src/EventListener/AdminPermissionSubscriber.php line 66

Open in your IDE?
  1. <?php
  2. namespace App\EventListener;
  3. use App\Controller\Admin\PermissionCheckerControllerInterface;
  4. use App\Entity\Menu;
  5. use App\Entity\Permission;
  6. use App\Entity\User;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Sogec\BOBundle\Controller\CRUDController;
  9. use Sogec\BOBundle\Routing\CRUDAction;
  10. use Symfony\Bundle\FrameworkBundle\Controller\Controller;
  11. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  12. use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
  13. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  14. use Symfony\Component\HttpKernel\KernelEvents;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  16. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  17. /**
  18.  * Class AdminPermissionSubscriber.
  19.  */
  20. class AdminPermissionSubscriber implements EventSubscriberInterface
  21. {
  22.     /**
  23.      * @var EntityManagerInterface
  24.      */
  25.     private $manager;
  26.     /**
  27.      * @var TokenStorageInterface
  28.      */
  29.     private $token;
  30.     /**
  31.      * @var AuthorizationCheckerInterface
  32.      */
  33.     private $authChecker;
  34.     /**
  35.      * @var array
  36.      */
  37.     private $whitListRoutes;
  38.     /**
  39.      * AdminPermissionSubscriber constructor.
  40.      *
  41.      * @param EntityManagerInterface        $manager
  42.      * @param TokenStorageInterface         $token
  43.      * @param AuthorizationCheckerInterface $authChecker
  44.      * @param array                         $whitListRoutes
  45.      */
  46.     public function __construct(EntityManagerInterface $managerTokenStorageInterface $tokenAuthorizationCheckerInterface $authChecker, array $whitListRoutes)
  47.     {
  48.         $this->manager $manager;
  49.         $this->token $token;
  50.         $this->authChecker $authChecker;
  51.         $this->whitListRoutes $whitListRoutes;
  52.     }
  53.     /**
  54.      * Filter Controller.
  55.      *
  56.      * @param FilterControllerEvent $event
  57.      */
  58.     public function onKernelController(FilterControllerEvent $event)
  59.     {
  60.         if (!$event->isMasterRequest()) {
  61.             return;
  62.         }
  63.         if (!strpos($event->getRequest()->get('_firewall_context'), 'admin')) {
  64.             return;
  65.         }
  66.         if ($this->authChecker->isGranted('ROLE_SUPER_ADMIN')) {
  67.             return;
  68.         }
  69.         $controller $event->getController();
  70.         if (!is_array($controller)) {
  71.             return;
  72.         }
  73.         if (in_array($event->getRequest()->get('_route'), $this->whitListRoutes)) {
  74.             return;
  75.         }
  76.         /**
  77.          * @var Controller $currentController
  78.          */
  79.         $currentController $controller[0];
  80.         if ($currentController instanceof PermissionCheckerControllerInterface || $currentController instanceof CRUDController) {
  81.             /**
  82.              * @var User $user
  83.              */
  84.             $user $this->token->getToken()->getUser();
  85.             if (!$profile $user->getProfile()) {
  86.                 throw new AccessDeniedHttpException('This action needs a permission!');
  87.             }
  88.             $routeTab explode('_'$event->getRequest()->get('_route'));
  89.             $filterMenu $event->getRequest()->get('_route');
  90.             $action CRUDAction::LIST;
  91.             if (== count($routeTab)) {
  92.                 list($prefix$section$action) = $routeTab;
  93.                 $filterMenu $prefix.'_'.$section;
  94.             } elseif (=== count($routeTab)) {
  95.                 list($prefix$section$subsection$action) = $routeTab;
  96.                 $filterMenu $prefix.'_'.$section.'_'.$subsection;
  97.             } elseif ('admin_permissions_ajax_change_access' === $filterMenu) {
  98.                 list($prefix) = $routeTab;
  99.                 $action 'edit';
  100.                 $filterMenu $prefix.'_permissions';
  101.             }
  102.             $menu $this->manager->getRepository(Menu::class)
  103.                 ->findByRoutePrefix($filterMenu);
  104.             $permission $this->manager->getRepository(Permission::class)
  105.                 ->findOneBy(['menu' => $menu'profile' => $profile]);
  106.             if (null === $permission || !$permission->getActions()[$action]) {
  107.                 throw new AccessDeniedHttpException('This action needs a permission!');
  108.             }
  109.         }
  110.     }
  111.     /**
  112.      * {@inheritdoc}
  113.      */
  114.     public static function getSubscribedEvents()
  115.     {
  116.         return array(
  117.             KernelEvents::CONTROLLER => 'onKernelController',
  118.         );
  119.     }
  120. }