1 files changed, 81 insertions, 23 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php b/src/Wallabag/CoreBundle/Controller/WallabagRestController.php
index e59ad4b7..81bfbe12 100644
--- a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php
+++ b/src/Wallabag/CoreBundle/Controller/WallabagRestController.php
@@ -9,10 +9,36 @@ use Symfony\Component\HttpFoundation\Response;
 use Wallabag\CoreBundle\Entity\Entry;
 use Wallabag\CoreBundle\Entity\Tag;
 use Wallabag\CoreBundle\Service\Extractor;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 class WallabagRestController extends Controller
 {
    /**
+     * @param Entry  $entry
+     * @param string $tags
+     */
+    private function assignTagsToEntry(Entry $entry, $tags)
+    {
+        foreach (explode(',', $tags) as $label) {
+            $label = trim($label);
+            $tagEntity = $this
+                ->getDoctrine()
+                ->getRepository('WallabagCoreBundle:Tag')
+                ->findOneByLabel($label);
+            if (is_null($tagEntity)) {
+                $tagEntity = new Tag($this->getUser());
+                $tagEntity->setLabel($label);
+            }
+            // only add the tag on the entry if the relation doesn't exist
+            if (!$entry->getTags()->contains($tagEntity)) {
+                $entry->addTag($tagEntity);
+            }
+        }
+    }
+    /**
     * Retrieve salt for a giver user.
     *
     * @ApiDoc(
@@ -87,6 +113,10 @@ class WallabagRestController extends Controller
     */
    public function getEntryAction(Entry $entry)
    {
+        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException();
+        }
        $json = $this->get('serializer')->serialize($entry, 'json');
        return new Response($json, 200, array('application/json'));
@@ -106,7 +136,6 @@ class WallabagRestController extends Controller
     */
    public function postEntriesAction(Request $request)
    {
-        //TODO gérer si on passe les tags
        $url = $request->request->get('url');
        $content = Extractor::extract($url);
@@ -114,6 +143,9 @@ class WallabagRestController extends Controller
        $entry->setUrl($url);
        $entry->setTitle($request->request->get('title') ?: $content->getTitle());
        $entry->setContent($content->getBody());
+        $this->assignTagsToEntry($entry, $request->request->get('tags', array()));
        $em = $this->getDoctrine()->getManager();
        $em->persist($entry);
        $em->flush();
@@ -141,8 +173,11 @@ class WallabagRestController extends Controller
     */
    public function patchEntriesAction(Entry $entry, Request $request)
    {
+        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException();
+        }
        $title      = $request->request->get("title");
-        $tags       = $request->request->get("tags", array());
        $isArchived = $request->request->get("archive");
        $isStarred  = $request->request->get("star");
@@ -158,6 +193,8 @@ class WallabagRestController extends Controller
            $entry->setStarred($isStarred);
        }
+        $this->assignTagsToEntry($entry, $request->request->get('tags', array()));
        $em = $this->getDoctrine()->getManager();
        $em->flush();
@@ -176,6 +213,10 @@ class WallabagRestController extends Controller
     */
    public function deleteEntriesAction(Entry $entry)
    {
+        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException();
+        }
        $em = $this->getDoctrine()->getManager();
        $em->remove($entry);
        $em->flush();
@@ -196,6 +237,12 @@ class WallabagRestController extends Controller
     */
    public function getEntriesTagsAction(Entry $entry)
    {
+        var_dump($entry->getUser()->getId());
+        var_dump($this->getUser()->getId());
+        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException();
+        }
        $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
        return new Response($json, 200, array('application/json'));
@@ -215,25 +262,12 @@ class WallabagRestController extends Controller
     */
    public function postEntriesTagsAction(Request $request, Entry $entry)
    {
-        $tags = explode(',', $request->request->get('tags'));
+        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException();
-        foreach ($tags as $label) {
-            $tagEntity = $this
-                ->getDoctrine()
-                ->getRepository('WallabagCoreBundle:Tag')
-                ->findOneByLabel($label);
-            if (is_null($tagEntity)) {
-                $tagEntity = new Tag();
-                $tagEntity->setLabel($label);
-            }
-            // only add the tag on the entry if the relation doesn't exist
-            if (!$entry->getTags()->contains($tagEntity)) {
-                $entry->addTag($tagEntity);
-            }
        }
+        $this->assignTagsToEntry($entry, $request->request->get('tags', array()));
