src/Wallabag/ApiBundle/Controller/WallabagRestController.php

   1 <?php
   2
   3 namespace Wallabag\ApiBundle\Controller;
   4
   5 use FOS\RestBundle\Controller\FOSRestController;
   6 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
   7 use Wallabag\CoreBundle\Entity\Entry;
   8
   9 class WallabagRestController extends FOSRestController
  10 {
  11     /**
  12      * Retrieve version number.
  13      *
  14      * @ApiDoc()
  15      *
  16      * @return JsonResponse
  17      */
  18     public function getVersionAction()
  19     {
  20         $version = $this->container->getParameter('wallabag_core.version');
  21         $json = $this->get('serializer')->serialize($version, 'json');
  22         return (new JsonResponse())->setJson($json);
  23     }
  24
  25     protected function validateAuthentication()
  26     {
  27         if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
  28             throw new AccessDeniedException();
  29         }
  30     }
  31
  32     /**
  33      * Validate that the first id is equal to the second one.
  34      * If not, throw exception. It means a user try to access information from an other user.
  35      *
  36      * @param int $requestUserId User id from the requested source
  37      */
  38     protected function validateUserAccess($requestUserId)
  39     {
  40         $user = $this->get('security.token_storage')->getToken()->getUser();
  41         if ($requestUserId != $user->getId()) {
  42             throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
  43         }
  44     }
  45 }