src/Wallabag/ApiBundle/Controller/WallabagRestController.php

   1 <?php
   2
   3 namespace Wallabag\ApiBundle\Controller;
   4
   5 use FOS\RestBundle\Controller\FOSRestController;
   6 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
   7 use Wallabag\CoreBundle\Entity\Entry;
   8
   9 class WallabagRestController extends FOSRestController
  10 {
  11     protected function validateAuthentication()
  12     {
  13         if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
  14             throw new AccessDeniedException();
  15         }
  16     }
  17
  18     /**
  19      * Validate that the first id is equal to the second one.
  20      * If not, throw exception. It means a user try to access information from an other user.
  21      *
  22      * @param int $requestUserId User id from the requested source
  23      */
  24     protected function validateUserAccess($requestUserId)
  25     {
  26         $user = $this->get('security.token_storage')->getToken()->getUser();
  27         if ($requestUserId != $user->getId()) {
  28             throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
  29         }
  30     }
  31 }