src/EventSubscriber/Company/CompanyPreWriteSubscriber.php line 53

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: SUSAN MEDINA
  5.  * Date: 10/05/2019
  6.  * Time: 01:53 PM
  7.  */
  9. namespace App\EventSubscriber\Company;
  11. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  12. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  13. use Symfony\Component\HttpKernel\Event\ViewEvent;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Contracts\Translation\TranslatorInterface;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpKernel\KernelEvents;
  18. use Doctrine\ORM\EntityManagerInterface;
  19. use ApiPlatform\Core\EventListener\EventPriorities;
  20. use App\Services\VendorService;
  21. use App\Services\UtilsService;
  22. use App\Exception\AccessDeniedException;
  23. use App\Exception\NotFoundException;
  24. use App\Entity\App\company;
  25. use App\Entity\App\User;
  26. use App\Entity\App\Role;
  28. class CompanyPreWriteSubscriber implements EventSubscriberInterface
  29. {
  30.     private $tokenStorage;
  31.     private $authorizationChecker;
  32.     private $vendorService;
  33.     private $entityManager;
  34.     private $utilsService;
  35.     private $translator;
  37.     public function __construct(
  38.         TokenStorageInterface $tokenStorage,
  39.         AuthorizationCheckerInterface $checker,
  40.         VendorService $vendorService,
  41.         EntityManagerInterface $entityManager,
  42.         UtilsService $utilsService,
  43.         TranslatorInterface $translator
  44.     ){
  45.         $this->tokenStorage $tokenStorage;
  46.         $this->authorizationChecker $checker;
  47.         $this->vendorService $vendorService;
  48.         $this->entityManager $entityManager;
  49.         $this->utilsService $utilsService;
  50.         $this->translator $translator;
  51.     }
  53.     public function onKernelView(ViewEvent $event)
  54.     {
  55.         if ($this->utilsService->isAPublicRequest($event)) {
  56.             return;
  57.         }
  59.         $company $event->getControllerResult();
  60.         $request $event->getRequest();
  61.         $method $request->getMethod();
  62.         $userCurrent $this->tokenStorage->getToken()->getUser();
  64.         if (!($company instanceof Company) ||
  65.             (Request::METHOD_POST !== $method && Request::METHOD_PUT && Request::METHOD_DELETE !== $method)
  66.         )
  67.             return;
  69.         if ($this->authorizationChecker->isGranted('ROLE_SUPERADMIN'))
  70.             return;
  72.         if(!$userCurrent instanceof User)
  73.             throw new NotFoundException($this->translator->trans('User current not found'));
  75.         $controlAccess = [Role::ROLE_ADMIN];
  76.         if (!$this->vendorService->isUserRoleInToVendor($company->getVendor(), $userCurrent$controlAccess)) {
  77.             $controlAccessTranslator = [];
  78.             foreach ($controlAccess as $roleName) {
  79.                 $controlAccessTranslator[] = $this->translator->trans($roleName);
  80.             }
  81.             throw new AccessDeniedException(
  82.                 $this->translator->trans('access_allowed_only_for') . (implode(', '$controlAccessTranslator))
  83.             );
  84.         }
  85.     }
  87.     public static function getSubscribedEvents()
  88.     {
  89.         return [
  90.             KernelEvents::VIEW => ['onKernelView'EventPriorities::PRE_WRITE]
  91.         ];
  92.     }
  93. }