Merge pull request #3431 from wallabag/disable-site-credentials

Disable controller access if feature disabled
2024-06-18 05:00:36 +00:00 · 2017-11-22 15:11:25 +01:00 · 2017-11-22 15:11:25 +01:00 · f818f64145
parent d3d0defabc ef2b4041fb
commit f818f64145
2 changed files with 32 additions and 0 deletions
--- a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
+++ b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
@ -24,6 +24,8 @@ class SiteCredentialController extends Controller
     */
    public function indexAction()
    {
+        $this->isSiteCredentialsEnabled();
+
        $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser());

        return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [
@ -43,6 +45,8 @@ class SiteCredentialController extends Controller
     */
    public function newAction(Request $request)
    {
+        $this->isSiteCredentialsEnabled();
+
        $credential = new SiteCredential($this->getUser());

        $form = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $credential);
@ -83,6 +87,8 @@ class SiteCredentialController extends Controller
     */
    public function editAction(Request $request, SiteCredential $siteCredential)
    {
+        $this->isSiteCredentialsEnabled();
+
        $this->checkUserAction($siteCredential);

        $deleteForm = $this->createDeleteForm($siteCredential);
@ -125,6 +131,8 @@ class SiteCredentialController extends Controller
     */
    public function deleteAction(Request $request, SiteCredential $siteCredential)
    {
+        $this->isSiteCredentialsEnabled();
+
        $this->checkUserAction($siteCredential);

        $form = $this->createDeleteForm($siteCredential);
@ -144,6 +152,16 @@ class SiteCredentialController extends Controller
        return $this->redirectToRoute('site_credentials_index');
    }

+    /**
+     * Throw a 404 if the feature is disabled.
+     */
+    private function isSiteCredentialsEnabled()
+    {
+        if (!$this->get('craue_config')->get('restricted_access')) {
+            throw $this->createNotFoundException('Feature "restricted_access" is disabled, controllers too.');
+        }
+    }
+
    /**
     * Creates a form to delete a site credential entity.
     *
--- a/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
@ -8,6 +8,20 @@ use Wallabag\CoreBundle\Entity\SiteCredential;

 class SiteCredentialControllerTest extends WallabagCoreTestCase
 {
+    public function testAccessDeniedBecauseFeatureDisabled()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+
+        $client->getContainer()->get('craue_config')->set('restricted_access', 0);
+
+        $client->request('GET', '/site-credentials/');
+
+        $this->assertSame(404, $client->getResponse()->getStatusCode());
+
+        $client->getContainer()->get('craue_config')->set('restricted_access', 1);
+    }
+
    public function testListSiteCredential()
    {
        $this->logInAs('admin');