--- /dev/null
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+use Symfony\Component\DependencyInjection\ContainerAwareInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+class Version20161024212538 extends AbstractMigration implements ContainerAwareInterface
+{
+ /**
+ * @var ContainerInterface
+ */
+ private $container;
+
+ public function setContainer(ContainerInterface $container = null)
+ {
+ $this->container = $container;
+ }
+
+ private function getTable($tableName)
+ {
+ return $this->container->getParameter('database_table_prefix') . $tableName;
+ }
+
+ /**
+ * @param Schema $schema
+ */
+ public function up(Schema $schema)
+ {
+ $this->skipIf($this->connection->getDatabasePlatform()->getName() == 'sqlite', 'Migration can only be executed safely on \'mysql\' or \'postgresql\'.');
+
+ $this->addSql('ALTER TABLE '.$this->getTable('oauth2_clients').' ADD user_id INT(11) DEFAULT NULL');
+ $this->addSql('ALTER TABLE '.$this->getTable('oauth2_clients').' ADD CONSTRAINT FK_clients_user_clients FOREIGN KEY (user_id) REFERENCES '.$this->getTable('user').' (id) ON DELETE CASCADE');
+ }
+
+ /**
+ * @param Schema $schema
+ */
+ public function down(Schema $schema)
+ {
+
+ }
+}
*/
public function indexAction()
{
- $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findAll();
+ $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findByUser($this->getUser()->getId());
return $this->render('@WallabagCore/themes/common/Developer/index.html.twig', [
'clients' => $clients,
public function createClientAction(Request $request)
{
$em = $this->getDoctrine()->getManager();
- $client = new Client();
+ $client = new Client($this->getUser());
$clientForm = $this->createForm(ClientType::class, $client);
$clientForm->handleRequest($request);
*/
public function deleteClientAction(Client $client)
{
+ if (null === $this->getUser() || $client->getUser()->getId() != $this->getUser()->getId()) {
+ throw $this->createAccessDeniedException('You can not access this client.');
+ }
+
$em = $this->getDoctrine()->getManager();
$em->remove($client);
$em->flush();
use Doctrine\ORM\Mapping as ORM;
use FOS\OAuthServerBundle\Entity\Client as BaseClient;
+use Wallabag\UserBundle\Entity\User;
/**
* @ORM\Table("oauth2_clients")
*/
protected $accessTokens;
- public function __construct()
+ /**
+ * @ORM\ManyToOne(targetEntity="Wallabag\UserBundle\Entity\User", inversedBy="clients")
+ */
+ private $user;
+
+ public function __construct(User $user)
{
parent::__construct();
+ $this->user = $user;
}
/**
return $this;
}
+
+ /**
+ * @return User
+ */
+ public function getUser()
+ {
+ return $this->user;
+ }
}
use JMS\Serializer\Annotation\Expose;
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
use Symfony\Component\Security\Core\User\UserInterface;
+use Wallabag\ApiBundle\Entity\Client;
use Wallabag\CoreBundle\Entity\Config;
use Wallabag\CoreBundle\Entity\Entry;
*/
private $trusted;
+ /**
+ * @ORM\OneToMany(targetEntity="Wallabag\ApiBundle\Entity\Client", mappedBy="user", cascade={"remove"})
+ */
+ protected $clients;
+
public function __construct()
{
parent::__construct();
return false;
}
+
+ /**
+ * @param Client $client
+ *
+ * @return User
+ */
+ public function addClient(Client $client)
+ {
+ $this->clients[] = $client;
+
+ return $this;
+ }
+
+ /**
+ * @return ArrayCollection<Entry>
+ */
+ public function getClients()
+ {
+ return $this->clients;
+ }
}
/**
* This data provider allow to tests annotation from the :
* - API POV (when user use the api to manage annotations)
- * - and User POV (when user use the web interface - using javascript - to manage annotations)
+ * - and User POV (when user use the web interface - using javascript - to manage annotations).
*/
public function dataForEachAnnotations()
{
public function testRemoveClient()
{
- $this->logInAs('admin');
$client = $this->getClient();
$em = $client->getContainer()->get('doctrine.orm.entity_manager');
- $nbClients = $em->getRepository('WallabagApiBundle:Client')->findAll();
+ // Try to remove an admin's client with a wrong user
+ $this->logInAs('bob');
+ $client->request('GET', '/developer');
+ $this->assertContains('no_client', $client->getResponse()->getContent());
+
+ // get an ID of a admin's client
+ $this->logInAs('admin');
+ $nbClients = $em->getRepository('WallabagApiBundle:Client')->findByUser($this->getLoggedInUserId());
+
+ $this->logInAs('bob');
+ $client->request('GET', '/developer/client/delete/'.$nbClients[0]->getId());
+ $this->assertEquals(403, $client->getResponse()->getStatusCode());
+
+ // Try to remove the admin's client with the good user
+ $this->logInAs('admin');
$crawler = $client->request('GET', '/developer');
$link = $crawler
$client->click($link);
$this->assertEquals(302, $client->getResponse()->getStatusCode());
- $newNbClients = $em->getRepository('WallabagApiBundle:Client')->findAll();
+ $newNbClients = $em->getRepository('WallabagApiBundle:Client')->findByUser($this->getLoggedInUserId());
$this->assertGreaterThan(count($newNbClients), count($nbClients));
}
}