        $em = $this->getDoctrine()->getManager();
        $em->persist($entry);
        $em->flush();
@@ -255,17 +289,30 @@ class WallabagRestController extends Controller
     */
    public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
    {
+        if ($entry->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException();
+        }
+        $entry->removeTag($tag);
+        $em = $this->getDoctrine()->getManager();
+        $em->persist($entry);
+        $em->flush();
+        $json = $this->get('serializer')->serialize($entry, 'json');
+        return new Response($json, 200, array('application/json'));
    }
    /**
     * Retrieve all tags
     *
-     * @ApiDoc(
+     * @ApiDoc()
-     *          {"name"="user", "dataType"="integer", "requirement"="\w+", "description"="The user ID"}
-     * )
     */
-    public function getTagsUserAction()
+    public function getTagsAction()
    {
+        $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
+        return new Response($json, 200, array('application/json'));
    }
    /**
@@ -279,5 +326,16 @@ class WallabagRestController extends Controller
     */
    public function deleteTagAction(Tag $tag)
    {
+        if ($tag->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException();
+        }
+        $em = $this->getDoctrine()->getManager();
+        $em->remove($tag);
+        $em->flush();
+        $json = $this->get('serializer')->serialize($tag, 'json');
+        return new Response($json, 200, array('application/json'));
    }
 }

diff --git a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php b/src/Wallabag/CoreBundle/Controller/WallabagRestController.php index e59ad4b7..81bfbe12 100644 --- a/src/Wallabag/CoreBundle/Controller/WallabagRestController.php +++ b/src/Wallabag/CoreBundle/Controller/WallabagRestController.php
@@ -9,10 +9,36 @@ use Symfony\Component\HttpFoundation\Response;
9	use Wallabag\CoreBundle\Entity\Entry;	9	use Wallabag\CoreBundle\Entity\Entry;
10	use Wallabag\CoreBundle\Entity\Tag;	10	use Wallabag\CoreBundle\Entity\Tag;
11	use Wallabag\CoreBundle\Service\Extractor;	11	use Wallabag\CoreBundle\Service\Extractor;
		12	use Symfony\Component\Security\Core\Exception\AccessDeniedException;
12		13
13	class WallabagRestController extends Controller	14	class WallabagRestController extends Controller
14	{	15	{
15	/**	16	/**
		17	* @param Entry $entry
		18	* @param string $tags
		19	*/
		20	private function assignTagsToEntry(Entry $entry, $tags)
		21	{
		22	foreach (explode(',', $tags) as $label) {
		23	$label = trim($label);
		24	$tagEntity = $this
		25	->getDoctrine()
		26	->getRepository('WallabagCoreBundle:Tag')
		27	->findOneByLabel($label);
		28
		29	if (is_null($tagEntity)) {
		30	$tagEntity = new Tag($this->getUser());
		31	$tagEntity->setLabel($label);
		32	}
		33
		34	// only add the tag on the entry if the relation doesn't exist
		35	if (!$entry->getTags()->contains($tagEntity)) {
		36	$entry->addTag($tagEntity);
		37	}
		38	}
		39	}
		40
		41	/**
16	* Retrieve salt for a giver user.	42	* Retrieve salt for a giver user.
17	*	43	*
18	* @ApiDoc(	44	* @ApiDoc(
@@ -87,6 +113,10 @@ class WallabagRestController extends Controller
87	*/	113	*/
88	public function getEntryAction(Entry $entry)	114	public function getEntryAction(Entry $entry)
89	{	115	{
		116	if ($entry->getUser()->getId() != $this->getUser()->getId()) {
		117	throw $this->createAccessDeniedException();
		118	}
		119
90	$json = $this->get('serializer')->serialize($entry, 'json');	120	$json = $this->get('serializer')->serialize($entry, 'json');
91		121
92	return new Response($json, 200, array('application/json'));	122	return new Response($json, 200, array('application/json'));
@@ -106,7 +136,6 @@ class WallabagRestController extends Controller
106	*/	136	*/
107	public function postEntriesAction(Request $request)	137	public function postEntriesAction(Request $request)
108	{	138	{
109	//TODO gérer si on passe les tags
110	$url = $request->request->get('url');	139	$url = $request->request->get('url');
111		140
112	$content = Extractor::extract($url);	141	$content = Extractor::extract($url);
@@ -114,6 +143,9 @@ class WallabagRestController extends Controller
114	$entry->setUrl($url);	143	$entry->setUrl($url);
115	$entry->setTitle($request->request->get('title') ?: $content->getTitle());	144	$entry->setTitle($request->request->get('title') ?: $content->getTitle());
116	$entry->setContent($content->getBody());	145	$entry->setContent($content->getBody());
		146
		147	$this->assignTagsToEntry($entry, $request->request->get('tags', array()));
		148
117	$em = $this->getDoctrine()->getManager();	149	$em = $this->getDoctrine()->getManager();
118	$em->persist($entry);	150	$em->persist($entry);
119	$em->flush();	151	$em->flush();
@@ -141,8 +173,11 @@ class WallabagRestController extends Controller
141	*/	173	*/
142	public function patchEntriesAction(Entry $entry, Request $request)	174	public function patchEntriesAction(Entry $entry, Request $request)
