X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FApiBundle%2FController%2FWallabagRestController.php;h=587013f68fbac8999a8f6425e2edcb3e3c2ef7f0;hb=fc73222723c7a0c9b577805d3ef51eb96b124b92;hp=692a4ae0e5de37d449f85d60a5be1a87aed7c31f;hpb=9fb6ac830fa669beef1dd11070421262c073192c;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php index 692a4ae0..587013f6 100644 --- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php +++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php @@ -2,17 +2,16 @@ namespace Wallabag\ApiBundle\Controller; +use FOS\RestBundle\Controller\FOSRestController; use Nelmio\ApiDocBundle\Annotation\ApiDoc; -use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Wallabag\CoreBundle\Entity\Entry; use Wallabag\CoreBundle\Entity\Tag; -use Wallabag\CoreBundle\Service\Extractor; use Hateoas\Configuration\Route; use Hateoas\Representation\Factory\PagerfantaFactory; -class WallabagRestController extends Controller +class WallabagRestController extends FOSRestController { /** * @param Entry $entry @@ -28,7 +27,7 @@ class WallabagRestController extends Controller ->findOneByLabel($label); if (is_null($tagEntity)) { - $tagEntity = new Tag($this->getUser()); + $tagEntity = new Tag(); $tagEntity->setLabel($label); } @@ -39,29 +38,11 @@ class WallabagRestController extends Controller } } - /** - * Retrieve salt for a giver user. - * - * @ApiDoc( - * parameters={ - * {"name"="username", "dataType"="string", "required"=true, "description"="username"} - * } - * ) - * - * @return array - */ - public function getSaltAction($username) + private function validateAuthentication() { - $user = $this - ->getDoctrine() - ->getRepository('WallabagCoreBundle:User') - ->findOneByUsername($username); - - if (is_null($user)) { - throw $this->createNotFoundException(); + if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) { + throw new AccessDeniedException(); } - - return array($user->getSalt() ?: null); } /** @@ -83,23 +64,24 @@ class WallabagRestController extends Controller */ public function getEntriesAction(Request $request) { + $this->validateAuthentication(); + $isArchived = $request->query->get('archive'); - $isStarred = $request->query->get('star'); - $sort = $request->query->get('sort', 'created'); - $order = $request->query->get('order', 'desc'); - $page = (int) $request->query->get('page', 1); - $perPage = (int) $request->query->get('perPage', 30); - $tags = $request->query->get('tags', []); - - $pager = $this - ->getDoctrine() + $isStarred = $request->query->get('star'); + $sort = $request->query->get('sort', 'created'); + $order = $request->query->get('order', 'desc'); + $page = (int) $request->query->get('page', 1); + $perPage = (int) $request->query->get('perPage', 30); + $tags = $request->query->get('tags', []); + + $pager = $this->getDoctrine() ->getRepository('WallabagCoreBundle:Entry') ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order); $pager->setCurrentPage($page); $pager->setMaxPerPage($perPage); - $pagerfantaFactory = new PagerfantaFactory('page', 'perPage'); + $pagerfantaFactory = new PagerfantaFactory('page', 'perPage'); $paginatedCollection = $pagerfantaFactory->createRepresentation( $pager, new Route('api_get_entries', [], $absolute = true) @@ -123,7 +105,8 @@ class WallabagRestController extends Controller */ public function getEntryAction(Entry $entry) { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + $this->validateAuthentication(); + $this->validateUserAccess($entry->getUser()->getId()); $json = $this->get('serializer')->serialize($entry, 'json'); @@ -145,13 +128,14 @@ class WallabagRestController extends Controller */ public function postEntriesAction(Request $request) { + $this->validateAuthentication(); + $url = $request->request->get('url'); - $content = Extractor::extract($url); - $entry = new Entry($this->getUser()); - $entry->setUrl($url); - $entry->setTitle($request->request->get('title') ?: $content->getTitle()); - $entry->setContent($content->getBody()); + $entry = $this->get('wallabag_core.content_proxy')->updateEntry( + new Entry($this->getUser()), + $url + ); $tags = $request->request->get('tags', ''); if (!empty($tags)) { @@ -186,11 +170,12 @@ class WallabagRestController extends Controller */ public function patchEntriesAction(Entry $entry, Request $request) { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + $this->validateAuthentication(); + $this->validateUserAccess($entry->getUser()->getId()); - $title = $request->request->get('title'); + $title = $request->request->get('title'); $isArchived = $request->request->get('is_archived'); - $isStarred = $request->request->get('is_starred'); + $isStarred = $request->request->get('is_starred'); if (!is_null($title)) { $entry->setTitle($title); @@ -230,7 +215,8 @@ class WallabagRestController extends Controller */ public function deleteEntriesAction(Entry $entry) { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + $this->validateAuthentication(); + $this->validateUserAccess($entry->getUser()->getId()); $em = $this->getDoctrine()->getManager(); $em->remove($entry); @@ -252,7 +238,8 @@ class WallabagRestController extends Controller */ public function getEntriesTagsAction(Entry $entry) { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + $this->validateAuthentication(); + $this->validateUserAccess($entry->getUser()->getId()); $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); @@ -273,7 +260,8 @@ class WallabagRestController extends Controller */ public function postEntriesTagsAction(Request $request, Entry $entry) { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + $this->validateAuthentication(); + $this->validateUserAccess($entry->getUser()->getId()); $tags = $request->request->get('tags', ''); if (!empty($tags)) { @@ -301,7 +289,8 @@ class WallabagRestController extends Controller */ public function deleteEntriesTagsAction(Entry $entry, Tag $tag) { - $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + $this->validateAuthentication(); + $this->validateUserAccess($entry->getUser()->getId()); $entry->removeTag($tag); $em = $this->getDoctrine()->getManager(); @@ -320,7 +309,13 @@ class WallabagRestController extends Controller */ public function getTagsAction() { - $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); + $this->validateAuthentication(); + + $tags = $this->getDoctrine() + ->getRepository('WallabagCoreBundle:Tag') + ->findAllTags($this->getUser()->getId()); + + $json = $this->get('serializer')->serialize($tags, 'json'); return $this->renderJsonResponse($json); } @@ -336,7 +331,11 @@ class WallabagRestController extends Controller */ public function deleteTagAction(Tag $tag) { - $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId()); + $this->validateAuthentication(); + + $this->getDoctrine() + ->getRepository('WallabagCoreBundle:Entry') + ->removeTag($this->getUser()->getId(), $tag); $em = $this->getDoctrine()->getManager(); $em->remove($tag); @@ -352,12 +351,12 @@ class WallabagRestController extends Controller * If not, throw exception. It means a user try to access information from an other user. * * @param int $requestUserId User id from the requested source - * @param int $currentUserId User id from the retrieved source */ - private function validateUserAccess($requestUserId, $currentUserId) + private function validateUserAccess($requestUserId) { - if ($requestUserId != $currentUserId) { - throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId); + $user = $this->get('security.token_storage')->getToken()->getUser(); + if ($requestUserId != $user->getId()) { + throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId()); } }