src/Wallabag/ApiBundle/Controller/WallabagRestController.php

   1 <?php
   2
   3 namespace Wallabag\ApiBundle\Controller;
   4
   5 use FOS\RestBundle\Controller\FOSRestController;
   6 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
   7 use Wallabag\CoreBundle\Entity\Entry;
   8 use Nelmio\ApiDocBundle\Annotation\ApiDoc;
   9 use Symfony\Component\HttpFoundation\JsonResponse;
  10
  11 class WallabagRestController extends FOSRestController
  12 {
  13     /**
  14      * Retrieve version number.
  15      *
  16      * @ApiDoc()
  17      *
  18      * @return JsonResponse
  19      */
  20     public function getVersionAction()
  21     {
  22         $version = $this->container->getParameter('wallabag_core.version');
  23         $json = $this->get('serializer')->serialize($version, 'json');
  24
  25         return (new JsonResponse())->setJson($json);
  26     }
  27
  28     protected function validateAuthentication()
  29     {
  30         if (false === $this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
  31             throw new AccessDeniedException();
  32         }
  33     }
  34
  35     /**
  36      * Validate that the first id is equal to the second one.
  37      * If not, throw exception. It means a user try to access information from an other user.
  38      *
  39      * @param int $requestUserId User id from the requested source
  40      */
  41     protected function validateUserAccess($requestUserId)
  42     {
  43         $user = $this->get('security.token_storage')->getToken()->getUser();
  44         if ($requestUserId != $user->getId()) {
  45             throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
  46         }
  47     }
  48 }