aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
diff options
context:
space:
mode:
authorNicolas LÅ“uillet <nicolas@loeuillet.org>2015-09-29 14:57:46 +0200
committerJeremy Benoist <jeremy.benoist@gmail.com>2015-10-03 13:30:43 +0200
commit772732531ea1d0f9831cc5f29e11b6b11fd088f3 (patch)
treefef572b7ba6a8917411f68487fc3d4a3de7b3c33 /src/Wallabag/ApiBundle/Controller/WallabagRestController.php
parentcd1298d6dfc8a811f3808a85bf73f7686c29a0a8 (diff)
downloadwallabag-772732531ea1d0f9831cc5f29e11b6b11fd088f3.tar.gz
wallabag-772732531ea1d0f9831cc5f29e11b6b11fd088f3.tar.zst
wallabag-772732531ea1d0f9831cc5f29e11b6b11fd088f3.zip
check authentication on each API route
Diffstat (limited to 'src/Wallabag/ApiBundle/Controller/WallabagRestController.php')
-rw-r--r--src/Wallabag/ApiBundle/Controller/WallabagRestController.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
index 284dbb25..1fee56ad 100644
--- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
@@ -38,6 +38,13 @@ class WallabagRestController extends FOSRestController
38 } 38 }
39 } 39 }
40 40
41 private function validateAuthentication()
42 {
43 if (false === $this->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY')) {
44 throw new AccessDeniedException();
45 }
46 }
47
41 /** 48 /**
42 * Retrieve all entries. It could be filtered by many options. 49 * Retrieve all entries. It could be filtered by many options.
43 * 50 *
@@ -57,6 +64,8 @@ class WallabagRestController extends FOSRestController
57 */ 64 */
58 public function getEntriesAction(Request $request) 65 public function getEntriesAction(Request $request)
59 { 66 {
67 $this->validateAuthentication();
68
60 $isArchived = $request->query->get('archive'); 69 $isArchived = $request->query->get('archive');
61 $isStarred = $request->query->get('star'); 70 $isStarred = $request->query->get('star');
62 $sort = $request->query->get('sort', 'created'); 71 $sort = $request->query->get('sort', 'created');
@@ -97,6 +106,7 @@ class WallabagRestController extends FOSRestController
97 */ 106 */
98 public function getEntryAction(Entry $entry) 107 public function getEntryAction(Entry $entry)
99 { 108 {
109 $this->validateAuthentication();
100 $this->validateUserAccess($entry->getUser()->getId()); 110 $this->validateUserAccess($entry->getUser()->getId());
101 111
102 $json = $this->get('serializer')->serialize($entry, 'json'); 112 $json = $this->get('serializer')->serialize($entry, 'json');
@@ -119,6 +129,8 @@ class WallabagRestController extends FOSRestController
119 */ 129 */
120 public function postEntriesAction(Request $request) 130 public function postEntriesAction(Request $request)
121 { 131 {
132 $this->validateAuthentication();
133
122 $url = $request->request->get('url'); 134 $url = $request->request->get('url');
123 135
124 $entry = $this->get('wallabag_core.content_proxy')->updateEntry( 136 $entry = $this->get('wallabag_core.content_proxy')->updateEntry(
@@ -159,6 +171,7 @@ class WallabagRestController extends FOSRestController
159 */ 171 */
160 public function patchEntriesAction(Entry $entry, Request $request) 172 public function patchEntriesAction(Entry $entry, Request $request)
161 { 173 {
174 $this->validateAuthentication();
162 $this->validateUserAccess($entry->getUser()->getId()); 175 $this->validateUserAccess($entry->getUser()->getId());
163 176
164 $title = $request->request->get('title'); 177 $title = $request->request->get('title');
@@ -203,6 +216,7 @@ class WallabagRestController extends FOSRestController
203 */ 216 */
204 public function deleteEntriesAction(Entry $entry) 217 public function deleteEntriesAction(Entry $entry)
205 { 218 {
219 $this->validateAuthentication();
206 $this->validateUserAccess($entry->getUser()->getId()); 220 $this->validateUserAccess($entry->getUser()->getId());
207 221
208 $em = $this->getDoctrine()->getManager(); 222 $em = $this->getDoctrine()->getManager();
@@ -225,6 +239,7 @@ class WallabagRestController extends FOSRestController
225 */ 239 */
226 public function getEntriesTagsAction(Entry $entry) 240 public function getEntriesTagsAction(Entry $entry)
227 { 241 {
242 $this->validateAuthentication();
228 $this->validateUserAccess($entry->getUser()->getId()); 243 $this->validateUserAccess($entry->getUser()->getId());
229 244
230 $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); 245 $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
@@ -246,6 +261,7 @@ class WallabagRestController extends FOSRestController
246 */ 261 */
247 public function postEntriesTagsAction(Request $request, Entry $entry) 262 public function postEntriesTagsAction(Request $request, Entry $entry)
248 { 263 {
264 $this->validateAuthentication();
249 $this->validateUserAccess($entry->getUser()->getId()); 265 $this->validateUserAccess($entry->getUser()->getId());
250 266
251 $tags = $request->request->get('tags', ''); 267 $tags = $request->request->get('tags', '');
@@ -274,6 +290,7 @@ class WallabagRestController extends FOSRestController
274 */ 290 */
275 public function deleteEntriesTagsAction(Entry $entry, Tag $tag) 291 public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
276 { 292 {
293 $this->validateAuthentication();
277 $this->validateUserAccess($entry->getUser()->getId()); 294 $this->validateUserAccess($entry->getUser()->getId());
278 295
279 $entry->removeTag($tag); 296 $entry->removeTag($tag);
@@ -293,6 +310,7 @@ class WallabagRestController extends FOSRestController
293 */ 310 */
294 public function getTagsAction() 311 public function getTagsAction()
295 { 312 {
313 $this->validateAuthentication();
296 $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); 314 $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
297 315
298 return $this->renderJsonResponse($json); 316 return $this->renderJsonResponse($json);
@@ -309,6 +327,7 @@ class WallabagRestController extends FOSRestController
309 */ 327 */
310 public function deleteTagAction(Tag $tag) 328 public function deleteTagAction(Tag $tag)
311 { 329 {
330 $this->validateAuthentication();
312 $this->validateUserAccess($tag->getUser()->getId()); 331 $this->validateUserAccess($tag->getUser()->getId());
313 332
314 $em = $this->getDoctrine()->getManager(); 333 $em = $this->getDoctrine()->getManager();