diff --git a/app/build.xml b/app/build.xml
index a8e43f0d8..bdc4b4d86 100644
--- a/app/build.xml
+++ b/app/build.xml
@@ -38,7 +38,6 @@
-
diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php
index 5378486ae..89677befb 100644
--- a/src/Wallabag/CoreBundle/Controller/EntryController.php
+++ b/src/Wallabag/CoreBundle/Controller/EntryController.php
@@ -12,8 +12,10 @@ use Wallabag\CoreBundle\Helper\Url;
class EntryController extends Controller
{
/**
- * @param Request $request
+ * @param Request $request
+ *
* @Route("/new", name="new_entry")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function addEntryAction(Request $request)
@@ -54,6 +56,7 @@ class EntryController extends Controller
* Shows unread entries for current user
*
* @Route("/unread", name="unread")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function showUnreadAction()
@@ -73,6 +76,7 @@ class EntryController extends Controller
* Shows read entries for current user
*
* @Route("/archive", name="archive")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function showArchiveAction()
@@ -92,6 +96,7 @@ class EntryController extends Controller
* Shows starred entries for current user
*
* @Route("/starred", name="starred")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function showStarredAction()
@@ -110,12 +115,16 @@ class EntryController extends Controller
/**
* Shows entry content
*
- * @param Entry $entry
+ * @param Entry $entry
+ *
* @Route("/view/{id}", requirements={"id" = "\d+"}, name="view")
+ *
* @return \Symfony\Component\HttpFoundation\Response
*/
public function viewAction(Entry $entry)
{
+ $this->checkUserAction($entry);
+
return $this->render(
'WallabagCoreBundle:Entry:entry.html.twig',
array('entry' => $entry)
@@ -125,13 +134,17 @@ class EntryController extends Controller
/**
* Changes read status for an entry
*
- * @param Request $request
- * @param Entry $entry
+ * @param Request $request
+ * @param Entry $entry
+ *
* @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry")
+ *
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
public function toggleArchiveAction(Request $request, Entry $entry)
{
+ $this->checkUserAction($entry);
+
$entry->toggleArchive();
$this->getDoctrine()->getManager()->flush();
@@ -146,13 +159,17 @@ class EntryController extends Controller
/**
* Changes favorite status for an entry
*
- * @param Request $request
- * @param Entry $entry
+ * @param Request $request
+ * @param Entry $entry
+ *
* @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry")
+ *
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
public function toggleStarAction(Request $request, Entry $entry)
{
+ $this->checkUserAction($entry);
+
$entry->toggleStar();
$this->getDoctrine()->getManager()->flush();
@@ -167,17 +184,19 @@ class EntryController extends Controller
/**
* Deletes entry
*
- * @param Request $request
- * @param Entry $entry
+ * @param Request $request
+ * @param Entry $entry
+ *
* @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry")
+ *
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
public function deleteEntryAction(Request $request, Entry $entry)
{
- $em = $this->getDoctrine()->getManager();
+ $this->checkUserAction($entry);
+
$entry->setDeleted(1);
- $em->persist($entry);
- $em->flush();
+ $this->getDoctrine()->getManager()->flush();
$this->get('session')->getFlashBag()->add(
'notice',
@@ -186,4 +205,16 @@ class EntryController extends Controller
return $this->redirect($request->headers->get('referer'));
}
+
+ /**
+ * Check if the logged user can manage the given entry
+ *
+ * @param Entry $entry
+ */
+ private function checkUserAction(Entry $entry)
+ {
+ if ($this->getUser()->getId() != $entry->getUser()->getId()) {
+ throw $this->createAccessDeniedException('You can not use this entry.');
+ }
+ }
}
diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php
index fccd06be1..520b44b80 100644
--- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php
+++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php
@@ -16,13 +16,32 @@ class LoadEntryData extends AbstractFixture implements OrderedFixtureInterface
{
$entry1 = new Entry($this->getReference('admin-user'));
$entry1->setUrl('http://0.0.0.0');
- $entry1->setTitle('test title');
+ $entry1->setTitle('test title entry1');
$entry1->setContent('This is my content /o/');
$manager->persist($entry1);
- $manager->flush();
$this->addReference('entry1', $entry1);
+
+ $entry2 = new Entry($this->getReference('admin-user'));
+ $entry2->setUrl('http://0.0.0.0');
+ $entry2->setTitle('test title entry2');
+ $entry2->setContent('This is my content /o/');
+
+ $manager->persist($entry2);
+
+ $this->addReference('entry2', $entry2);
+
+ $entry3 = new Entry($this->getReference('bob-user'));
+ $entry3->setUrl('http://0.0.0.0');
+ $entry3->setTitle('test title entry3');
+ $entry3->setContent('This is my content /o/');
+
+ $manager->persist($entry3);
+
+ $this->addReference('entry3', $entry3);
+
+ $manager->flush();
}
/**
diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
index da7882183..e4751f202 100644
--- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
+++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php
@@ -15,13 +15,26 @@ class LoadUserData extends AbstractFixture implements OrderedFixtureInterface
public function load(ObjectManager $manager)
{
$userAdmin = new User();
+ $userAdmin->setName('Big boss');
+ $userAdmin->setEmail('bigboss@wallabag.org');
$userAdmin->setUsername('admin');
$userAdmin->setPassword('test');
