aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJeremy Benoist <jeremy.benoist@gmail.com>2016-10-01 17:24:24 +0200
committerJeremy Benoist <jeremy.benoist@gmail.com>2016-10-01 17:24:24 +0200
commit8799bde00dade0e6c3a98e009c90a14cf2e1adfe (patch)
tree35b19a2c88cdcb9b5e187de7cafbd31b4e363792
parentbf3dc999e7b25888460faff2251f75e4a79491c4 (diff)
downloadwallabag-8799bde00dade0e6c3a98e009c90a14cf2e1adfe.tar.gz
wallabag-8799bde00dade0e6c3a98e009c90a14cf2e1adfe.tar.zst
wallabag-8799bde00dade0e6c3a98e009c90a14cf2e1adfe.zip
Introduce validateRuleAction
-rw-r--r--src/Wallabag/CoreBundle/Controller/ConfigController.php18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index 28e33998..4dd4e40c 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -219,9 +219,7 @@ class ConfigController extends Controller
219 */ 219 */
220 public function deleteTaggingRuleAction(TaggingRule $rule) 220 public function deleteTaggingRuleAction(TaggingRule $rule)
221 { 221 {
222 if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) { 222 $this->validateRuleAction($rule);
223 throw $this->createAccessDeniedException('You can not access this tagging rule.');
224 }
225 223
226 $em = $this->getDoctrine()->getManager(); 224 $em = $this->getDoctrine()->getManager();
227 $em->remove($rule); 225 $em->remove($rule);
@@ -246,11 +244,21 @@ class ConfigController extends Controller
246 */ 244 */
247 public function editTaggingRuleAction(TaggingRule $rule) 245 public function editTaggingRuleAction(TaggingRule $rule)
248 { 246 {
247 $this->validateRuleAction($rule);
248
249 return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
250 }
251
252 /**
253 * Validate that a rule can be edited/deleted by the current user
254 *
255 * @param TaggingRule $rule
256 */
257 private function validateRuleAction(TaggingRule $rule)
258 {
249 if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) { 259 if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {
250 throw $this->createAccessDeniedException('You can not access this tagging rule.'); 260 throw $this->createAccessDeniedException('You can not access this tagging rule.');
251 } 261 }
252
253 return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
254 } 262 }
255 263
256 /** 264 /**