src/EventSubscriber/MaintenanceElement/MaintenanceElementPreSerializerSubscriber.php line 54

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: SUSAN MEDINA
  5.  * Date: 25/04/2019
  6.  * Time: 03:51 PM
  7.  */
  9. namespace App\EventSubscriber\MaintenanceElement;
  11. use Symfony\Contracts\Translation\TranslatorInterface;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  14. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  15. use Symfony\Component\HttpKernel\Event\ViewEvent;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpKernel\KernelEvents;
  18. use App\Exception\NotFoundException;
  19. use App\Exception\AccessDeniedException;
  20. use ApiPlatform\Core\EventListener\EventPriorities;
  21. use App\Services\VendorService;
  22. use App\Services\UtilsService;
  23. use App\Entity\App\MaintenanceElement;
  24. use App\Entity\App\User;
  25. use App\Entity\App\Role;
  27. class MaintenanceElementPreSerializerSubscriber implements EventSubscriberInterface
  28. {
  29.     private $tokenStorage;
  30.     private $authorizationChecker;
  31.     private $utilsService;
  32.     private $vendorService;
  33.     private $translator;
  35.     public function __construct(
  36.         TokenStorageInterface $tokenStorage,
  37.         AuthorizationCheckerInterface $checker,
  38.         UtilsService $utilsService,
  39.         VendorService $vendorService,
  40.         TranslatorInterface $translator
  41.     ){
  42.         $this->tokenStorage $tokenStorage;
  43.         $this->authorizationChecker $checker;
  44.         $this->utilsService $utilsService;
  45.         $this->vendorService $vendorService;
  46.         $this->translator $translator;
  47.     }
  49.     /**
  50.      * @param ViewEvent $event
  51.      * @throws AccessDeniedException
  52.      * @throws NotFoundException
  53.      */
  54.     public function onKernelView(ViewEvent $event)
  55.     {
  56.         if($this->utilsService->isAPublicRequest($event)) {
  57.             return;
  58.         }
  59.         $maintenanceElement $event->getControllerResult();
  60.         $request $event->getRequest();
  61.         $method $request->getMethod();
  62.         $userCurrent $this->tokenStorage->getToken()->getUser();
  64.         if (!($maintenanceElement instanceof MaintenanceElement) || (Request::METHOD_GET !== $method))
  65.             return;
  67.         if(!($userCurrent instanceof User))
  68.             throw new NotFoundException($this->translator->trans('User current not found'));
  70.         if ($this->authorizationChecker->isGranted('ROLE_SUPERADMIN'))
  71.             return;
  73.         $vendor $maintenanceElement->getVendor();
  74.         $vendorStaff $this->vendorService->getVendorStaff(null$userCurrent$vendor);
  76.         if ($vendorStaff === null) {
  77.             throw new AccessDeniedException(
  78.                 $this->translator->trans('Access denied. it does not belong to the vendor'),
  79.                 ['%vendor%' => $vendor->getName()]
  80.             );
  81.         }
  83.         $controlAccess = [Role::ROLE_ADMINRole::ROLE_TASKMASTERRole::ROLE_OPERATOR];
  84.         if (!$this->vendorService->isUserRoleInToVendor($vendor$userCurrent$controlAccess)) {
  85.             $controlAccessTranslator = [];
  86.             foreach ($controlAccess as $roleName) {
  87.                 $controlAccessTranslator[] = $this->translator->trans($roleName);
  88.             }
  90.             throw new AccessDeniedException(
  91.                 $this->translator->trans('access_allowed_only_for') . (implode(', '$controlAccessTranslator))
  92.             );
  93.         }
  94.     }
  96.     public static function getSubscribedEvents()
  97.     {
  98.         return [
  99.             KernelEvents::VIEW => ['onKernelView'EventPriorities::PRE_SERIALIZE]
  100.         ];
  101.     }
  102. }