mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-10-31 22:28:54 +00:00
Code Issues Projects Releases Wiki Activity

Disable controller access if feature disabled

Browse source 
If `restricted_access` is disabled, accessing `/site-credentials/` must be disabled.
This commit is contained in:
Jeremy Benoist 2017-11-22 09:59:11 +01:00
parent 709e21a3f4
commit ef2b4041fb
No known key found for this signature in database
GPG key ID: BCA73962457ACC3C
2 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
View file

@ -24,6 +24,8 @@ class SiteCredentialController extends Controller
*/ */
public function indexAction() public function indexAction()
{ {
$this->isSiteCredentialsEnabled();
$credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser()); $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser());
return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [ return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [
@ -43,6 +45,8 @@ class SiteCredentialController extends Controller
*/ */
public function newAction(Request $request) public function newAction(Request $request)
{ {
$this->isSiteCredentialsEnabled();
$credential = new SiteCredential($this->getUser()); $credential = new SiteCredential($this->getUser());
$form = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $credential); $form = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $credential);
@ -83,6 +87,8 @@ class SiteCredentialController extends Controller
*/ */
public function editAction(Request $request, SiteCredential $siteCredential) public function editAction(Request $request, SiteCredential $siteCredential)
{ {
$this->isSiteCredentialsEnabled();
$this->checkUserAction($siteCredential); $this->checkUserAction($siteCredential);
$deleteForm = $this->createDeleteForm($siteCredential); $deleteForm = $this->createDeleteForm($siteCredential);
@ -125,6 +131,8 @@ class SiteCredentialController extends Controller
*/ */
public function deleteAction(Request $request, SiteCredential $siteCredential) public function deleteAction(Request $request, SiteCredential $siteCredential)
{ {
$this->isSiteCredentialsEnabled();
$this->checkUserAction($siteCredential); $this->checkUserAction($siteCredential);
$form = $this->createDeleteForm($siteCredential); $form = $this->createDeleteForm($siteCredential);
@ -144,6 +152,16 @@ class SiteCredentialController extends Controller
return $this->redirectToRoute('site_credentials_index'); return $this->redirectToRoute('site_credentials_index');
} }
/**
* Throw a 404 if the feature is disabled.
*/
private function isSiteCredentialsEnabled()
{
if (!$this->get('craue_config')->get('restricted_access')) {
throw $this->createNotFoundException('Feature "restricted_access" is disabled, controllers too.');
}
}
/** /**
* Creates a form to delete a site credential entity. * Creates a form to delete a site credential entity.
* *

14
tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
View file

@ -8,6 +8,20 @@ use Wallabag\CoreBundle\Entity\SiteCredential;
class SiteCredentialControllerTest extends WallabagCoreTestCase class SiteCredentialControllerTest extends WallabagCoreTestCase
{ {
public function testAccessDeniedBecauseFeatureDisabled()
{
$this->logInAs('admin');
$client = $this->getClient();
$client->getContainer()->get('craue_config')->set('restricted_access', 0);
$client->request('GET', '/site-credentials/');
$this->assertSame(404, $client->getResponse()->getStatusCode());
$client->getContainer()->get('craue_config')->set('restricted_access', 1);
}
public function testListSiteCredential() public function testListSiteCredential()
{ {
$this->logInAs('admin'); $this->logInAs('admin');