aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/ApiBundle/Controller
diff options
context:
space:
mode:
Diffstat (limited to 'src/Wallabag/ApiBundle/Controller')
-rw-r--r--src/Wallabag/ApiBundle/Controller/WallabagRestController.php51
1 files changed, 13 insertions, 38 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
index 349229f3..284dbb25 100644
--- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php
@@ -2,8 +2,8 @@
2 2
3namespace Wallabag\ApiBundle\Controller; 3namespace Wallabag\ApiBundle\Controller;
4 4
5use FOS\RestBundle\Controller\FOSRestController;
5use Nelmio\ApiDocBundle\Annotation\ApiDoc; 6use Nelmio\ApiDocBundle\Annotation\ApiDoc;
6use Symfony\Bundle\FrameworkBundle\Controller\Controller;
7use Symfony\Component\HttpFoundation\Request; 7use Symfony\Component\HttpFoundation\Request;
8use Symfony\Component\HttpFoundation\Response; 8use Symfony\Component\HttpFoundation\Response;
9use Wallabag\CoreBundle\Entity\Entry; 9use Wallabag\CoreBundle\Entity\Entry;
@@ -11,7 +11,7 @@ use Wallabag\CoreBundle\Entity\Tag;
11use Hateoas\Configuration\Route; 11use Hateoas\Configuration\Route;
12use Hateoas\Representation\Factory\PagerfantaFactory; 12use Hateoas\Representation\Factory\PagerfantaFactory;
13 13
14class WallabagRestController extends Controller 14class WallabagRestController extends FOSRestController
15{ 15{
16 /** 16 /**
17 * @param Entry $entry 17 * @param Entry $entry
@@ -39,31 +39,6 @@ class WallabagRestController extends Controller
39 } 39 }
40 40
41 /** 41 /**
42 * Retrieve salt for a giver user.
43 *
44 * @ApiDoc(
45 * parameters={
46 * {"name"="username", "dataType"="string", "required"=true, "description"="username"}
47 * }
48 * )
49 *
50 * @return array
51 */
52 public function getSaltAction($username)
53 {
54 $user = $this
55 ->getDoctrine()
56 ->getRepository('WallabagCoreBundle:User')
57 ->findOneByUsername($username);
58
59 if (is_null($user)) {
60 throw $this->createNotFoundException();
61 }
62
63 return array($user->getSalt() ?: null);
64 }
65
66 /**
67 * Retrieve all entries. It could be filtered by many options. 42 * Retrieve all entries. It could be filtered by many options.
68 * 43 *
69 * @ApiDoc( 44 * @ApiDoc(
@@ -122,7 +97,7 @@ class WallabagRestController extends Controller
122 */ 97 */
123 public function getEntryAction(Entry $entry) 98 public function getEntryAction(Entry $entry)
124 { 99 {
125 $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); 100 $this->validateUserAccess($entry->getUser()->getId());
126 101
127 $json = $this->get('serializer')->serialize($entry, 'json'); 102 $json = $this->get('serializer')->serialize($entry, 'json');
128 103
@@ -184,7 +159,7 @@ class WallabagRestController extends Controller
184 */ 159 */
185 public function patchEntriesAction(Entry $entry, Request $request) 160 public function patchEntriesAction(Entry $entry, Request $request)
186 { 161 {
187 $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); 162 $this->validateUserAccess($entry->getUser()->getId());
188 163
189 $title = $request->request->get('title'); 164 $title = $request->request->get('title');
190 $isArchived = $request->request->get('is_archived'); 165 $isArchived = $request->request->get('is_archived');
@@ -228,7 +203,7 @@ class WallabagRestController extends Controller
228 */ 203 */
229 public function deleteEntriesAction(Entry $entry) 204 public function deleteEntriesAction(Entry $entry)
230 { 205 {
231 $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); 206 $this->validateUserAccess($entry->getUser()->getId());
232 207
233 $em = $this->getDoctrine()->getManager(); 208 $em = $this->getDoctrine()->getManager();
234 $em->remove($entry); 209 $em->remove($entry);
@@ -250,7 +225,7 @@ class WallabagRestController extends Controller
250 */ 225 */
251 public function getEntriesTagsAction(Entry $entry) 226 public function getEntriesTagsAction(Entry $entry)
252 { 227 {
253 $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); 228 $this->validateUserAccess($entry->getUser()->getId());
254 229
255 $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); 230 $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
256 231
@@ -271,7 +246,7 @@ class WallabagRestController extends Controller
271 */ 246 */
272 public function postEntriesTagsAction(Request $request, Entry $entry) 247 public function postEntriesTagsAction(Request $request, Entry $entry)
273 { 248 {
274 $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); 249 $this->validateUserAccess($entry->getUser()->getId());
275 250
276 $tags = $request->request->get('tags', ''); 251 $tags = $request->request->get('tags', '');
277 if (!empty($tags)) { 252 if (!empty($tags)) {
@@ -299,7 +274,7 @@ class WallabagRestController extends Controller
299 */ 274 */
300 public function deleteEntriesTagsAction(Entry $entry, Tag $tag) 275 public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
301 { 276 {
302 $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); 277 $this->validateUserAccess($entry->getUser()->getId());
303 278
304 $entry->removeTag($tag); 279 $entry->removeTag($tag);
305 $em = $this->getDoctrine()->getManager(); 280 $em = $this->getDoctrine()->getManager();
@@ -334,7 +309,7 @@ class WallabagRestController extends Controller
334 */ 309 */
335 public function deleteTagAction(Tag $tag) 310 public function deleteTagAction(Tag $tag)
336 { 311 {
337 $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId()); 312 $this->validateUserAccess($tag->getUser()->getId());
338 313
339 $em = $this->getDoctrine()->getManager(); 314 $em = $this->getDoctrine()->getManager();
340 $em->remove($tag); 315 $em->remove($tag);
@@ -350,12 +325,12 @@ class WallabagRestController extends Controller
350 * If not, throw exception. It means a user try to access information from an other user. 325 * If not, throw exception. It means a user try to access information from an other user.
351 * 326 *
352 * @param int $requestUserId User id from the requested source 327 * @param int $requestUserId User id from the requested source
353 * @param int $currentUserId User id from the retrieved source
354 */ 328 */
355 private function validateUserAccess($requestUserId, $currentUserId) 329 private function validateUserAccess($requestUserId)
356 { 330 {
357 if ($requestUserId != $currentUserId) { 331 $user = $this->get('security.context')->getToken()->getUser();
358 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId); 332 if ($requestUserId != $user->getId()) {
333 throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId());
359 } 334 }
360 } 335 }
361 336