From 8799bde00dade0e6c3a98e009c90a14cf2e1adfe Mon Sep 17 00:00:00 2001
From: Jeremy Benoist <jeremy.benoist@gmail.com>
Date: Sat, 1 Oct 2016 17:24:24 +0200
Subject: [PATCH] Introduce validateRuleAction

---
 .../CoreBundle/Controller/ConfigController.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index 28e33998..4dd4e40c 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -219,9 +219,7 @@ class ConfigController extends Controller
      */
     public function deleteTaggingRuleAction(TaggingRule $rule)
     {
-        if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {
-            throw $this->createAccessDeniedException('You can not access this tagging rule.');
-        }
+        $this->validateRuleAction($rule);
 
         $em = $this->getDoctrine()->getManager();
         $em->remove($rule);
@@ -245,12 +243,22 @@ class ConfigController extends Controller
      * @return RedirectResponse
      */
     public function editTaggingRuleAction(TaggingRule $rule)
+    {
+        $this->validateRuleAction($rule);
+
+        return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
+    }
+
+    /**
+     * Validate that a rule can be edited/deleted by the current user
+     *
+     * @param  TaggingRule $rule
+     */
+    private function validateRuleAction(TaggingRule $rule)
     {
         if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {
             throw $this->createAccessDeniedException('You can not access this tagging rule.');
         }
-
-        return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
     }
 
     /**
-- 
2.41.0