diff options
6 files changed, 110 insertions, 7 deletions
diff --git a/app/DoctrineMigrations/Version20161024212538.php b/app/DoctrineMigrations/Version20161024212538.php new file mode 100644 index 00000000..f8e927e4 --- /dev/null +++ b/app/DoctrineMigrations/Version20161024212538.php | |||
@@ -0,0 +1,45 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Application\Migrations; | ||
4 | |||
5 | use Doctrine\DBAL\Migrations\AbstractMigration; | ||
6 | use Doctrine\DBAL\Schema\Schema; | ||
7 | use Symfony\Component\DependencyInjection\ContainerAwareInterface; | ||
8 | use Symfony\Component\DependencyInjection\ContainerInterface; | ||
9 | |||
10 | class Version20161024212538 extends AbstractMigration implements ContainerAwareInterface | ||
11 | { | ||
12 | /** | ||
13 | * @var ContainerInterface | ||
14 | */ | ||
15 | private $container; | ||
16 | |||
17 | public function setContainer(ContainerInterface $container = null) | ||
18 | { | ||
19 | $this->container = $container; | ||
20 | } | ||
21 | |||
22 | private function getTable($tableName) | ||
23 | { | ||
24 | return $this->container->getParameter('database_table_prefix') . $tableName; | ||
25 | } | ||
26 | |||
27 | /** | ||
28 | * @param Schema $schema | ||
29 | */ | ||
30 | public function up(Schema $schema) | ||
31 | { | ||
32 | $this->skipIf($this->connection->getDatabasePlatform()->getName() == 'sqlite', 'Migration can only be executed safely on \'mysql\' or \'postgresql\'.'); | ||
33 | |||
34 | $this->addSql('ALTER TABLE '.$this->getTable('oauth2_clients').' ADD user_id INT(11) DEFAULT NULL'); | ||
35 | $this->addSql('ALTER TABLE '.$this->getTable('oauth2_clients').' ADD CONSTRAINT FK_clients_user_clients FOREIGN KEY (user_id) REFERENCES '.$this->getTable('user').' (id) ON DELETE CASCADE'); | ||
36 | } | ||
37 | |||
38 | /** | ||
39 | * @param Schema $schema | ||
40 | */ | ||
41 | public function down(Schema $schema) | ||
42 | { | ||
43 | |||
44 | } | ||
45 | } | ||
diff --git a/src/Wallabag/ApiBundle/Controller/DeveloperController.php b/src/Wallabag/ApiBundle/Controller/DeveloperController.php index 5a36a260..550c0608 100644 --- a/src/Wallabag/ApiBundle/Controller/DeveloperController.php +++ b/src/Wallabag/ApiBundle/Controller/DeveloperController.php | |||
@@ -19,7 +19,7 @@ class DeveloperController extends Controller | |||
19 | */ | 19 | */ |
20 | public function indexAction() | 20 | public function indexAction() |
21 | { | 21 | { |
22 | $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findAll(); | 22 | $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findByUser($this->getUser()->getId()); |
23 | 23 | ||
24 | return $this->render('@WallabagCore/themes/common/Developer/index.html.twig', [ | 24 | return $this->render('@WallabagCore/themes/common/Developer/index.html.twig', [ |
25 | 'clients' => $clients, | 25 | 'clients' => $clients, |
@@ -38,7 +38,7 @@ class DeveloperController extends Controller | |||
38 | public function createClientAction(Request $request) | 38 | public function createClientAction(Request $request) |
39 | { | 39 | { |
40 | $em = $this->getDoctrine()->getManager(); | 40 | $em = $this->getDoctrine()->getManager(); |
41 | $client = new Client(); | 41 | $client = new Client($this->getUser()); |
42 | $clientForm = $this->createForm(ClientType::class, $client); | 42 | $clientForm = $this->createForm(ClientType::class, $client); |
43 | $clientForm->handleRequest($request); | 43 | $clientForm->handleRequest($request); |
44 | 44 | ||
@@ -75,6 +75,10 @@ class DeveloperController extends Controller | |||
75 | */ | 75 | */ |
76 | public function deleteClientAction(Client $client) | 76 | public function deleteClientAction(Client $client) |