$manager->persist($userAdmin);
- $manager->flush();
$this->addReference('admin-user', $userAdmin);
+
+ $bobUser = new User();
+ $bobUser->setName('Bobby');
+ $bobUser->setEmail('bobby@wallabag.org');
+ $bobUser->setUsername('bob');
+ $bobUser->setPassword('test');
+
+ $manager->persist($bobUser);
+
+ $this->addReference('bob-user', $bobUser);
+
+ $manager->flush();
}
/**
diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
index b6f867070..bedc90d2b 100644
--- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php
+++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
@@ -2,7 +2,6 @@
namespace Wallabag\CoreBundle\Repository;
-use Doctrine\ORM\Query;
use Doctrine\ORM\EntityRepository;
use Doctrine\ORM\Tools\Pagination\Paginator;
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
index 5d8daea39..7276f8e4e 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
@@ -3,6 +3,7 @@
namespace Wallabag\CoreBundle\Tests\Controller;
use Wallabag\CoreBundle\Tests\WallabagTestCase;
+use Doctrine\ORM\AbstractQuery;
class EntryControllerTest extends WallabagTestCase
{
@@ -10,7 +11,7 @@ class EntryControllerTest extends WallabagTestCase
{
$client = $this->getClient();
- $crawler = $client->request('GET', '/new');
+ $client->request('GET', '/new');
$this->assertEquals(302, $client->getResponse()->getStatusCode());
$this->assertContains('login', $client->getResponse()->headers->get('location'));
@@ -18,7 +19,7 @@ class EntryControllerTest extends WallabagTestCase
public function testGetNew()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/new');
@@ -31,7 +32,7 @@ class EntryControllerTest extends WallabagTestCase
public function testPostNewEmpty()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/new');
@@ -49,7 +50,7 @@ class EntryControllerTest extends WallabagTestCase
public function testPostNewOk()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/new');
@@ -74,27 +75,27 @@ class EntryControllerTest extends WallabagTestCase
public function testArchive()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
- $crawler = $client->request('GET', '/archive');
+ $client->request('GET', '/archive');
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
public function testStarred()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
- $crawler = $client->request('GET', '/starred');
+ $client->request('GET', '/starred');
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
public function testView()
{
- $this->logIn();
+ $this->logInAs('admin');
$client = $this->getClient();
$content = $client->getContainer()
@@ -102,13 +103,96 @@ class EntryControllerTest extends WallabagTestCase
->getRepository('WallabagCoreBundle:Entry')
->findOneByIsArchived(false);
- if (!$content) {
- $this->markTestSkipped('No content found in db.');
- }
-
- $crawler = $client->request('GET', '/view/'.$content->getId());
+ $client->request('GET', '/view/'.$content->getId());
$this->assertEquals(200, $client->getResponse()->getStatusCode());
$this->assertContains($content->getTitle(), $client->getResponse()->getContent());
}
+
+ public function testToggleArchive()
+ {
+ $this->logInAs('admin');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneByIsArchived(false);
+
+ $client->request('GET', '/archive/'.$content->getId());
+
+ $this->assertEquals(302, $client->getResponse()->getStatusCode());
+
+ $res = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneById($content->getId());
+
+ $this->assertEquals($res->isArchived(), true);
+ }
+
+ public function testToggleStar()
+ {
+ $this->logInAs('admin');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneByIsStarred(false);
+
+ $client->request('GET', '/star/'.$content->getId());
+
+ $this->assertEquals(302, $client->getResponse()->getStatusCode());
+
+ $res = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneById($content->getId());
+
+ $this->assertEquals($res->isStarred(), true);
+ }
+
+ public function testDelete()
+ {
+ $this->logInAs('admin');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneByIsDeleted(false);
+
+ $client->request('GET', '/delete/'.$content->getId());
+
+ $this->assertEquals(302, $client->getResponse()->getStatusCode());
+
+ $res = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->findOneById($content->getId());
+
+ $this->assertEquals($res->isDeleted(), true);
+ }
+
+ public function testViewOtherUserEntry()
+ {
+ $this->logInAs('bob');
+ $client = $this->getClient();
+
+ $content = $client->getContainer()
+ ->get('doctrine.orm.entity_manager')
+ ->getRepository('WallabagCoreBundle:Entry')
+ ->createQueryBuilder('e')
+ ->select('e.id')
+ ->leftJoin('e.user', 'u')
+ ->where('u.username != :username')->setParameter('username', 'bob')
+ ->setMaxResults(1)
+ ->getQuery()
+ ->getSingleResult(AbstractQuery::HYDRATE_ARRAY);
+
+ $client->request('GET', '/view/'.$content['id']);
+
+ $this->assertEquals(403, $client->getResponse()->getStatusCode());
+ }
}
diff --git a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
index edc7d9927..a80b8bac4 100644
--- a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
+++ b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php
@@ -18,12 +18,12 @@ class WallabagTestCase extends WebTestCase
$this->client = static::createClient();
}
- public function logIn()
+ public function logInAs($username)
{
$crawler = $this->client->request('GET', '/login');
$form = $crawler->filter('button[type=submit]')->form();
$data = array(
- '_username' => 'admin',
+ '_username' => $username,
'_password' => 'test',
);