mirror of
https://github.com/wallabag/wallabag.git
synced 2024-11-27 03:21:01 +00:00
Merge pull request #6290 from wallabag/2.5/fix-add-tag-other-entries
Fix adding tag to entries from other people
This commit is contained in:
commit
acd285dcbb
2 changed files with 26 additions and 1 deletions
|
@ -17,7 +17,7 @@ use Wallabag\CoreBundle\Form\Type\RenameTagType;
|
|||
class TagController extends Controller
|
||||
{
|
||||
/**
|
||||
* @Route("/new-tag/{entry}", requirements={"entry" = "\d+"}, name="new_tag")
|
||||
* @Route("/new-tag/{entry}", requirements={"entry" = "\d+"}, name="new_tag", methods={"POST"})
|
||||
*
|
||||
* @return \Symfony\Component\HttpFoundation\Response
|
||||
*/
|
||||
|
@ -26,7 +26,17 @@ class TagController extends Controller
|
|||
$form = $this->createForm(NewTagType::class, new Tag());
|
||||
$form->handleRequest($request);
|
||||
|
||||
$tags = $form->get('label')->getData();
|
||||
$tagsExploded = explode(',', $tags);
|
||||
|
||||
// avoid too much tag to be added
|
||||
if (\count($tagsExploded) >= 5 || \strlen($tags) >= NewTagType::MAX_LENGTH) {
|
||||
return $this->redirect($this->generateUrl('view', ['id' => $entry->getId()]));
|
||||
}
|
||||
|
||||
if ($form->isSubmitted() && $form->isValid()) {
|
||||
$this->checkUserAction($entry);
|
||||
|
||||
$this->get('wallabag_core.tags_assigner')->assignTagsToEntry(
|
||||
$entry,
|
||||
$form->get('label')->getData()
|
||||
|
@ -59,6 +69,8 @@ class TagController extends Controller
|
|||
*/
|
||||
public function removeTagFromEntry(Request $request, Entry $entry, Tag $tag)
|
||||
{
|
||||
$this->checkUserAction($entry);
|
||||
|
||||
$entry->removeTag($tag);
|
||||
$em = $this->getDoctrine()->getManager();
|
||||
$em->flush();
|
||||
|
@ -222,4 +234,14 @@ class TagController extends Controller
|
|||
|
||||
return $this->redirect($this->get('wallabag_core.helper.redirect')->to($request->headers->get('referer'), '', true));
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the logged user can manage the given entry.
|
||||
*/
|
||||
private function checkUserAction(Entry $entry)
|
||||
{
|
||||
if (null === $this->getUser() || $this->getUser()->getId() !== $entry->getUser()->getId()) {
|
||||
throw $this->createAccessDeniedException('You can not access this entry.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,6 +10,8 @@ use Symfony\Component\OptionsResolver\OptionsResolver;
|
|||
|
||||
class NewTagType extends AbstractType
|
||||
{
|
||||
public const MAX_LENGTH = 40;
|
||||
|
||||
public function buildForm(FormBuilderInterface $builder, array $options)
|
||||
{
|
||||
$builder
|
||||
|
@ -17,6 +19,7 @@ class NewTagType extends AbstractType
|
|||
'required' => true,
|
||||
'attr' => [
|
||||
'placeholder' => 'tag.new.placeholder',
|
||||
'max_length' => self::MAX_LENGTH,
|
||||
],
|
||||
])
|
||||
->add('add', SubmitType::class, [
|
||||
|
|
Loading…
Reference in a new issue