77 | { | 77 | { |
78 | if (null === $this->getUser() || $client->getUser()->getId() != $this->getUser()->getId()) { | ||
79 | throw $this->createAccessDeniedException('You can not access this client.'); | ||
80 | } | ||
81 | |||
78 | $em = $this->getDoctrine()->getManager(); | 82 | $em = $this->getDoctrine()->getManager(); |
79 | $em->remove($client); | 83 | $em->remove($client); |
80 | $em->flush(); | 84 | $em->flush(); |
diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php index f7898ac8..427a4c7f 100644 --- a/src/Wallabag/ApiBundle/Entity/Client.php +++ b/src/Wallabag/ApiBundle/Entity/Client.php | |||
@@ -4,6 +4,7 @@ namespace Wallabag\ApiBundle\Entity; | |||
4 | 4 | ||
5 | use Doctrine\ORM\Mapping as ORM; | 5 | use Doctrine\ORM\Mapping as ORM; |
6 | use FOS\OAuthServerBundle\Entity\Client as BaseClient; | 6 | use FOS\OAuthServerBundle\Entity\Client as BaseClient; |
7 | use Wallabag\UserBundle\Entity\User; | ||
7 | 8 | ||
8 | /** | 9 | /** |
9 | * @ORM\Table("oauth2_clients") | 10 | * @ORM\Table("oauth2_clients") |
@@ -35,9 +36,15 @@ class Client extends BaseClient | |||
35 | */ | 36 | */ |
36 | protected $accessTokens; | 37 | protected $accessTokens; |
37 | 38 | ||
38 | public function __construct() | 39 | /** |
40 | * @ORM\ManyToOne(targetEntity="Wallabag\UserBundle\Entity\User", inversedBy="clients") | ||
41 | */ | ||
42 | private $user; | ||
43 | |||
44 | public function __construct(User $user) | ||
39 | { | 45 | { |
40 | parent::__construct(); | 46 | parent::__construct(); |
47 | $this->user = $user; | ||
41 | } | 48 | } |
42 | 49 | ||
43 | /** | 50 | /** |
@@ -63,4 +70,12 @@ class Client extends BaseClient | |||
63 | 70 | ||
64 | return $this; | 71 | return $this; |
65 | } | 72 | } |
73 | |||
74 | /** | ||
75 | * @return User | ||
76 | */ | ||
77 | public function getUser() | ||
78 | { | ||
79 | return $this->user; | ||
80 | } | ||
66 | } | 81 | } |
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index d98ae76a..3a167de7 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php | |||
@@ -11,6 +11,7 @@ use JMS\Serializer\Annotation\ExclusionPolicy; | |||
11 | use JMS\Serializer\Annotation\Expose; | 11 | use JMS\Serializer\Annotation\Expose; |
12 | use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; | 12 | use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; |
13 | use Symfony\Component\Security\Core\User\UserInterface; | 13 | use Symfony\Component\Security\Core\User\UserInterface; |
14 | use Wallabag\ApiBundle\Entity\Client; | ||
14 | use Wallabag\CoreBundle\Entity\Config; | 15 | use Wallabag\CoreBundle\Entity\Config; |
15 | use Wallabag\CoreBundle\Entity\Entry; | 16 | use Wallabag\CoreBundle\Entity\Entry; |
16 | 17 | ||
@@ -84,6 +85,11 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf | |||
84 | */ | 85 | */ |
85 | private $trusted; | 86 | private $trusted; |
86 | 87 | ||
88 | /** | ||
89 | * @ORM\OneToMany(targetEntity="Wallabag\ApiBundle\Entity\Client", mappedBy="user", cascade={"remove"}) | ||
90 | */ | ||
91 | protected $clients; | ||
92 | |||
87 | public function __construct() | 93 | public function __construct() |
88 | { | 94 | { |
89 | parent::__construct(); | 95 | parent::__construct(); |
@@ -240,4 +246,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf | |||
240 | 246 | ||
241 | return false; | 247 | return false; |
242 | } | 248 | } |
249 | |||
250 | /** | ||
251 | * @param Client $client | ||
252 | * | ||
253 | * @return User | ||
254 | */ | ||
255 | public function addClient(Client $client) | ||
256 | { | ||
257 | $this->clients[] = $client; | ||
258 | |||
