diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2016-10-01 17:24:24 +0200 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2016-10-01 17:24:24 +0200 |
commit | 8799bde00dade0e6c3a98e009c90a14cf2e1adfe (patch) | |
tree | 35b19a2c88cdcb9b5e187de7cafbd31b4e363792 | |
parent | bf3dc999e7b25888460faff2251f75e4a79491c4 (diff) | |
download | wallabag-8799bde00dade0e6c3a98e009c90a14cf2e1adfe.tar.gz wallabag-8799bde00dade0e6c3a98e009c90a14cf2e1adfe.tar.zst wallabag-8799bde00dade0e6c3a98e009c90a14cf2e1adfe.zip |
Introduce validateRuleAction
-rw-r--r-- | src/Wallabag/CoreBundle/Controller/ConfigController.php | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index 28e33998..4dd4e40c 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php | |||
@@ -219,9 +219,7 @@ class ConfigController extends Controller | |||
219 | */ | 219 | */ |
220 | public function deleteTaggingRuleAction(TaggingRule $rule) | 220 | public function deleteTaggingRuleAction(TaggingRule $rule) |
221 | { | 221 | { |
222 | if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) { | 222 | $this->validateRuleAction($rule); |
223 | throw $this->createAccessDeniedException('You can not access this tagging rule.'); | ||
224 | } | ||
225 | 223 | ||
226 | $em = $this->getDoctrine()->getManager(); | 224 | $em = $this->getDoctrine()->getManager(); |
227 | $em->remove($rule); | 225 | $em->remove($rule); |
@@ -246,11 +244,21 @@ class ConfigController extends Controller | |||
246 | */ | 244 | */ |
247 | public function editTaggingRuleAction(TaggingRule $rule) | 245 | public function editTaggingRuleAction(TaggingRule $rule) |
248 | { | 246 | { |
247 | $this->validateRuleAction($rule); | ||
248 | |||
249 | return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5'); | ||
250 | } | ||
251 | |||
252 | /** | ||
253 | * Validate that a rule can be edited/deleted by the current user | ||
254 | * | ||
255 | * @param TaggingRule $rule | ||
256 | */ | ||
257 | private function validateRuleAction(TaggingRule $rule) | ||
258 | { | ||
249 | if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) { | 259 | if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) { |
250 | throw $this->createAccessDeniedException('You can not access this tagging rule.'); | 260 | throw $this->createAccessDeniedException('You can not access this tagging rule.'); |
251 | } | 261 | } |
252 | |||
253 | return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5'); | ||
254 | } | 262 | } |
255 | 263 | ||
256 | /** | 264 | /** |