143	{	175	{
		176	if ($entry->getUser()->getId() != $this->getUser()->getId()) {
		177	throw $this->createAccessDeniedException();
		178	}
		179
144	$title = $request->request->get("title");	180	$title = $request->request->get("title");
145	$tags = $request->request->get("tags", array());
146	$isArchived = $request->request->get("archive");	181	$isArchived = $request->request->get("archive");
147	$isStarred = $request->request->get("star");	182	$isStarred = $request->request->get("star");
148		183
@@ -158,6 +193,8 @@ class WallabagRestController extends Controller
158	$entry->setStarred($isStarred);	193	$entry->setStarred($isStarred);
159	}	194	}
160		195
		196	$this->assignTagsToEntry($entry, $request->request->get('tags', array()));
		197
161	$em = $this->getDoctrine()->getManager();	198	$em = $this->getDoctrine()->getManager();
162	$em->flush();	199	$em->flush();
163		200
@@ -176,6 +213,10 @@ class WallabagRestController extends Controller
176	*/	213	*/
177	public function deleteEntriesAction(Entry $entry)	214	public function deleteEntriesAction(Entry $entry)
178	{	215	{
		216	if ($entry->getUser()->getId() != $this->getUser()->getId()) {
		217	throw $this->createAccessDeniedException();
		218	}
		219
179	$em = $this->getDoctrine()->getManager();	220	$em = $this->getDoctrine()->getManager();
180	$em->remove($entry);	221	$em->remove($entry);
181	$em->flush();	222	$em->flush();
@@ -196,6 +237,12 @@ class WallabagRestController extends Controller
196	*/	237	*/
197	public function getEntriesTagsAction(Entry $entry)	238	public function getEntriesTagsAction(Entry $entry)
198	{	239	{
		240	var_dump($entry->getUser()->getId());
		241	var_dump($this->getUser()->getId());
		242	if ($entry->getUser()->getId() != $this->getUser()->getId()) {
		243	throw $this->createAccessDeniedException();
		244	}
		245
199	$json = $this->get('serializer')->serialize($entry->getTags(), 'json');	246	$json = $this->get('serializer')->serialize($entry->getTags(), 'json');
200		247
201	return new Response($json, 200, array('application/json'));	248	return new Response($json, 200, array('application/json'));
@@ -215,25 +262,12 @@ class WallabagRestController extends Controller
215	*/	262	*/
216	public function postEntriesTagsAction(Request $request, Entry $entry)	263	public function postEntriesTagsAction(Request $request, Entry $entry)
217	{	264	{
218	$tags = explode(',', $request->request->get('tags'));	265	if ($entry->getUser()->getId() != $this->getUser()->getId()) {
219		266	throw $this->createAccessDeniedException();
220	foreach ($tags as $label) {
221	$tagEntity = $this
222	->getDoctrine()
223	->getRepository('WallabagCoreBundle:Tag')
224	->findOneByLabel($label);
225
226	if (is_null($tagEntity)) {
227	$tagEntity = new Tag();
228	$tagEntity->setLabel($label);
229	}
230
231	// only add the tag on the entry if the relation doesn't exist
232	if (!$entry->getTags()->contains($tagEntity)) {
233	$entry->addTag($tagEntity);
234	}
235	}	267	}
236		268
		269	$this->assignTagsToEntry($entry, $request->request->get('tags', array()));
		270
237	$em = $this->getDoctrine()->getManager();	271	$em = $this->getDoctrine()->getManager();
238	$em->persist($entry);	272	$em->persist($entry);
239	$em->flush();	273	$em->flush();
@@ -255,17 +289,30 @@ class WallabagRestController extends Controller
255	*/	289	*/
256	public function deleteEntriesTagsAction(Entry $entry, Tag $tag)	290	public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
257	{	291	{
		292	if ($entry->getUser()->getId() != $this->getUser()->getId()) {
		293	throw $this->createAccessDeniedException();
		294	}
		295
		296	$entry->removeTag($tag);
		297	$em = $this->getDoctrine()->getManager();
		298	$em->persist($entry);
		299	$em->flush();
		300
		301	$json = $this->get('serializer')->serialize($entry, 'json');
		302
		303	return new Response($json, 200, array('application/json'));
258	}	304	}
259		305
260	/**	306	/**
261	* Retrieve all tags	307	* Retrieve all tags
262	*	308	*
263	* @ApiDoc(	309	* @ApiDoc()
264	* {"name"="user", "dataType"="integer", "requirement"="\w+", "description"="The user ID"}
265	* )
266	*/	310	*/
267	public function getTagsUserAction()	311	public function getTagsAction()
268	{	312	{
		313	$json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
		314
		315	return new Response($json, 200, array('application/json'));
269	}	316	}
270		317
271	/**	318	/**
@@ -279,5 +326,16 @@ class WallabagRestController extends Controller
279	*/	326	*/
280	public function deleteTagAction(Tag $tag)	327	public function deleteTagAction(Tag $tag)
281	{	328	{
		329	if ($tag->getUser()->getId() != $this->getUser()->getId()) {
		330	throw $this->createAccessDeniedException();
		331	}
		332
		333	$em = $this->getDoctrine()->getManager();
		334	$em->remove($tag);
		335	$em->flush();
		336
		337	$json = $this->get('serializer')->serialize($tag, 'json');
		338
		339	return new Response($json, 200, array('application/json'));
282	}	340	}
283	}	341	}