1 files changed, 44 insertions, 4 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index 75a9af0b..f1e212d9 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -108,7 +108,21 @@ class ConfigController extends Controller
        // handle tagging rule
        $taggingRule = new TaggingRule();
-        $newTaggingRule = $this->createForm(TaggingRuleType::class, $taggingRule, ['action' => $this->generateUrl('config').'#set5']);
+        $action = $this->generateUrl('config').'#set5';
+        if ($request->query->has('tagging-rule')) {
+            $taggingRule = $this->getDoctrine()
+                ->getRepository('WallabagCoreBundle:TaggingRule')
+                ->find($request->query->get('tagging-rule'));
+            if ($this->getUser()->getId() !== $taggingRule->getConfig()->getUser()->getId()) {
+                return $this->redirect($action);
+            }
+            $action = $this->generateUrl('config').'?tagging-rule='.$taggingRule->getId().'#set5';
+        }
+        $newTaggingRule = $this->createForm(TaggingRuleType::class, $taggingRule, ['action' => $action]);
        $newTaggingRule->handleRequest($request);
        if ($newTaggingRule->isValid()) {
@@ -205,9 +219,7 @@ class ConfigController extends Controller
     */
    public function deleteTaggingRuleAction(TaggingRule $rule)
    {
-        if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {
+        $this->validateRuleAction($rule);
-            throw $this->createAccessDeniedException('You can not access this tagging rule.');
-        }
        $em = $this->getDoctrine()->getManager();
        $em->remove($rule);
@@ -222,6 +234,34 @@ class ConfigController extends Controller
    }
    /**
+     * Edit a tagging rule.
+     *
+     * @param TaggingRule $rule
+     *
+     * @Route("/tagging-rule/edit/{id}", requirements={"id" = "\d+"}, name="edit_tagging_rule")
+     *
+     * @return RedirectResponse
+     */
+    public function editTaggingRuleAction(TaggingRule $rule)
+    {
+        $this->validateRuleAction($rule);
+        return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
+    }
+    /**
+     * Validate that a rule can be edited/deleted by the current user.
+     *
+     * @param TaggingRule $rule
+     */
+    private function validateRuleAction(TaggingRule $rule)
+    {
+        if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {
+            throw $this->createAccessDeniedException('You can not access this tagging rule.');
+        }
+    }
+    /**
     * Retrieve config for the current user.
     * If no config were found, create a new one.
     *

diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index 75a9af0b..f1e212d9 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -108,7 +108,21 @@ class ConfigController extends Controller
108		108
109	// handle tagging rule	109	// handle tagging rule
110	$taggingRule = new TaggingRule();	110	$taggingRule = new TaggingRule();
111	$newTaggingRule = $this->createForm(TaggingRuleType::class, $taggingRule, ['action' => $this->generateUrl('config').'#set5']);	111	$action = $this->generateUrl('config').'#set5';
		112
		113	if ($request->query->has('tagging-rule')) {
		114	$taggingRule = $this->getDoctrine()
		115	->getRepository('WallabagCoreBundle:TaggingRule')
		116	->find($request->query->get('tagging-rule'));
		117
		118	if ($this->getUser()->getId() !== $taggingRule->getConfig()->getUser()->getId()) {
		119	return $this->redirect($action);
		120	}
		121
		122	$action = $this->generateUrl('config').'?tagging-rule='.$taggingRule->getId().'#set5';
		123	}
		124
		125	$newTaggingRule = $this->createForm(TaggingRuleType::class, $taggingRule, ['action' => $action]);
112	$newTaggingRule->handleRequest($request);	126	$newTaggingRule->handleRequest($request);
113		127
114	if ($newTaggingRule->isValid()) {	128	if ($newTaggingRule->isValid()) {
@@ -205,9 +219,7 @@ class ConfigController extends Controller
205	*/	219	*/
206	public function deleteTaggingRuleAction(TaggingRule $rule)	220	public function deleteTaggingRuleAction(TaggingRule $rule)
207	{	221	{
208	if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {	222	$this->validateRuleAction($rule);
209	throw $this->createAccessDeniedException('You can not access this tagging rule.');
210	}
211		223
212	$em = $this->getDoctrine()->getManager();	224	$em = $this->getDoctrine()->getManager();
213	$em->remove($rule);	225	$em->remove($rule);
@@ -222,6 +234,34 @@ class ConfigController extends Controller
222	}	234	}
223		235
224	/**	236	/**
		237	* Edit a tagging rule.
		238	*
		239	* @param TaggingRule $rule
		240	*
		241	* @Route("/tagging-rule/edit/{id}", requirements={"id" = "\d+"}, name="edit_tagging_rule")
		242	*
		243	* @return RedirectResponse
		244	*/
		245	public function editTaggingRuleAction(TaggingRule $rule)
		246	{
		247	$this->validateRuleAction($rule);
		248
		249	return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
		250	}
		251
		252	/**
		253	* Validate that a rule can be edited/deleted by the current user.
		254	*
		255	* @param TaggingRule $rule
		256	*/
		257	private function validateRuleAction(TaggingRule $rule)
		258	{
		259	if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {
		260	throw $this->createAccessDeniedException('You can not access this tagging rule.');
		261	}
		262	}
		263
		264	/**
225	* Retrieve config for the current user.	265	* Retrieve config for the current user.
226	* If no config were found, create a new one.	266	* If no config were found, create a new one.
227	*	267	*