class EntryController extends Controller
{
/**
- * @param Request $request
+ * @param Request $request
+ *
* @Route("/new", name="new_entry")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function addEntryAction(Request $request)
* Shows unread entries for current user
*
* @Route("/unread", name="unread")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function showUnreadAction()
* Shows read entries for current user
*
* @Route("/archive", name="archive")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function showArchiveAction()
* Shows starred entries for current user
*
* @Route("/starred", name="starred")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function showStarredAction()
/**
* Shows entry content
*
- * @param Entry $entry
+ * @param Entry $entry
+ *
* @Route("/view/{id}", requirements={"id" = "\d+"}, name="view")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function viewAction(Entry $entry)
{
+ $this->checkUserAction($entry);
+
return $this->render(
'WallabagCoreBundle:Entry:entry.html.twig',
array('entry' => $entry)
/**
* Changes read status for an entry
*
- * @param Request $request
- * @param Entry $entry
+ * @param Request $request
+ * @param Entry $entry
+ *
* @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry")
+ *
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
public function toggleArchiveAction(Request $request, Entry $entry)
{
+ $this->checkUserAction($entry);
+
$entry->toggleArchive();
$this->getDoctrine()->getManager()->flush();
/**
* Changes favorite status for an entry
*
- * @param Request $request
- * @param Entry $entry
+ * @param Request $request
+ * @param Entry $entry
+ *
* @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry")
+ *
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
public function toggleStarAction(Request $request, Entry $entry)
{
+ $this->checkUserAction($entry);
+
$entry->toggleStar();
$this->getDoctrine()->getManager()->flush();
/**
* Deletes entry
*
- * @param Request $request
- * @param Entry $entry
+ * @param Request $request
+ * @param Entry $entry
+ *
* @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry")
+ *
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
public function deleteEntryAction(Request $request, Entry $entry)
{
- $em = $this->getDoctrine()->getManager();
+ $this->checkUserAction($entry);
+
$entry->setDeleted(1);
- $em->persist($entry);
- $em->flush();
+ $this->getDoctrine()->getManager()->flush();
$this->get('session')->getFlashBag()->add(
'notice',
return $this->redirect($request->headers->get('referer'));
}
+
+ /**
+ * Check if the logged user can manage the given entry
+ *
+ * @param Entry $entry
+ */
+ private function checkUserAction(Entry $entry)
+ {
+ if ($this->getUser()->getId() != $entry->getUser()->getId()) {
+ throw $this->createAccessDeniedException('You can not use this entry.');
+ }
+ }
}
namespace Wallabag\CoreBundle\Tests\Controller;
use Wallabag\CoreBundle\Tests\WallabagTestCase;
+use Doctrine\ORM\AbstractQuery;
class EntryControllerTest extends WallabagTestCase
{
{
$client = $this->getClient();
- $crawler = $client->request('GET', '/new');
+ $client->request('GET', '/new');
$this->assertEquals(302, $client->getResponse()->getStatusCode());
$this->assertContains('login', $client->getResponse()->headers->get('location'));
public function testGetNew()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/new');
public function testPostNewEmpty()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/new');
public function testPostNewOk()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/new');
public function testArchive()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
- $crawler = $client->request('GET', '/archive');
+ $client->request('GET', '/archive');
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
public function testStarred()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
- $crawler = $client->request('GET', '/starred');
+ $client->request('GET', '/starred');
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
public function testView()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$content = $client->getContainer()
->getRepository('WallabagCoreBundle:Entry')
->findOneByIsArchived(false);
- if (!$content) {
- $this->markTestSkipped('No content found in db.');
- }
-
- $crawler = $client->request('GET', '/view/'.$content->getId());
+ $client->request('GET', '/view/'.$content->getId());
$this->assertEquals(200, $client->getResponse()->getStatusCode());
$this->assertContains($content->getTitle(), $client->getResponse()->getContent());
}
+
+ public function testToggleArchive()
+ {
+ $this->logInAs('admin');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneByIsArchived(false);
+
+ $client->request('GET', '/archive/'.$content->getId());
+
+ $this->assertEquals(302, $client->getResponse()->getStatusCode());
+
+ $res = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneById($content->getId());
+
+ $this->assertEquals($res->isArchived(), true);
+ }
+
+ public function testToggleStar()
+ {
+ $this->logInAs('admin');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneByIsStarred(false);
+
+ $client->request('GET', '/star/'.$content->getId());
+
+ $this->assertEquals(302, $client->getResponse()->getStatusCode());
+
+ $res = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneById($content->getId());
+
+ $this->assertEquals($res->isStarred(), true);
+ }
+
+ public function testDelete()
+ {
+ $this->logInAs('admin');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneByIsDeleted(false);
+
+ $client->request('GET', '/delete/'.$content->getId());
+
+ $this->assertEquals(302, $client->getResponse()->getStatusCode());
+
+ $res = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneById($content->getId());
+
+ $this->assertEquals($res->isDeleted(), true);
+ }
+
+ public function testViewOtherUserEntry()
+ {
+ $this->logInAs('bob');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->createQueryBuilder('e')
+ ->select('e.id')
+ ->leftJoin('e.user', 'u')
+ ->where('u.username != :username')->setParameter('username', 'bob')
+ ->setMaxResults(1)
+ ->getQuery()
+ ->getSingleResult(AbstractQuery::HYDRATE_ARRAY);
+
+ $client->request('GET', '/view/'.$content['id']);
+
+ $this->assertEquals(403, $client->getResponse()->getStatusCode());
+ }
}