diff options
Diffstat (limited to 'src/Wallabag/ApiBundle/Controller')
-rw-r--r-- | src/Wallabag/ApiBundle/Controller/WallabagRestController.php | 51 |
1 files changed, 13 insertions, 38 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php index 349229f3..284dbb25 100644 --- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php +++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php | |||
@@ -2,8 +2,8 @@ | |||
2 | 2 | ||
3 | namespace Wallabag\ApiBundle\Controller; | 3 | namespace Wallabag\ApiBundle\Controller; |
4 | 4 | ||
5 | use FOS\RestBundle\Controller\FOSRestController; | ||
5 | use Nelmio\ApiDocBundle\Annotation\ApiDoc; | 6 | use Nelmio\ApiDocBundle\Annotation\ApiDoc; |
6 | use Symfony\Bundle\FrameworkBundle\Controller\Controller; | ||
7 | use Symfony\Component\HttpFoundation\Request; | 7 | use Symfony\Component\HttpFoundation\Request; |
8 | use Symfony\Component\HttpFoundation\Response; | 8 | use Symfony\Component\HttpFoundation\Response; |
9 | use Wallabag\CoreBundle\Entity\Entry; | 9 | use Wallabag\CoreBundle\Entity\Entry; |
@@ -11,7 +11,7 @@ use Wallabag\CoreBundle\Entity\Tag; | |||
11 | use Hateoas\Configuration\Route; | 11 | use Hateoas\Configuration\Route; |
12 | use Hateoas\Representation\Factory\PagerfantaFactory; | 12 | use Hateoas\Representation\Factory\PagerfantaFactory; |
13 | 13 | ||
14 | class WallabagRestController extends Controller | 14 | class WallabagRestController extends FOSRestController |
15 | { | 15 | { |
16 | /** | 16 | /** |
17 | * @param Entry $entry | 17 | * @param Entry $entry |
@@ -39,31 +39,6 @@ class WallabagRestController extends Controller | |||
39 | } | 39 | } |
40 | 40 | ||
41 | /** | 41 | /** |
42 | * Retrieve salt for a giver user. | ||
43 | * | ||
44 | * @ApiDoc( | ||
45 | * parameters={ | ||
46 | * {"name"="username", "dataType"="string", "required"=true, "description"="username"} | ||
47 | * } | ||
48 | * ) | ||
49 | * | ||
50 | * @return array | ||
51 | */ | ||
52 | public function getSaltAction($username) | ||
53 | { | ||
54 | $user = $this | ||
55 | ->getDoctrine() | ||
56 | ->getRepository('WallabagCoreBundle:User') | ||
57 | ->findOneByUsername($username); | ||
58 | |||
59 | if (is_null($user)) { | ||
60 | throw $this->createNotFoundException(); | ||
61 | } | ||
62 | |||
63 | return array($user->getSalt() ?: null); | ||
64 | } | ||
65 | |||
66 | /** | ||
67 | * Retrieve all entries. It could be filtered by many options. | 42 | * Retrieve all entries. It could be filtered by many options. |
68 | * | 43 | * |
69 | * @ApiDoc( | 44 | * @ApiDoc( |
@@ -122,7 +97,7 @@ class WallabagRestController extends Controller | |||
122 | */ | 97 | */ |
123 | public function getEntryAction(Entry $entry) | 98 | public function getEntryAction(Entry $entry) |
124 | { | 99 | { |
125 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | 100 | $this->validateUserAccess($entry->getUser()->getId()); |
126 | 101 | ||
127 | $json = $this->get('serializer')->serialize($entry, 'json'); | 102 | $json = $this->get('serializer')->serialize($entry, 'json'); |
128 | 103 | ||
@@ -184,7 +159,7 @@ class WallabagRestController extends Controller | |||
184 | */ | 159 | */ |
185 | public function patchEntriesAction(Entry $entry, Request $request) | 160 | public function patchEntriesAction(Entry $entry, Request $request) |
186 | { | 161 | { |
187 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | 162 | $this->validateUserAccess($entry->getUser()->getId()); |
188 | 163 | ||
189 | $title = $request->request->get('title'); | 164 | $title = $request->request->get('title'); |
190 | $isArchived = $request->request->get('is_archived'); | 165 | $isArchived = $request->request->get('is_archived'); |
