src/EventSubscriber/User/UserPreValidateSubscriber.php line 69

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: MEDINA
  5.  * Date: 29/03/2019
  6.  * Time: 04:08 PM
  7.  */
  9. namespace App\EventSubscriber\User;
  11. use App\Exception\AccessDeniedException;
  12. use App\Exception\CaptchaTokenInvalidException;
  13. use App\Exception\NotFoundException;
  14. use App\Services\UtilsService;
  15. use Symfony\Component\HttpFoundation\Response;
  16. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  17. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  18. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  19. use Symfony\Component\HttpKernel\Event\ViewEvent;
  20. use Symfony\Component\HttpKernel\KernelEvents;
  21. use Symfony\Component\HttpFoundation\Request;
  22. use Doctrine\ORM\EntityManagerInterface;
  23. use ApiPlatform\Core\EventListener\EventPriorities;
  24. use App\Repository\App\VendorRepository;
  25. use App\Repository\App\UserRepository;
  26. use App\Services\VendorService;
  27. use App\Entity\App\User;
  28. use App\Entity\App\Role;
  29. use App\Entity\App\Vendor;
  30. use Symfony\Contracts\Translation\TranslatorInterface;
  32. class UserPreValidateSubscriber implements EventSubscriberInterface
  33. {
  34.     private $tokenStorage;
  35.     private $authorizationChecker;
  36.     private $entityManager;
  37.     private $userRepository;
  38.     private $vendorRepository;
  39.     private $vendorService;
  40.     private $utilsService;
  41.     private $translator;
  43.     public function __construct(
  44.         TokenStorageInterface $tokenStorage,
  45.         AuthorizationCheckerInterface $checker,
  46.         UserRepository $userRepository,
  47.         VendorRepository $vendorRepository,
  48.         VendorService $vendorService,
  49.         EntityManagerInterface $entityManager,
  50.         TranslatorInterface $translator,
  51.         UtilsService $utilsService)
  52.     {
  53.         $this->tokenStorage $tokenStorage;
  54.         $this->authorizationChecker $checker;
  55.         $this->entityManager $entityManager;
  56.         $this->userRepository $userRepository;
  57.         $this->vendorRepository $vendorRepository;
  58.         $this->vendorService $vendorService;
  59.         $this->utilsService $utilsService;
  60.         $this->translator $translator;
  61.     }
  63.     /**
  64.      * @param ViewEvent $event
  65.      * @throws AccessDeniedException
  66.      * @throws CaptchaTokenInvalidException
  67.      * @throws NotFoundException
  68.      */
  69.     public function onKernelView(ViewEvent $event)
  70.     {
  71.         if ($this->utilsService->isAPublicRequest($event)) {
  72.             return;
  73.         }
  74.         $user $event->getControllerResult();
  75.         $request $event->getRequest();
  76.         $route $request->attributes->get('_route');
  77.         $method $event->getRequest()->getMethod();
  79.         if (!($user instanceof User) ||
  80.             (Request::METHOD_POST !== $method && Request::METHOD_PUT !== $method))
  81.             return;
  83.         $locale $request->getLocale();
  84.         if ($this->tokenStorage->getToken()) {
  85.             $userCurrent $this->tokenStorage->getToken()->getUser();
  86.             if ($userCurrent instanceof User) {
  87.                 $locale $userCurrent->getLocale();
  88.             }
  89.         }
  91.         $userCurrent $this->tokenStorage->getToken()->getUser();
  92.         $content $request->getContent();
  93.         $data json_decode($contenttrue);
  94.         if (Request::METHOD_POST == $method && isset($data['captchaToken'])) {
  95.             if (!$this->utilsService->checkRecaptchaTokenIsValid($data['captchaToken'])) {
  96.                 throw new CaptchaTokenInvalidException('Sent token is not valid');
  97.             }
  98.         }
  99.         $vendor null;
  100.         if (isset($data['vendor'])) {
  101.             $vendor $this->vendorRepository->find($data['vendor']);
  102.             if (!($vendor instanceof Vendor)) {
  103.                 $response = new Response();
