From 23406ca3f12303759ecb46974d6bcb22fb0e037b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas@loeuillet.org>
Date: Mon, 24 Oct 2016 21:56:28 +0200
Subject: Added relation between API Client and User Fix #2062

---
 .../ApiBundle/Controller/DeveloperController.php        |  8 ++++++--
 src/Wallabag/ApiBundle/Entity/Client.php                | 17 ++++++++++++++++-
 2 files changed, 22 insertions(+), 3 deletions(-)

(limited to 'src/Wallabag/ApiBundle')

diff --git a/src/Wallabag/ApiBundle/Controller/DeveloperController.php b/src/Wallabag/ApiBundle/Controller/DeveloperController.php
index 5a36a260..550c0608 100644
--- a/src/Wallabag/ApiBundle/Controller/DeveloperController.php
+++ b/src/Wallabag/ApiBundle/Controller/DeveloperController.php
@@ -19,7 +19,7 @@ class DeveloperController extends Controller
      */
     public function indexAction()
     {
-        $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findAll();
+        $clients = $this->getDoctrine()->getRepository('WallabagApiBundle:Client')->findByUser($this->getUser()->getId());
 
         return $this->render('@WallabagCore/themes/common/Developer/index.html.twig', [
             'clients' => $clients,
@@ -38,7 +38,7 @@ class DeveloperController extends Controller
     public function createClientAction(Request $request)
     {
         $em = $this->getDoctrine()->getManager();
-        $client = new Client();
+        $client = new Client($this->getUser());
         $clientForm = $this->createForm(ClientType::class, $client);
         $clientForm->handleRequest($request);
 
@@ -75,6 +75,10 @@ class DeveloperController extends Controller
      */
     public function deleteClientAction(Client $client)
     {
+        if (null === $this->getUser() || $client->getUser()->getId() != $this->getUser()->getId()) {
+            throw $this->createAccessDeniedException('You can not access this client.');
+        }
+
         $em = $this->getDoctrine()->getManager();
         $em->remove($client);
         $em->flush();
diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php
index f7898ac8..427a4c7f 100644
--- a/src/Wallabag/ApiBundle/Entity/Client.php
+++ b/src/Wallabag/ApiBundle/Entity/Client.php
@@ -4,6 +4,7 @@ namespace Wallabag\ApiBundle\Entity;
 
 use Doctrine\ORM\Mapping as ORM;
 use FOS\OAuthServerBundle\Entity\Client as BaseClient;
+use Wallabag\UserBundle\Entity\User;
 
 /**
  * @ORM\Table("oauth2_clients")
@@ -35,9 +36,15 @@ class Client extends BaseClient
      */
     protected $accessTokens;
 
-    public function __construct()
+    /**
+     * @ORM\ManyToOne(targetEntity="Wallabag\UserBundle\Entity\User", inversedBy="clients")
+     */
+    private $user;
+
+    public function __construct(User $user)
     {
         parent::__construct();
+        $this->user = $user;
     }
 
     /**
@@ -63,4 +70,12 @@ class Client extends BaseClient
 
         return $this;
     }
+
+    /**
+     * @return User
+     */
+    public function getUser()
+    {
+        return $this->user;
+    }
 }
-- 
cgit v1.2.3