259 | return $this; | ||
260 | } | ||
261 | |||
262 | /** | ||
263 | * @return ArrayCollection<Entry> | ||
264 | */ | ||
265 | public function getClients() | ||
266 | { | ||
267 | return $this->clients; | ||
268 | } | ||
243 | } | 269 | } |
diff --git a/tests/Wallabag/AnnotationBundle/Controller/AnnotationControllerTest.php b/tests/Wallabag/AnnotationBundle/Controller/AnnotationControllerTest.php index cee0b847..81f9e9ec 100644 --- a/tests/Wallabag/AnnotationBundle/Controller/AnnotationControllerTest.php +++ b/tests/Wallabag/AnnotationBundle/Controller/AnnotationControllerTest.php | |||
@@ -11,7 +11,7 @@ class AnnotationControllerTest extends WallabagAnnotationTestCase | |||
11 | /** | 11 | /** |
12 | * This data provider allow to tests annotation from the : | 12 | * This data provider allow to tests annotation from the : |
13 | * - API POV (when user use the api to manage annotations) | 13 | * - API POV (when user use the api to manage annotations) |
14 | * - and User POV (when user use the web interface - using javascript - to manage annotations) | 14 | * - and User POV (when user use the web interface - using javascript - to manage annotations). |
15 | */ | 15 | */ |
16 | public function dataForEachAnnotations() | 16 | public function dataForEachAnnotations() |
17 | { | 17 | { |
diff --git a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php index 95befa9c..6659443b 100644 --- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php | |||
@@ -82,11 +82,24 @@ class DeveloperControllerTest extends WallabagCoreTestCase | |||
82 | 82 | ||
83 | public function testRemoveClient() | 83 | public function testRemoveClient() |
84 | { | 84 | { |
85 | $this->logInAs('admin'); | ||
86 | $client = $this->getClient(); | 85 | $client = $this->getClient(); |
87 | $em = $client->getContainer()->get('doctrine.orm.entity_manager'); | 86 | $em = $client->getContainer()->get('doctrine.orm.entity_manager'); |
88 | $nbClients = $em->getRepository('WallabagApiBundle:Client')->findAll(); | ||
89 | 87 | ||
88 | // Try to remove an admin's client with a wrong user | ||
89 | $this->logInAs('bob'); | ||
90 | $client->request('GET', '/developer'); | ||
91 | $this->assertContains('no_client', $client->getResponse()->getContent()); | ||
92 | |||
93 | // get an ID of a admin's client | ||
94 | $this->logInAs('admin'); | ||
95 | $nbClients = $em->getRepository('WallabagApiBundle:Client')->findByUser($this->getLoggedInUserId()); | ||
96 | |||
97 | $this->logInAs('bob'); | ||
98 | $client->request('GET', '/developer/client/delete/'.$nbClients[0]->getId()); | ||
99 | $this->assertEquals(403, $client->getResponse()->getStatusCode()); | ||
100 | |||
101 | // Try to remove the admin's client with the good user | ||
102 | $this->logInAs('admin'); | ||
90 | $crawler = $client->request('GET', '/developer'); | 103 | $crawler = $client->request('GET', '/developer'); |
91 | 104 | ||
92 | $link = $crawler | 105 | $link = $crawler |
@@ -98,7 +111,7 @@ class DeveloperControllerTest extends WallabagCoreTestCase | |||
98 | $client->click($link); | 111 | $client->click($link); |
99 | $this->assertEquals(302, $client->getResponse()->getStatusCode()); | 112 | $this->assertEquals(302, $client->getResponse()->getStatusCode()); |
100 | 113 | ||
101 | $newNbClients = $em->getRepository('WallabagApiBundle:Client')->findAll(); | 114 | $newNbClients = $em->getRepository('WallabagApiBundle:Client')->findByUser($this->getLoggedInUserId()); |
102 | $this->assertGreaterThan(count($newNbClients), count($nbClients)); | 115 | $this->assertGreaterThan(count($newNbClients), count($nbClients)); |
103 | } | 116 | } |
104 | } | 117 | } |