager();
@@ -222,9 +235,12 @@ class WallabagRestController extends FOSRestController
      *          {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
      *      }
      * )
+     *
+     * @return Response
      */
     public function getEntriesTagsAction(Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
@@ -243,9 +259,12 @@ class WallabagRestController extends FOSRestController
      *          {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."},
      *       }
      * )
+     *
+     * @return Response
      */
     public function postEntriesTagsAction(Request $request, Entry $entry)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $tags = $request->request->get('tags', '');
@@ -271,9 +290,12 @@ class WallabagRestController extends FOSRestController
      *          {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"}
      *      }
      * )
+     *
+     * @return Response
      */
     public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
     {
+        $this->validateAuthentication();
         $this->validateUserAccess($entry->getUser()->getId());
 
         $entry->removeTag($tag);
@@ -290,10 +312,18 @@ class WallabagRestController extends FOSRestController
      * Retrieve all tags.
      *
      * @ApiDoc()
+     *
+     * @return Response
      */
     public function getTagsAction()
     {
-        $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
+        $this->validateAuthentication();
+
+        $tags = $this->getDoctrine()
+            ->getRepository('WallabagCoreBundle:Tag')
+            ->findAllTags($this->getUser()->getId());
+
+        $json = $this->get('serializer')->serialize($tags, 'json');
 
         return $this->renderJsonResponse($json);
     }
@@ -306,14 +336,16 @@ class WallabagRestController extends FOSRestController
      *          {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag"}
      *      }
      * )
+     *
+     * @return Response
      */
     public function deleteTagAction(Tag $tag)
     {
-        $this->validateUserAccess($tag->getUser()->getId());
+        $this->validateAuthentication();
 
-        $em = $this->getDoctrine()->getManager();
-        $em->remove($tag);
-        $em->flush();
+        $this->getDoctrine()
+            ->getRepository('WallabagCoreBundle:Entry')
+            ->removeTag($this->getUser()->getId(), $tag);
 
         $json = $this->get('serializer')->serialize($tag, 'json');
 
@@ -328,7 +360,7 @@ class WallabagRestController extends FOSRestController
      */
     private function validateUserAccess($requestUserId)
     {
-        $user = $this->get('security.context')->getToken()->getUser();
+        $user = $this->get('security.token_storage')->getToken()->getUser();
         if ($requestUserId != $user->getId()) {
             throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
         }