devol/wallabag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check authentication on each API route

Browse Source
This commit is contained in:
Nicolas Lœuillet 2015-09-29 14:57:46 +02:00 committed by Jeremy Benoist
parent cd1298d6df
commit 772732531e
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Wallabag/ApiBundle/Controller/WallabagRestController.php
View File

@ -38,6 +38,13 @@ class WallabagRestController extends FOSRestController
} }
} }
private function validateAuthentication()
{
if (false === $this->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY')) {
throw new AccessDeniedException();
}
}
/** /**
* Retrieve all entries. It could be filtered by many options. * Retrieve all entries. It could be filtered by many options.
* *
@ -57,6 +64,8 @@ class WallabagRestController extends FOSRestController
*/ */
public function getEntriesAction(Request $request) public function getEntriesAction(Request $request)
{ {
$this->validateAuthentication();
$isArchived = $request->query->get('archive'); $isArchived = $request->query->get('archive');
$isStarred = $request->query->get('star'); $isStarred = $request->query->get('star');
$sort = $request->query->get('sort', 'created'); $sort = $request->query->get('sort', 'created');
@ -97,6 +106,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function getEntryAction(Entry $entry) public function getEntryAction(Entry $entry)
{ {
$this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId()); $this->validateUserAccess($entry->getUser()->getId());
$json = $this->get('serializer')->serialize($entry, 'json'); $json = $this->get('serializer')->serialize($entry, 'json');
@ -119,6 +129,8 @@ class WallabagRestController extends FOSRestController
*/ */
public function postEntriesAction(Request $request) public function postEntriesAction(Request $request)
{ {
$this->validateAuthentication();
$url = $request->request->get('url'); $url = $request->request->get('url');
$entry = $this->get('wallabag_core.content_proxy')->updateEntry( $entry = $this->get('wallabag_core.content_proxy')->updateEntry(
@ -159,6 +171,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function patchEntriesAction(Entry $entry, Request $request) public function patchEntriesAction(Entry $entry, Request $request)
{ {
$this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId()); $this->validateUserAccess($entry->getUser()->getId());
$title = $request->request->get('title'); $title = $request->request->get('title');
@ -203,6 +216,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function deleteEntriesAction(Entry $entry) public function deleteEntriesAction(Entry $entry)
{ {
$this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId()); $this->validateUserAccess($entry->getUser()->getId());
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
@ -225,6 +239,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function getEntriesTagsAction(Entry $entry) public function getEntriesTagsAction(Entry $entry)
{ {
$this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId()); $this->validateUserAccess($entry->getUser()->getId());
$json = $this->get('serializer')->serialize($entry->getTags(), 'json'); $json = $this->get('serializer')->serialize($entry->getTags(), 'json');
@ -246,6 +261,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function postEntriesTagsAction(Request $request, Entry $entry) public function postEntriesTagsAction(Request $request, Entry $entry)
{ {
$this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId()); $this->validateUserAccess($entry->getUser()->getId());
$tags = $request->request->get('tags', ''); $tags = $request->request->get('tags', '');
@ -274,6 +290,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function deleteEntriesTagsAction(Entry $entry, Tag $tag) public function deleteEntriesTagsAction(Entry $entry, Tag $tag)
{ {
$this->validateAuthentication();
$this->validateUserAccess($entry->getUser()->getId()); $this->validateUserAccess($entry->getUser()->getId());
$entry->removeTag($tag); $entry->removeTag($tag);
@ -293,6 +310,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function getTagsAction() public function getTagsAction()
{ {
$this->validateAuthentication();
$json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json');
return $this->renderJsonResponse($json); return $this->renderJsonResponse($json);
@ -309,6 +327,7 @@ class WallabagRestController extends FOSRestController
*/ */
public function deleteTagAction(Tag $tag) public function deleteTagAction(Tag $tag)
{ {
$this->validateAuthentication();
$this->validateUserAccess($tag->getUser()->getId()); $this->validateUserAccess($tag->getUser()->getId());
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();