src/Wallabag/ApiBundle/Controller/WallabagRestController.php

   1 <?php
   2
   3 namespace Wallabag\ApiBundle\Controller;
   4
   5 use FOS\RestBundle\Controller\FOSRestController;
   6 use Nelmio\ApiDocBundle\Annotation\ApiDoc;
   7 use Symfony\Component\HttpFoundation\JsonResponse;
   8 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
   9
  10 class WallabagRestController extends FOSRestController
  11 {
  12     /**
  13      * Retrieve version number.
  14      *
  15      * @ApiDoc()
  16      *
  17      * @deprecated Should use info endpoint instead
  18      *
  19      * @return JsonResponse
  20      */
  21     public function getVersionAction()
  22     {
  23         $version = $this->container->getParameter('wallabag_core.version');
  24         $json = $this->get('jms_serializer')->serialize($version, 'json');
  25
  26         return (new JsonResponse())->setJson($json);
  27     }
  28
  29     /**
  30      * Retrieve information about the wallabag instance.
  31      *
  32      * @ApiDoc()
  33      *
  34      * @return JsonResponse
  35      */
  36     public function getInfoAction()
  37     {
  38         $info = [
  39             'appname' => 'wallabag',
  40             'version' => $this->container->getParameter('wallabag_core.version'),
  41             'allowed_registration' => $this->container->getParameter('wallabag_user.registration_enabled'),
  42         ];
  43
  44         return (new JsonResponse())->setJson($this->get('jms_serializer')->serialize($info, 'json'));
  45     }
  46
  47     protected function validateAuthentication()
  48     {
  49         if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
  50             throw new AccessDeniedException();
  51         }
  52     }
  53
  54     /**
  55      * Validate that the first id is equal to the second one.
  56      * If not, throw exception. It means a user try to access information from an other user.
  57      *
  58      * @param int $requestUserId User id from the requested source
  59      */
  60     protected function validateUserAccess($requestUserId)
  61     {
  62         $user = $this->get('security.token_storage')->getToken()->getUser();
  63         if ($requestUserId !== $user->getId()) {
  64             throw $this->createAccessDeniedException('Access forbidden. Entry user id: ' . $requestUserId . ', logged user id: ' . $user->getId());
  65         }
  66     }
  67 }