X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FController%2FEntryController.php;h=81ab77887af8596150b98e07ea424374afabf894;hb=7781faa0b0749b0d9842fddec3e337db04d44a10;hp=e0697ca3ef3852af631eef32eb91813b8b7acdab;hpb=89c03230c3d51e618608b044b0e3f45cf0c06a11;p=github%2Fwallabag%2Fwallabag.git

diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php
index e0697ca3..81ab7788 100644
--- a/src/Wallabag/CoreBundle/Controller/EntryController.php
+++ b/src/Wallabag/CoreBundle/Controller/EntryController.php
@@ -6,25 +6,23 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Request;
 use Wallabag\CoreBundle\Entity\Entry;
-use Wallabag\CoreBundle\Repository;
 use Wallabag\CoreBundle\Service\Extractor;
-use Wallabag\CoreBundle\Helper\Url;
+use Wallabag\CoreBundle\Form\Type\EntryType;
 
 class EntryController extends Controller
 {
     /**
-     * @param  Request                                    $request
+     * @param Request $request
+     *
      * @Route("/new", name="new_entry")
+     *
      * @return \Symfony\Component\HttpFoundation\Response
      */
     public function addEntryAction(Request $request)
     {
         $entry = new Entry($this->getUser());
 
-        $form = $this->createFormBuilder($entry)
-            ->add('url', 'url')
-            ->add('save', 'submit')
-            ->getForm();
+        $form = $this->createForm(new EntryType(), $entry);
 
         $form->handleRequest($request);
 
@@ -55,6 +53,7 @@ class EntryController extends Controller
      * Shows unread entries for current user
      *
      * @Route("/unread", name="unread")
+     *
      * @return \Symfony\Component\HttpFoundation\Response
      */
     public function showUnreadAction()
@@ -74,6 +73,7 @@ class EntryController extends Controller
      * Shows read entries for current user
      *
      * @Route("/archive", name="archive")
+     *
      * @return \Symfony\Component\HttpFoundation\Response
      */
     public function showArchiveAction()
@@ -93,6 +93,7 @@ class EntryController extends Controller
      * Shows starred entries for current user
      *
      * @Route("/starred", name="starred")
+     *
      * @return \Symfony\Component\HttpFoundation\Response
      */
     public function showStarredAction()
@@ -111,12 +112,16 @@ class EntryController extends Controller
     /**
      * Shows entry content
      *
-     * @param  Entry                                      $entry
+     * @param Entry $entry
+     *
      * @Route("/view/{id}", requirements={"id" = "\d+"}, name="view")
+     *
      * @return \Symfony\Component\HttpFoundation\Response
      */
     public function viewAction(Entry $entry)
     {
+        $this->checkUserAction($entry);
+
         return $this->render(
             'WallabagCoreBundle:Entry:entry.html.twig',
             array('entry' => $entry)
@@ -126,13 +131,17 @@ class EntryController extends Controller
     /**
      * Changes read status for an entry
      *
-     * @param  Request                                            $request
-     * @param  Entry                                              $entry
+     * @param Request $request
+     * @param Entry   $entry
+     *
      * @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry")
+     *
      * @return \Symfony\Component\HttpFoundation\RedirectResponse
      */
     public function toggleArchiveAction(Request $request, Entry $entry)
     {
+        $this->checkUserAction($entry);
+
         $entry->toggleArchive();
         $this->getDoctrine()->getManager()->flush();
 
@@ -147,13 +156,17 @@ class EntryController extends Controller
     /**
      * Changes favorite status for an entry
      *
-     * @param  Request                                            $request
-     * @param  Entry                                              $entry
+     * @param Request $request
+     * @param Entry   $entry
+     *
      * @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry")
+     *
      * @return \Symfony\Component\HttpFoundation\RedirectResponse
      */
     public function toggleStarAction(Request $request, Entry $entry)
     {
+        $this->checkUserAction($entry);
+
         $entry->toggleStar();
         $this->getDoctrine()->getManager()->flush();
 
@@ -168,17 +181,19 @@ class EntryController extends Controller
     /**
      * Deletes entry
      *
-     * @param  Request                                            $request
-     * @param  Entry                                              $entry
+     * @param Request $request
+     * @param Entry   $entry
+     *
      * @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry")
+     *
      * @return \Symfony\Component\HttpFoundation\RedirectResponse
      */
     public function deleteEntryAction(Request $request, Entry $entry)
     {
-        $em = $this->getDoctrine()->getManager();
+        $this->checkUserAction($entry);
+
         $entry->setDeleted(1);
-        $em->persist($entry);
-        $em->flush();
+        $this->getDoctrine()->getManager()->flush();
 
         $this->get('session')->getFlashBag()->add(
             'notice',
@@ -187,4 +202,16 @@ class EntryController extends Controller
 
         return $this->redirect($request->headers->get('referer'));
     }
+
+    /**
+     * Check if the logged user can manage the given entry
+     *
+     * @param Entry $entry
+     */
+    private function checkUserAction(Entry $entry)
+    {
+        if ($this->getUser()->getId() != $entry->getUser()->getId()) {
+            throw $this->createAccessDeniedException('You can not use this entry.');
+        }
+    }
 }