1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-01 17:38:38 +00:00

Add IsGranted to TagController

This commit is contained in:
Yassine Guedidi 2025-03-16 15:00:28 +01:00
parent 4a1598165f
commit 943bfd9162
13 changed files with 310 additions and 41 deletions

View file

@ -6,10 +6,12 @@ use Doctrine\ORM\EntityManagerInterface;
use Doctrine\ORM\QueryBuilder;
use Pagerfanta\Adapter\ArrayAdapter;
use Pagerfanta\Exception\OutOfRangeCurrentPageException;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Security;
use Symfony\Contracts\Translation\TranslatorInterface;
use Wallabag\Entity\Entry;
use Wallabag\Entity\Tag;
@ -26,16 +28,19 @@ class TagController extends AbstractController
private EntityManagerInterface $entityManager;
private TagsAssigner $tagsAssigner;
private Redirect $redirectHelper;
private Security $security;
public function __construct(EntityManagerInterface $entityManager, TagsAssigner $tagsAssigner, Redirect $redirectHelper)
public function __construct(EntityManagerInterface $entityManager, TagsAssigner $tagsAssigner, Redirect $redirectHelper, Security $security)
{
$this->entityManager = $entityManager;
$this->tagsAssigner = $tagsAssigner;
$this->redirectHelper = $redirectHelper;
$this->security = $security;
}
/**
* @Route("/new-tag/{entry}", name="new_tag", methods={"POST"}, requirements={"entry" = "\d+"})
* @IsGranted("TAG", subject="entry")
*
* @return Response
*/
@ -59,8 +64,6 @@ class TagController extends AbstractController
}
if ($form->isSubmitted() && $form->isValid()) {
$this->checkUserAction($entry);
$this->tagsAssigner->assignTagsToEntry(
$entry,
$form->get('label')->getData()
@ -87,18 +90,17 @@ class TagController extends AbstractController
* Removes tag from entry.
*
* @Route("/remove-tag/{entry}/{tag}", name="remove_tag", methods={"GET"}, requirements={"entry" = "\d+", "tag" = "\d+"})
* @IsGranted("UNTAG", subject="entry")
*
* @return Response
*/
public function removeTagFromEntry(Request $request, Entry $entry, Tag $tag)
{
$this->checkUserAction($entry);
$entry->removeTag($tag);
$this->entityManager->flush();
// remove orphan tag in case no entries are associated to it
if (0 === \count($tag->getEntries())) {
if (0 === \count($tag->getEntries()) && $this->security->isGranted('DELETE', $tag)) {
$this->entityManager->remove($tag);
$this->entityManager->flush();
}
@ -112,21 +114,22 @@ class TagController extends AbstractController
* Shows tags for current user.
*
* @Route("/tag/list", name="tag", methods={"GET"})
* @IsGranted("LIST_TAGS")
*
* @return Response
*/
public function showTagAction(TagRepository $tagRepository, EntryRepository $entryRepository)
{
$tags = $tagRepository->findAllFlatTagsWithNbEntries($this->getUser()->getId());
$allTagsWithNbEntries = $tagRepository->findAllTagsWithNbEntries($this->getUser()->getId());
$nbEntriesUntagged = $entryRepository->countUntaggedEntriesByUser($this->getUser()->getId());
$renameForms = [];
foreach ($tags as $tag) {
$renameForms[$tag['id']] = $this->createForm(RenameTagType::class, new Tag())->createView();
foreach ($allTagsWithNbEntries as $tagWithNbEntries) {
$renameForms[$tagWithNbEntries['tag']->getId()] = $this->createForm(RenameTagType::class, new Tag())->createView();
}
return $this->render('Tag/tags.html.twig', [
'tags' => $tags,
'allTagsWithNbEntries' => $allTagsWithNbEntries,
'renameForms' => $renameForms,
'nbEntriesUntagged' => $nbEntriesUntagged,
]);
@ -137,6 +140,8 @@ class TagController extends AbstractController
*
* @Route("/tag/list/{slug}/{page}", name="tag_entries", methods={"GET"}, defaults={"page" = "1"})
* @ParamConverter("tag", options={"mapping": {"slug": "slug"}})
* @IsGranted("LIST_ENTRIES")
* @IsGranted("VIEW", subject="tag")
*
* @return Response
*/
@ -176,6 +181,7 @@ class TagController extends AbstractController
*
* @Route("/tag/rename/{slug}", name="tag_rename", methods={"POST"})
* @ParamConverter("tag", options={"mapping": {"slug": "slug"}})
* @IsGranted("EDIT", subject="tag")
*
* @return Response
*/
@ -228,6 +234,7 @@ class TagController extends AbstractController
* Tag search results with the current search term.
*
* @Route("/tag/search/{filter}", name="tag_this_search", methods={"GET"})
* @IsGranted("CREATE_TAGS")
*
* @return Response
*/
@ -264,6 +271,7 @@ class TagController extends AbstractController
*
* @Route("/tag/delete/{slug}", name="tag_delete", methods={"GET"})
* @ParamConverter("tag", options={"mapping": {"slug": "slug"}})
* @IsGranted("DELETE", subject="tag")
*
* @return Response
*/
@ -282,14 +290,4 @@ class TagController extends AbstractController
return $this->redirect($redirectUrl);
}
/**
* Check if the logged user can manage the given entry.
*/
private function checkUserAction(Entry $entry)
{
if (null === $this->getUser() || $this->getUser()->getId() !== $entry->getUser()->getId()) {
throw $this->createAccessDeniedException('You can not access this entry.');
}
}
}