X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FController%2FEntryController.php;h=89677befb6c347a003429513392254ee2fe1e00c;hb=4d85d7e9ba676bd5ac3428976ce9227f460eb542;hp=6326d31fc5b2f4d2073cf71430e320b1b5e55716;hpb=29c4517f7a8ed08239e5bee3d6c3fa823a83d102;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php index 6326d31f..89677bef 100644 --- a/src/Wallabag/CoreBundle/Controller/EntryController.php +++ b/src/Wallabag/CoreBundle/Controller/EntryController.php @@ -6,21 +6,21 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Component\HttpFoundation\Request; use Wallabag\CoreBundle\Entity\Entry; -use Wallabag\CoreBundle\Repository; use Wallabag\CoreBundle\Service\Extractor; use Wallabag\CoreBundle\Helper\Url; class EntryController extends Controller { /** - * @param Request $request + * @param Request $request + * * @Route("/new", name="new_entry") + * * @return \Symfony\Component\HttpFoundation\Response */ public function addEntryAction(Request $request) { - $entry = new Entry(); - $entry->setUserId(1); + $entry = new Entry($this->getUser()); $form = $this->createFormBuilder($entry) ->add('url', 'url') @@ -56,14 +56,15 @@ class EntryController extends Controller * Shows unread entries for current user * * @Route("/unread", name="unread") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showUnreadAction() { - $repository = $this->getDoctrine()->getRepository('WallabagCoreBundle:Entry'); - // TODO don't give the user ID like this // TODO change pagination - $entries = $repository->findUnreadByUser(1, 0); + $entries = $this->getDoctrine() + ->getRepository('WallabagCoreBundle:Entry') + ->findUnreadByUser($this->getUser()->getId(), 0); return $this->render( 'WallabagCoreBundle:Entry:entries.html.twig', @@ -75,14 +76,15 @@ class EntryController extends Controller * Shows read entries for current user * * @Route("/archive", name="archive") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showArchiveAction() { - $repository = $this->getDoctrine()->getRepository('WallabagCoreBundle:Entry'); - // TODO don't give the user ID like this // TODO change pagination - $entries = $repository->findArchiveByUser(1, 0); + $entries = $this->getDoctrine() + ->getRepository('WallabagCoreBundle:Entry') + ->findArchiveByUser($this->getUser()->getId(), 0); return $this->render( 'WallabagCoreBundle:Entry:entries.html.twig', @@ -94,14 +96,15 @@ class EntryController extends Controller * Shows starred entries for current user * * @Route("/starred", name="starred") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showStarredAction() { - $repository = $this->getDoctrine()->getRepository('WallabagCoreBundle:Entry'); - // TODO don't give the user ID like this // TODO change pagination - $entries = $repository->findStarredByUser(1, 0); + $entries = $this->getDoctrine() + ->getRepository('WallabagCoreBundle:Entry') + ->findStarredByUser($this->getUser()->getId(), 0); return $this->render( 'WallabagCoreBundle:Entry:entries.html.twig', @@ -112,12 +115,16 @@ class EntryController extends Controller /** * Shows entry content * - * @param Entry $entry + * @param Entry $entry + * * @Route("/view/{id}", requirements={"id" = "\d+"}, name="view") + * * @return \Symfony\Component\HttpFoundation\Response */ public function viewAction(Entry $entry) { + $this->checkUserAction($entry); + return $this->render( 'WallabagCoreBundle:Entry:entry.html.twig', array('entry' => $entry) @@ -127,13 +134,17 @@ class EntryController extends Controller /** * Changes read status for an entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function toggleArchiveAction(Request $request, Entry $entry) { + $this->checkUserAction($entry); + $entry->toggleArchive(); $this->getDoctrine()->getManager()->flush(); @@ -148,13 +159,17 @@ class EntryController extends Controller /** * Changes favorite status for an entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function toggleStarAction(Request $request, Entry $entry) { + $this->checkUserAction($entry); + $entry->toggleStar(); $this->getDoctrine()->getManager()->flush(); @@ -169,17 +184,19 @@ class EntryController extends Controller /** * Deletes entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function deleteEntryAction(Request $request, Entry $entry) { - $em = $this->getDoctrine()->getManager(); + $this->checkUserAction($entry); + $entry->setDeleted(1); - $em->persist($entry); - $em->flush(); + $this->getDoctrine()->getManager()->flush(); $this->get('session')->getFlashBag()->add( 'notice', @@ -188,4 +205,16 @@ class EntryController extends Controller return $this->redirect($request->headers->get('referer')); } + + /** + * Check if the logged user can manage the given entry + * + * @param Entry $entry + */ + private function checkUserAction(Entry $entry) + { + if ($this->getUser()->getId() != $entry->getUser()->getId()) { + throw $this->createAccessDeniedException('You can not use this entry.'); + } + } }