<?php
namespace App\EventSubscriber\Ticket;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ViewEvent;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Contracts\Translation\TranslatorInterface;
use App\Exception\NotFoundException;
use App\Exception\AccessDeniedException;
use ApiPlatform\Core\EventListener\EventPriorities;
use App\Repository\App\Ticket\TicketTypeRepository;
use App\Repository\App\Ticket\TicketStateRepository;
use App\Repository\App\Task\WorkerBudgetRepository;
use App\Repository\App\RoleRepository;
use App\Services\VendorService;
use App\Services\UtilsService;
use App\Entity\App\Ticket\Ticket;
use App\Entity\App\User;
use App\Entity\App\Role;
class TicketPreSerializeSubscriber implements EventSubscriberInterface
{
private $translator;
private $tokenStorage;
private $authorizationChecker;
private $ticketTypeRepository;
private $vendorService;
private $ticketStateRepository;
private $workerBudgetRepository;
private $roleRepository;
private $utilsService;
public function __construct(
TranslatorInterface $translator,
TokenStorageInterface $tokenStorage,
AuthorizationCheckerInterface $checker,
TicketTypeRepository $ticketTypeRepository,
TicketStateRepository $ticketStateRepository,
WorkerBudgetRepository $workerBudgetRepository,
RoleRepository $roleRepository,
VendorService $vendorService,
UtilsService $utilsService)
{
$this->translator = $translator;
$this->tokenStorage = $tokenStorage;
$this->authorizationChecker = $checker;
$this->ticketTypeRepository = $ticketTypeRepository;
$this->vendorService = $vendorService;
$this->ticketStateRepository = $ticketStateRepository;
$this->workerBudgetRepository = $workerBudgetRepository;
$this->roleRepository = $roleRepository;
$this->utilsService = $utilsService;
}
/**
* @param ViewEvent $event
* @throws AccessDeniedException
* @throws NotFoundException
*/
public function onKernelView(ViewEvent $event)
{
if ($this->utilsService->isAPublicRequest($event)) {
return;
}
$ticket = $event->getControllerResult();
$request = $event->getRequest();
$method = $request->getMethod();
$currentUser = $this->tokenStorage->getToken()->getUser();
if (!($ticket instanceof Ticket) || (Request::METHOD_GET !== $method))
return;
if(!($currentUser instanceof User)) {
throw new NotFoundException($this->translator->trans('User current not found'));
}
if ($this->authorizationChecker->isGranted('ROLE_SUPERADMIN'))
return;
$vendor = $ticket->getVendor();
$vendorStaff = $this->vendorService->getVendorStaff(null, $currentUser, $vendor);
if ($vendorStaff === null) {
throw new AccessDeniedException(
$this->translator->trans(
'Access denied. it does not belong to the vendor',
['%vendor%' => $vendor->getName()]
)
);
}
$authorization = false;
$controlAccess = [Role::ROLE_ADMIN, Role::ROLE_TASKMASTER];
if ($ticket->getCreatedBy() === $currentUser) {
$controlAccess = [Role::ROLE_ALL];
}
if ($this->vendorService->isUserRoleInToVendor($ticket->getVendor(), $currentUser, $controlAccess)) {
$authorization = true;
}
/*
* permiso para capataz poder ver un ticket en donde fue asignado solamente
if (!$authorization) {
$role[] = $this->roleRepository->findOneBy(['name' => Role::ROLE_TASKMASTER]);
$workerBudget = $this->workerBudgetRepository->getWorkersOfTicketByRole(
$ticket,
$role,
$currentUser->getId()
);
if ($workerBudget) {
$authorization = true;
}
}
*/
/*
$rolesUser = $this->vendorService->getRolesOfUserByVendor($currentUser, $vendor);
$roleAdmin = $this->roleRepository->findOneBy(['name' => Role::ROLE_ADMIN]);
$ticketTypeRequest = $this->ticketTypeRepository->findOneBy(['name' => 'request']);
$ticketTypeIncidence = $this->ticketTypeRepository->findOneBy(['name' => 'incidence']);
$workOrder = $this->ticketTypeRepository->findOneBy(['name' => 'work_order']);
if ($ticket->getType() === $ticketTypeRequest or
$ticket->getType() === $ticketTypeIncidence) {
$controlAccess = [Role::ROLE_ADMIN, Role::ROLE_USER];
$roleUser = $this->roleRepository->findOneBy(['name' => Role::ROLE_USER]);
switch (true) {
case (in_array($roleAdmin, $rolesUser)):
$authorization = true;
break;
case (in_array($roleUser, $rolesUser)):
if ($ticket->getCreatedBy() === $currentUser)
$authorization = true;
break;
default:
$authorization = false;
}
}
if ($ticket->getType() === $workOrder && in_array($roleAdmin, $rolesUser))
$authorization = true;
*/
if (!$authorization) {
$controlAccessTranslator = [];
foreach ($controlAccess as $roleName) {
$controlAccessTranslator[] = $this->translator->trans($roleName);
}
throw new AccessDeniedException(
$this->translator->trans('access_allowed_only_for') . (implode(', ', $controlAccessTranslator))
);
}
}
public static function getSubscribedEvents()
{
return [
KernelEvents::VIEW => ['onKernelView', EventPriorities::PRE_SERIALIZE]
];
}
}