Merge pull request #3431 from wallabag/disable-site-credentials

Disable controller access if feature disabled
This commit is contained in:
Jérémy Benoist 2017-11-22 15:11:25 +01:00 committed by GitHub
commit f818f64145
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 0 deletions

View File

@ -24,6 +24,8 @@ class SiteCredentialController extends Controller
*/
public function indexAction()
{
$this->isSiteCredentialsEnabled();
$credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser());
return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [
@ -43,6 +45,8 @@ class SiteCredentialController extends Controller
*/
public function newAction(Request $request)
{
$this->isSiteCredentialsEnabled();
$credential = new SiteCredential($this->getUser());
$form = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $credential);
@ -83,6 +87,8 @@ class SiteCredentialController extends Controller
*/
public function editAction(Request $request, SiteCredential $siteCredential)
{
$this->isSiteCredentialsEnabled();
$this->checkUserAction($siteCredential);
$deleteForm = $this->createDeleteForm($siteCredential);
@ -125,6 +131,8 @@ class SiteCredentialController extends Controller
*/
public function deleteAction(Request $request, SiteCredential $siteCredential)
{
$this->isSiteCredentialsEnabled();
$this->checkUserAction($siteCredential);
$form = $this->createDeleteForm($siteCredential);
@ -144,6 +152,16 @@ class SiteCredentialController extends Controller
return $this->redirectToRoute('site_credentials_index');
}
/**
* Throw a 404 if the feature is disabled.
*/
private function isSiteCredentialsEnabled()
{
if (!$this->get('craue_config')->get('restricted_access')) {
throw $this->createNotFoundException('Feature "restricted_access" is disabled, controllers too.');
}
}
/**
* Creates a form to delete a site credential entity.
*

View File

@ -8,6 +8,20 @@ use Wallabag\CoreBundle\Entity\SiteCredential;
class SiteCredentialControllerTest extends WallabagCoreTestCase
{
public function testAccessDeniedBecauseFeatureDisabled()
{
$this->logInAs('admin');
$client = $this->getClient();
$client->getContainer()->get('craue_config')->set('restricted_access', 0);
$client->request('GET', '/site-credentials/');
$this->assertSame(404, $client->getResponse()->getStatusCode());
$client->getContainer()->get('craue_config')->set('restricted_access', 1);
}
public function testListSiteCredential()
{
$this->logInAs('admin');