X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FController%2FSiteCredentialController.php;h=fa2066dccafe8e6de988b64ec5f066962547bf7d;hb=f808b01692a835673f328d7221ba8c212caa9b61;hp=e7e438002f27730f05739e1790bc91d2d567dedf;hpb=f92fcb53ca78cc8822962e676b0db117e1a08aa5;p=github%2Fwallabag%2Fwallabag.git

diff --git a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
index e7e43800..fa2066dc 100644
--- a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
+++ b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
@@ -2,40 +2,44 @@
 
 namespace Wallabag\CoreBundle\Controller;
 
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
-use Wallabag\UserBundle\Entity\User;
+use Symfony\Bundle\FrameworkBundle\Controller\Controller;
+use Symfony\Component\HttpFoundation\Request;
 use Wallabag\CoreBundle\Entity\SiteCredential;
+use Wallabag\UserBundle\Entity\User;
 
 /**
  * SiteCredential controller.
+ *
+ * @Route("/site-credentials")
  */
 class SiteCredentialController extends Controller
 {
     /**
      * Lists all User entities.
      *
-     * @Route("/site-credential", name="site_credential_index")
+     * @Route("/", name="site_credentials_index")
      * @Method("GET")
      */
     public function indexAction()
     {
-        $em = $this->getDoctrine()->getManager();
-
-        $credentials = $em->getRepository('WallabagCoreBundle:SiteCredential')->findAll();
+        $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser());
 
-        return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', array(
+        return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [
             'credentials' => $credentials,
-        ));
+        ]);
     }
 
     /**
      * Creates a new site credential entity.
      *
-     * @Route("/site-credential/new", name="site_credential_new")
+     * @Route("/new", name="site_credentials_new")
      * @Method({"GET", "POST"})
+     *
+     * @param Request $request
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
      */
     public function newAction(Request $request)
     {
@@ -45,37 +49,50 @@ class SiteCredentialController extends Controller
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
+            $credential->setUsername($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getUsername()));
+            $credential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getPassword()));
+
             $em = $this->getDoctrine()->getManager();
             $em->persist($credential);
-            $em->flush($credential);
+            $em->flush();
 
             $this->get('session')->getFlashBag()->add(
                 'notice',
                 $this->get('translator')->trans('flashes.site_credential.notice.added', ['%host%' => $credential->getHost()])
             );
 
-            return $this->redirectToRoute('site_credential_edit', array('id' => $credential->getId()));
+            return $this->redirectToRoute('site_credentials_index');
         }
 
-        return $this->render('WallabagCoreBundle:SiteCredential:new.html.twig', array(
+        return $this->render('WallabagCoreBundle:SiteCredential:new.html.twig', [
             'credential' => $credential,
             'form' => $form->createView(),
-        ));
+        ]);
     }
 
     /**
      * Displays a form to edit an existing site credential entity.
      *
-     * @Route("/site-credential/{id}/edit", name="site_credential_edit")
+     * @Route("/{id}/edit", name="site_credentials_edit")
      * @Method({"GET", "POST"})
+     *
+     * @param Request        $request
+     * @param SiteCredential $siteCredential
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
      */
     public function editAction(Request $request, SiteCredential $siteCredential)
     {
+        $this->checkUserAction($siteCredential);
+
         $deleteForm = $this->createDeleteForm($siteCredential);
         $editForm = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $siteCredential);
         $editForm->handleRequest($request);
 
         if ($editForm->isSubmitted() && $editForm->isValid()) {
+            $siteCredential->setUsername($this->get('wallabag_core.helper.crypto_proxy')->crypt($siteCredential->getUsername()));
+            $siteCredential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($siteCredential->getPassword()));
+
             $em = $this->getDoctrine()->getManager();
             $em->persist($siteCredential);
             $em->flush();
@@ -85,24 +102,31 @@ class SiteCredentialController extends Controller
                 $this->get('translator')->trans('flashes.site_credential.notice.updated', ['%host%' => $siteCredential->getHost()])
             );
 
-            return $this->redirectToRoute('site_credential_edit', array('id' => $siteCredential->getId()));
+            return $this->redirectToRoute('site_credentials_index');
         }
 
-        return $this->render('WallabagCoreBundle:SiteCredential:edit.html.twig', array(
+        return $this->render('WallabagCoreBundle:SiteCredential:edit.html.twig', [
             'credential' => $siteCredential,
             'edit_form' => $editForm->createView(),
             'delete_form' => $deleteForm->createView(),
-        ));
+        ]);
     }
 
     /**
      * Deletes a site credential entity.
      *
-     * @Route("/site-credential/{id}", name="site_credential_delete")
+     * @Route("/{id}", name="site_credentials_delete")
      * @Method("DELETE")
+     *
+     * @param Request        $request
+     * @param SiteCredential $siteCredential
+     *
+     * @return \Symfony\Component\HttpFoundation\RedirectResponse
      */
     public function deleteAction(Request $request, SiteCredential $siteCredential)
     {
+        $this->checkUserAction($siteCredential);
+
         $form = $this->createDeleteForm($siteCredential);
         $form->handleRequest($request);
 
@@ -117,7 +141,7 @@ class SiteCredentialController extends Controller
             $em->flush();
         }
 
-        return $this->redirectToRoute('site_credential_index');
+        return $this->redirectToRoute('site_credentials_index');
     }
 
     /**
@@ -130,9 +154,21 @@ class SiteCredentialController extends Controller
     private function createDeleteForm(SiteCredential $siteCredential)
     {
         return $this->createFormBuilder()
-            ->setAction($this->generateUrl('site_credential_delete', array('id' => $siteCredential->getId())))
+            ->setAction($this->generateUrl('site_credentials_delete', ['id' => $siteCredential->getId()]))
             ->setMethod('DELETE')
             ->getForm()
         ;
     }
+
+    /**
+     * Check if the logged user can manage the given site credential.
+     *
+     * @param SiteCredential $siteCredential The site credential entity
+     */
+    private function checkUserAction(SiteCredential $siteCredential)
+    {
+        if (null === $this->getUser() || $this->getUser()->getId() !== $siteCredential->getUser()->getId()) {
+            throw $this->createAccessDeniedException('You can not access this site credential.');
+        }
+    }
 }