@@ -228,7 +203,7 @@ class WallabagRestController extends Controller | |||
228 | */ | 203 | */ |
229 | public function deleteEntriesAction(Entry $entry) | 204 | public function deleteEntriesAction(Entry $entry) |
230 | { | 205 | { |
231 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | 206 | $this->validateUserAccess($entry->getUser()->getId()); |
232 | 207 | ||
233 | $em = $this->getDoctrine()->getManager(); | 208 | $em = $this->getDoctrine()->getManager(); |
234 | $em->remove($entry); | 209 | $em->remove($entry); |
@@ -250,7 +225,7 @@ class WallabagRestController extends Controller | |||
250 | */ | 225 | */ |
251 | public function getEntriesTagsAction(Entry $entry) | 226 | public function getEntriesTagsAction(Entry $entry) |
252 | { | 227 | { |
253 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | 228 | $this->validateUserAccess($entry->getUser()->getId()); |
254 | 229 | ||
255 | $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); | 230 | $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); |
256 | 231 | ||
@@ -271,7 +246,7 @@ class WallabagRestController extends Controller | |||
271 | */ | 246 | */ |
272 | public function postEntriesTagsAction(Request $request, Entry $entry) | 247 | public function postEntriesTagsAction(Request $request, Entry $entry) |
273 | { | 248 | { |
274 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | 249 | $this->validateUserAccess($entry->getUser()->getId()); |
275 | 250 | ||
276 | $tags = $request->request->get('tags', ''); | 251 | $tags = $request->request->get('tags', ''); |
277 | if (!empty($tags)) { | 252 | if (!empty($tags)) { |
@@ -299,7 +274,7 @@ class WallabagRestController extends Controller | |||
299 | */ | 274 | */ |
300 | public function deleteEntriesTagsAction(Entry $entry, Tag $tag) | 275 | public function deleteEntriesTagsAction(Entry $entry, Tag $tag) |
301 | { | 276 | { |
302 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | 277 | $this->validateUserAccess($entry->getUser()->getId()); |
303 | 278 | ||
304 | $entry->removeTag($tag); | 279 | $entry->removeTag($tag); |
305 | $em = $this->getDoctrine()->getManager(); | 280 | $em = $this->getDoctrine()->getManager(); |
@@ -334,7 +309,7 @@ class WallabagRestController extends Controller | |||
334 | */ | 309 | */ |
335 | public function deleteTagAction(Tag $tag) | 310 | public function deleteTagAction(Tag $tag) |
336 | { | 311 | { |
337 | $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId()); | 312 | $this->validateUserAccess($tag->getUser()->getId()); |
338 | 313 | ||
339 | $em = $this->getDoctrine()->getManager(); | 314 | $em = $this->getDoctrine()->getManager(); |
340 | $em->remove($tag); | 315 | $em->remove($tag); |
@@ -350,12 +325,12 @@ class WallabagRestController extends Controller | |||
350 | * If not, throw exception. It means a user try to access information from an other user. | 325 | * If not, throw exception. It means a user try to access information from an other user. |
351 | * | 326 | * |
352 | * @param int $requestUserId User id from the requested source | 327 | * @param int $requestUserId User id from the requested source |
353 | * @param int $currentUserId User id from the retrieved source | ||
354 | */ | 328 | */ |
355 | private function validateUserAccess($requestUserId, $currentUserId) | 329 | private function validateUserAccess($requestUserId) |
356 | { | 330 | { |
357 | if ($requestUserId != $currentUserId) { | 331 | $user = $this->get('security.context')->getToken()->getUser(); |
358 | throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId); | 332 | if ($requestUserId != $user->getId()) { |
333 | throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$user->getId()); | ||
359 | } | 334 | } |
360 | } | 335 | } |
361 | 336 | ||