src/Wallabag/ApiBundle/Controller/WallabagRestController.php

   1 <?php
   2
   3 namespace Wallabag\ApiBundle\Controller;
   4
   5 use FOS\RestBundle\Controller\FOSRestController;
   6 use Nelmio\ApiDocBundle\Annotation\ApiDoc;
   7 use Symfony\Component\HttpFoundation\JsonResponse;
   8 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
   9
  10 class WallabagRestController extends FOSRestController
  11 {
  12     /**
  13      * Retrieve version number.
  14      *
  15      * @ApiDoc()
  16      *
  17      * @return JsonResponse
  18      */
  19     public function getVersionAction()
  20     {
  21         $version = $this->container->getParameter('wallabag_core.version');
  22         $json = $this->get('jms_serializer')->serialize($version, 'json');
  23
  24         return (new JsonResponse())->setJson($json);
  25     }
  26
  27     protected function validateAuthentication()
  28     {
  29         if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
  30             throw new AccessDeniedException();
  31         }
  32     }
  33
  34     /**
  35      * Validate that the first id is equal to the second one.
  36      * If not, throw exception. It means a user try to access information from an other user.
  37      *
  38      * @param int $requestUserId User id from the requested source
  39      */
  40     protected function validateUserAccess($requestUserId)
  41     {
  42         $user = $this->get('security.token_storage')->getToken()->getUser();
  43         if ($requestUserId !== $user->getId()) {
  44             throw $this->createAccessDeniedException('Access forbidden. Entry user id: ' . $requestUserId . ', logged user id: ' . $user->getId());
  45         }
  46     }
  47 }