devol/wallabag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduce validateRuleAction

Browse Source
This commit is contained in:
Jeremy Benoist 2016-10-01 17:24:24 +02:00
parent bf3dc999e7
commit 8799bde00d
No known key found for this signature in database
GPG Key ID: BCA73962457ACC3C
1 changed files with 13 additions and 5 deletions

18
src/Wallabag/CoreBundle/Controller/ConfigController.php

@ -219,9 +219,7 @@ class ConfigController extends Controller
*/ */
public function deleteTaggingRuleAction(TaggingRule $rule) public function deleteTaggingRuleAction(TaggingRule $rule)
{ {
if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) { $this->validateRuleAction($rule);
throw $this->createAccessDeniedException('You can not access this tagging rule.');
}
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$em->remove($rule); $em->remove($rule);
@ -245,12 +243,22 @@ class ConfigController extends Controller
* @return RedirectResponse * @return RedirectResponse
*/ */
public function editTaggingRuleAction(TaggingRule $rule) public function editTaggingRuleAction(TaggingRule $rule)
{
$this->validateRuleAction($rule);
return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
}
/**
* Validate that a rule can be edited/deleted by the current user
*
* @param TaggingRule $rule
*/
private function validateRuleAction(TaggingRule $rule)
{ {
if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) { if ($this->getUser()->getId() != $rule->getConfig()->getUser()->getId()) {
throw $this->createAccessDeniedException('You can not access this tagging rule.'); throw $this->createAccessDeniedException('You can not access this tagging rule.');
} }
return $this->redirect($this->generateUrl('config').'?tagging-rule='.$rule->getId().'#set5');
} }
/** /**