diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-09-29 14:57:46 +0200 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2015-10-03 13:30:43 +0200 |
commit | 772732531ea1d0f9831cc5f29e11b6b11fd088f3 (patch) | |
tree | fef572b7ba6a8917411f68487fc3d4a3de7b3c33 /src/Wallabag/ApiBundle/Controller/WallabagRestController.php | |
parent | cd1298d6dfc8a811f3808a85bf73f7686c29a0a8 (diff) | |
download | wallabag-772732531ea1d0f9831cc5f29e11b6b11fd088f3.tar.gz wallabag-772732531ea1d0f9831cc5f29e11b6b11fd088f3.tar.zst wallabag-772732531ea1d0f9831cc5f29e11b6b11fd088f3.zip |
check authentication on each API route
Diffstat (limited to 'src/Wallabag/ApiBundle/Controller/WallabagRestController.php')
-rw-r--r-- | src/Wallabag/ApiBundle/Controller/WallabagRestController.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php index 284dbb25..1fee56ad 100644 --- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php +++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php | |||
@@ -38,6 +38,13 @@ class WallabagRestController extends FOSRestController | |||
38 | } | 38 | } |
39 | } | 39 | } |
40 | 40 | ||
41 | private function validateAuthentication() | ||
42 | { | ||
43 | if (false === $this->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY')) { | ||
44 | throw new AccessDeniedException(); | ||
45 | } | ||
46 | } | ||
47 | |||
41 | /** | 48 | /** |
42 | * Retrieve all entries. It could be filtered by many options. | 49 | * Retrieve all entries. It could be filtered by many options. |
43 | * | 50 | * |
@@ -57,6 +64,8 @@ class WallabagRestController extends FOSRestController | |||
57 | */ | 64 | */ |
58 | public function getEntriesAction(Request $request) | 65 | public function getEntriesAction(Request $request) |
59 | { | 66 | { |
67 | $this->validateAuthentication(); | ||
68 | |||
60 | $isArchived = $request->query->get('archive'); | 69 | $isArchived = $request->query->get('archive'); |
61 | $isStarred = $request->query->get('star'); | 70 | $isStarred = $request->query->get('star'); |
62 | $sort = $request->query->get('sort', 'created'); | 71 | $sort = $request->query->get('sort', 'created'); |
@@ -97,6 +106,7 @@ class WallabagRestController extends FOSRestController | |||
97 | */ | 106 | */ |
98 | public function getEntryAction(Entry $entry) | 107 | public function getEntryAction(Entry $entry) |
99 | { | 108 | { |
109 | $this->validateAuthentication(); | ||
100 | $this->validateUserAccess($entry->getUser()->getId()); | 110 | $this->validateUserAccess($entry->getUser()->getId()); |
101 | 111 | ||
102 | $json = $this->get('serializer')->serialize($entry, 'json'); | 112 | $json = $this->get('serializer')->serialize($entry, 'json'); |
@@ -119,6 +129,8 @@ class WallabagRestController extends FOSRestController | |||
119 | */ | 129 | */ |
120 | public function postEntriesAction(Request $request) | 130 | public function postEntriesAction(Request $request) |
121 | { | 131 | { |
132 | $this->validateAuthentication(); | ||
133 | |||
122 | $url = $request->request->get('url'); | 134 | $url = $request->request->get('url'); |
123 | 135 | ||
124 | $entry = $this->get('wallabag_core.content_proxy')->updateEntry( | 136 | $entry = $this->get('wallabag_core.content_proxy')->updateEntry( |
@@ -159,6 +171,7 @@ class WallabagRestController extends FOSRestController | |||
159 | */ | 171 | */ |
160 | public function patchEntriesAction(Entry $entry, Request $request) | 172 | public function patchEntriesAction(Entry $entry, Request $request) |
161 | { | 173 | { |
174 | $this->validateAuthentication(); | ||
162 | $this->validateUserAccess($entry->getUser()->getId()); | 175 | $this->validateUserAccess($entry->getUser()->getId()); |
163 | 176 | ||
164 | $title = $request->request->get('title'); | 177 | $title = $request->request->get('title'); |
@@ -203,6 +216,7 @@ class WallabagRestController extends FOSRestController | |||
203 | */ | 216 | */ |
204 | public function deleteEntriesAction(Entry $entry) | 217 | public function deleteEntriesAction(Entry $entry) |
205 | { | 218 | { |
219 | $this->validateAuthentication(); | ||
206 | $this->validateUserAccess($entry->getUser()->getId()); | 220 | $this->validateUserAccess($entry->getUser()->getId()); |
207 | 221 | ||
208 | $em = $this->getDoctrine()->getManager(); | 222 | $em = $this->getDoctrine()->getManager(); |
@@ -225,6 +239,7 @@ class WallabagRestController extends FOSRestController | |||
225 | */ | 239 | */ |
226 | public function getEntriesTagsAction(Entry $entry) | 240 | public function getEntriesTagsAction(Entry $entry) |
227 | { | 241 | { |
242 | $this->validateAuthentication(); | ||
228 | $this->validateUserAccess($entry->getUser()->getId()); | 243 | $this->validateUserAccess($entry->getUser()->getId()); |
229 | 244 | ||
230 | $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); | 245 | $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); |
@@ -246,6 +261,7 @@ class WallabagRestController extends FOSRestController | |||
246 | */ | 261 | */ |
247 | public function postEntriesTagsAction(Request $request, Entry $entry) | 262 | public function postEntriesTagsAction(Request $request, Entry $entry) |
248 | { | 263 | { |
264 | $this->validateAuthentication(); | ||
249 | $this->validateUserAccess($entry->getUser()->getId()); | 265 | $this->validateUserAccess($entry->getUser()->getId()); |
250 | 266 | ||
251 | $tags = $request->request->get('tags', ''); | 267 | $tags = $request->request->get('tags', ''); |
@@ -274,6 +290,7 @@ class WallabagRestController extends FOSRestController | |||
274 | */ | 290 | */ |
275 | public function deleteEntriesTagsAction(Entry $entry, Tag $tag) | 291 | public function deleteEntriesTagsAction(Entry $entry, Tag $tag) |
276 | { | 292 | { |
293 | $this->validateAuthentication(); | ||
277 | $this->validateUserAccess($entry->getUser()->getId()); | 294 | $this->validateUserAccess($entry->getUser()->getId()); |
278 | 295 | ||
279 | $entry->removeTag($tag); | 296 | $entry->removeTag($tag); |
@@ -293,6 +310,7 @@ class WallabagRestController extends FOSRestController | |||
293 | */ | 310 | */ |
294 | public function getTagsAction() | 311 | public function getTagsAction() |
295 | { | 312 | { |
313 | $this->validateAuthentication(); | ||
296 | $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); | 314 | $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); |
297 | 315 | ||
298 | return $this->renderJsonResponse($json); | 316 | return $this->renderJsonResponse($json); |
@@ -309,6 +327,7 @@ class WallabagRestController extends FOSRestController | |||
309 | */ | 327 | */ |
310 | public function deleteTagAction(Tag $tag) | 328 | public function deleteTagAction(Tag $tag) |
311 | { | 329 | { |
330 | $this->validateAuthentication(); | ||
312 | $this->validateUserAccess($tag->getUser()->getId()); | 331 | $this->validateUserAccess($tag->getUser()->getId()); |
313 | 332 | ||
314 | $em = $this->getDoctrine()->getManager(); | 333 | $em = $this->getDoctrine()->getManager(); |