From fc6d92c63dc5629a9e005628e416e0ecf4daa6ed Mon Sep 17 00:00:00 2001
From: Jeremy Benoist <jeremy.benoist@gmail.com>
Date: Fri, 9 Dec 2016 16:47:50 +0100
Subject: [PATCH] Update route & user verification

---
 .../Controller/SiteCredentialController.php   | 36 ++++++++++++++-----
 .../Repository/SiteCredentialRepository.php   |  3 --
 .../Resources/translations/messages.fr.yml    |  6 ++--
 .../material/SiteCredential/edit.html.twig    |  2 +-
 .../material/SiteCredential/index.html.twig   |  4 +--
 .../material/SiteCredential/new.html.twig     |  2 +-
 6 files changed, 34 insertions(+), 19 deletions(-)

diff --git a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
index e7e438002..429f529ab 100644
--- a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
+++ b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
@@ -11,20 +11,22 @@ use Wallabag\CoreBundle\Entity\SiteCredential;
 
 /**
  * SiteCredential controller.
+ *
+ * @Route("/site-credentials")
  */
 class SiteCredentialController extends Controller
 {
     /**
      * Lists all User entities.
      *
-     * @Route("/site-credential", name="site_credential_index")
+     * @Route("/", name="site_credentials_index")
      * @Method("GET")
      */
     public function indexAction()
     {
         $em = $this->getDoctrine()->getManager();
 
-        $credentials = $em->getRepository('WallabagCoreBundle:SiteCredential')->findAll();
+        $credentials = $em->getRepository('WallabagCoreBundle:SiteCredential')->findByUser($this->getUser());
 
         return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', array(
             'credentials' => $credentials,
@@ -34,7 +36,7 @@ class SiteCredentialController extends Controller
     /**
      * Creates a new site credential entity.
      *
-     * @Route("/site-credential/new", name="site_credential_new")
+     * @Route("/new", name="site_credentials_new")
      * @Method({"GET", "POST"})
      */
     public function newAction(Request $request)
@@ -54,7 +56,7 @@ class SiteCredentialController extends Controller
                 $this->get('translator')->trans('flashes.site_credential.notice.added', ['%host%' => $credential->getHost()])
             );
 
-            return $this->redirectToRoute('site_credential_edit', array('id' => $credential->getId()));
+            return $this->redirectToRoute('site_credentials_edit', array('id' => $credential->getId()));
         }
 
         return $this->render('WallabagCoreBundle:SiteCredential:new.html.twig', array(
@@ -66,11 +68,13 @@ class SiteCredentialController extends Controller
     /**
      * Displays a form to edit an existing site credential entity.
      *
-     * @Route("/site-credential/{id}/edit", name="site_credential_edit")
+     * @Route("/{id}/edit", name="site_credentials_edit")
      * @Method({"GET", "POST"})
      */
     public function editAction(Request $request, SiteCredential $siteCredential)
     {
+        $this->checkUserAction($siteCredential);
+
         $deleteForm = $this->createDeleteForm($siteCredential);
         $editForm = $this->createForm('Wallabag\CoreBundle\Form\Type\SiteCredentialType', $siteCredential);
         $editForm->handleRequest($request);
@@ -85,7 +89,7 @@ class SiteCredentialController extends Controller
                 $this->get('translator')->trans('flashes.site_credential.notice.updated', ['%host%' => $siteCredential->getHost()])
             );
 
-            return $this->redirectToRoute('site_credential_edit', array('id' => $siteCredential->getId()));
+            return $this->redirectToRoute('site_credentials_edit', array('id' => $siteCredential->getId()));
         }
 
         return $this->render('WallabagCoreBundle:SiteCredential:edit.html.twig', array(
@@ -98,11 +102,13 @@ class SiteCredentialController extends Controller
     /**
      * Deletes a site credential entity.
      *
-     * @Route("/site-credential/{id}", name="site_credential_delete")
+     * @Route("/{id}", name="site_credentials_delete")
      * @Method("DELETE")
      */
     public function deleteAction(Request $request, SiteCredential $siteCredential)
     {
+        $this->checkUserAction($siteCredential);
+
         $form = $this->createDeleteForm($siteCredential);
         $form->handleRequest($request);
 
@@ -117,7 +123,7 @@ class SiteCredentialController extends Controller
             $em->flush();
         }
 
-        return $this->redirectToRoute('site_credential_index');
+        return $this->redirectToRoute('site_credentials_index');
     }
 
