aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJeremy Benoist <jeremy.benoist@gmail.com>2017-11-22 09:59:11 +0100
committerJeremy Benoist <jeremy.benoist@gmail.com>2017-11-22 10:00:45 +0100
commitef2b4041fb3791554e93b4180777adbfdcf9afa2 (patch)
treee48cb9b072e93179c6a79278ef949d9239a1d77d
parent709e21a3f4ef3616112a02be06045a1e3ab63a01 (diff)
downloadwallabag-ef2b4041fb3791554e93b4180777adbfdcf9afa2.tar.gz
wallabag-ef2b4041fb3791554e93b4180777adbfdcf9afa2.tar.zst
wallabag-ef2b4041fb3791554e93b4180777adbfdcf9afa2.zip
Disable controller access if feature disabled
If `restricted_access` is disabled, accessing `/site-credentials/` must be disabled.
-rw-r--r--src/Wallabag/CoreBundle/Controller/SiteCredentialController.php18
-rw-r--r--tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php14
2 files changed, 32 insertions, 0 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
index fa2066dc..548de744 100644
--- a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
+++ b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
@@ -24,6 +24,8 @@ class SiteCredentialController extends Controller
24 */ 24 */
25 public function indexAction() 25 public function indexAction()
26 { 26 {
27 $this->isSiteCredentialsEnabled();
28
27 $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser()); 29 $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser());
28 30
29 return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [ 31 return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [
@@ -43,6 +45,8 @@ class SiteCredentialController extends Controller
43 */ 45 */
44 public function newAction(Request $request) 46 public function newAction(Request $request)
45 { 47 {
48 $this->isSiteCredentialsEnabled();
49
46 $credential = new SiteCredential($this->getUser()); 50 $credential = new SiteCredential($this->getUser());
47 51
48 $form = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $credential); 52 $form = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $credential);
@@ -83,6 +87,8 @@ class SiteCredentialController extends Controller
83 */ 87 */
84 public function editAction(Request $request, SiteCredential $siteCredential) 88 public function editAction(Request $request, SiteCredential $siteCredential)
85 { 89 {
90 $this->isSiteCredentialsEnabled();
91
86 $this->checkUserAction($siteCredential); 92 $this->checkUserAction($siteCredential);
87 93
88 $deleteForm = $this->createDeleteForm($siteCredential); 94 $deleteForm = $this->createDeleteForm($siteCredential);
@@ -125,6 +131,8 @@ class SiteCredentialController extends Controller
125 */ 131 */
126 public function deleteAction(Request $request, SiteCredential $siteCredential) 132 public function deleteAction(Request $request, SiteCredential $siteCredential)
127 { 133 {
134 $this->isSiteCredentialsEnabled();
135
128 $this->checkUserAction($siteCredential); 136 $this->checkUserAction($siteCredential);
129 137
130 $form = $this->createDeleteForm($siteCredential); 138 $form = $this->createDeleteForm($siteCredential);
@@ -145,6 +153,16 @@ class SiteCredentialController extends Controller
145 } 153 }
146 154
147 /** 155 /**
156 * Throw a 404 if the feature is disabled.
157 */
158 private function isSiteCredentialsEnabled()
159 {
160 if (!$this->get('craue_config')->get('restricted_access')) {
161 throw $this->createNotFoundException('Feature "restricted_access" is disabled, controllers too.');
162 }
163 }
164
165 /**
148 * Creates a form to delete a site credential entity. 166 * Creates a form to delete a site credential entity.
149 * 167 *
150 * @param SiteCredential $siteCredential The site credential entity 168 * @param SiteCredential $siteCredential The site credential entity
diff --git a/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php b/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
index 87ea2867..f5074403 100644
--- a/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
@@ -8,6 +8,20 @@ use Wallabag\CoreBundle\Entity\SiteCredential;
8 8
9class SiteCredentialControllerTest extends WallabagCoreTestCase 9class SiteCredentialControllerTest extends WallabagCoreTestCase
10{ 10{
11 public function testAccessDeniedBecauseFeatureDisabled()
12 {
13 $this->logInAs('admin');
14 $client = $this->getClient();
15
16 $client->getContainer()->get('craue_config')->set('restricted_access', 0);
17
18 $client->request('GET', '/site-credentials/');
19
20 $this->assertSame(404, $client->getResponse()->getStatusCode());
21
22 $client->getContainer()->get('craue_config')->set('restricted_access', 1);
23 }
24
11 public function testListSiteCredential() 25 public function testListSiteCredential()
12 { 26 {
13 $this->logInAs('admin'); 27 $this->logInAs('admin');