     /**
@@ -130,9 +136,21 @@ class SiteCredentialController extends Controller
     private function createDeleteForm(SiteCredential $siteCredential)
     {
         return $this->createFormBuilder()
-            ->setAction($this->generateUrl('site_credential_delete', array('id' => $siteCredential->getId())))
+            ->setAction($this->generateUrl('site_credentials_delete', array('id' => $siteCredential->getId())))
             ->setMethod('DELETE')
             ->getForm()
         ;
     }
+
+    /**
+     * Check if the logged user can manage the given site credential.
+     *
+     * @param SiteCredential $siteCredential The site credential entity
+     */
+    private function checkUserAction(SiteCredential $siteCredential)
+    {
+        if (null === $this->getUser() || $this->getUser()->getId() != $siteCredential->getUser()->getId()) {
+            throw $this->createAccessDeniedException('You can not access this site credential.');
+        }
+    }
 }
diff --git a/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php b/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php
index 501b44396..88aee6d58 100644
--- a/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php
+++ b/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php
@@ -4,9 +4,6 @@ namespace Wallabag\CoreBundle\Repository;
 
 /**
  * SiteCredentialRepository.
- *
- * This class was generated by the Doctrine ORM. Add your own custom
- * repository methods below.
  */
 class SiteCredentialRepository extends \Doctrine\ORM\EntityRepository
 {
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
index e37abfd35..17eaf0150 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
@@ -514,7 +514,7 @@ user:
         twofactor_label: "Double authentification"
         save: "Sauvegarder"
         delete: "Supprimer"
-        delete_confirm: "Voulez-vous vraiment ?"
+        delete_confirm: "Êtes-vous sur ?"
         back_to_list: "Revenir à la liste"
     search:
         placeholder: "Filtrer par nom d’utilisateur ou email"
@@ -523,7 +523,7 @@ site_credential:
     page_title: Gestion des accès aux sites
     new_site_credential: Créer un accès à un site
     edit_site_credential: Éditer l'accès d'un site
-    description: "Ici vous pouvez gérer les accès aux différents sites. Ces accès permettent de récupérer des contenus sur des sites qui requiert une authentification ou un paywall"
+    description: "Ici vous pouvez gérer les accès aux différents sites. Ces accès permettent de récupérer des contenus sur des sites qui requièrent une authentification ou un paywall"
     list:
         actions: Actions
         edit_action: Éditer
@@ -536,7 +536,7 @@ site_credential:
         password_label: 'Mot de passe'
         save: "Sauvegarder"
         delete: "Supprimer"
-        delete_confirm: "Voulez-vous vraiment ?"
+        delete_confirm: "Êtes-vous sur ?"
         back_to_list: "Revenir à la liste"
 
 error:
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/edit.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/edit.html.twig
index 8448f17ec..882be430f 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/edit.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/edit.html.twig
@@ -49,7 +49,7 @@
                                     <button onclick="return confirm('{{ 'site_credential.form.delete_confirm'|trans|escape('js') }}')" type="submit" class="btn waves-effect waves-light red">{{ 'site_credential.form.delete'|trans }}</button>
                                 {{ form_end(delete_form) }}
                             </p>
-                            <p><a class="waves-effect waves-light btn blue-grey" href="{{ path('site_credential_index') }}">{{ 'site_credential.form.back_to_list'|trans }}</a></p>
+                            <p><a class="waves-effect waves-light btn blue-grey" href="{{ path('site_credentials_index') }}">{{ 'site_credential.form.back_to_list'|trans }}</a></p>
                         </div>
                     </div>
                 </div>
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig
index fda60b31f..c128bcebd 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig
@@ -25,7 +25,7 @@
                                     <td>{{ credential.host }}</td>
                                     <td>{{ credential.username }}</td>
                                     <td>
-                                        <a href="{{ path('site_credential_edit', { 'id': credential.id }) }}">{{ 'site_credential.list.edit_action'|trans }}</a>
+                                        <a href="{{ path('site_credentials_edit', { 'id': credential.id }) }}">{{ 'site_credential.list.edit_action'|trans }}</a>
                                     </td>
                                 </tr>
                             {% endfor %}
@@ -33,7 +33,7 @@
                         </table>
                         <br />
                         <p>
-                            <a href="{{ path('site_credential_new') }}" class="waves-effect waves-light btn">{{ 'site_credential.list.create_new_one'|trans }}</a>
+                            <a href="{{ path('site_credentials_new') }}" class="waves-effect waves-light btn">{{ 'site_credential.list.create_new_one'|trans }}</a>
                         </p>
                     </div>
                 </div>
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/new.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/new.html.twig
index bf713902a..3c008cdec 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/new.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/new.html.twig
@@ -42,7 +42,7 @@
                                 {{ form_widget(form.save, {'attr': {'class': 'btn waves-effect waves-light'}}) }}
                                 {{ form_rest(form) }}
                             </form>
-                            <p><a class="waves-effect waves-light btn blue-grey" href="{{ path('site_credential_index') }}">{{ 'site_credential.form.back_to_list'|trans }}</a></p>
+                            <p><a class="waves-effect waves-light btn blue-grey" href="{{ path('site_credentials_index') }}">{{ 'site_credential.form.back_to_list'|trans }}</a></p>
                         </div>
                     </div>
                 </div>