  104.                 $response->setContent(json_encode([
  105.                     'detail' => $this->translator->trans(
  106.                         'entity not found',
  107.                         [
  108.                             '%entity%' => 'vendor',
  109.                             '%entityId%' => $data['vendor']
  110.                         ],
  111.                         null,
  112.                         $locale
  113.                     )
  114.                 ]));
  115.                 $response->setStatusCode(Response::HTTP_BAD_REQUEST);
  116.                 $event->setResponse($response);
  118.                 return;
  119.             }
  120.         }
  122.         $authorization false;
  124.         if ($this->authorizationChecker->isGranted('ROLE_SUPERADMIN'))
  125.             $authorization true;
  127.         $controlAccess = [Role::ROLE_ADMIN];
  128.         if ($userCurrent instanceof User && $vendor instanceof Vendor) {
  129.             if ($this->vendorService->isUserRoleInToVendor($vendor$userCurrent$controlAccess)) {
  130.                 $authorization true;
  131.             }
  132.         } elseif (is_null($vendor) && $userCurrent instanceof User && Request::METHOD_PUT === $method) {
  133.             $vendorUserCurrent $this->vendorService->getVendorsOfUserByRole($userCurrentRole::ROLE_ADMIN);
  134.             foreach ($user->getVendorStaff() as $userVendorStaff) {
  135.                 if (in_array($userVendorStaff->getVendor(), $vendorUserCurrent)) {
  136.                     $authorization true;
  137.                     break;
  138.                 }
  139.             }
  140.         }
  142.         if (!$authorization &&
  143.             Request::METHOD_PUT === $method &&
  144.             $userCurrent instanceof User &&
  145.             $user->getId() === $userCurrent->getId()
  146.         ) {
  147.             $authorization true;
  148.         }
  150.         if (!$authorization) {
  151.             $controlAccessTranslator = [];
  152.             foreach ($controlAccess as $roleName) {
  153.                 $controlAccessTranslator[] = $this->translator->trans($roleName, [], null$locale);
  154.             }
  155.             $response = new Response();
  156.             $response->setContent(
  157.                 json_encode(
  158.                     [
  159.                         'detail' => $this->translator->trans('access_allowed_only_for', [], null$locale) . (implode(
  160.                                 ', ',
  161.                                 $controlAccessTranslator
  162.                             ))
  164.                     ]
  165.                 )
  166.             );
  167.             $response->setStatusCode(Response::HTTP_NOT_ACCEPTABLE);
  168.             $event->setResponse($response);
  170.             return;
  171.         }
  173.         $phone null;
  175.         if (!empty($user->getPhoneNumber())) {
  176.             $phone str_replace([' ''+''-''('')''-'], ''$user->getPhoneNumber());
  177.             $user->setPhoneNumber($phone);
  178.         }
  180.         if (!empty($user->getPhonePrefix()) && empty($user->getPhoneNumber())) {
  181.             $response = new Response();
  182.             $response->setContent(
  183.                 json_encode(
  184.                     [
  185.                         'detail' => $this->translator->trans(
  186.                             'phoneNumber is required if phonePrefix is not blank',
  187.                             [],
  188.                             null,
  189.                             $locale
  190.                         )
  192.                     ]
  193.                 )
  194.             );
  195.             $response->setStatusCode(Response::HTTP_NOT_ACCEPTABLE);
  196.             $event->setResponse($response);
  198.             return;
  199.         }
  201.         if (!empty($user->getPhonePrefix()) && !empty($user->getPhoneNumber())) {
  202.             $phone =
  203.                 $user->setPhonePrefixAndPhone(sprintf("%s%s"$user->getPhonePrefix(), $phone));
  204.         }
  206.         if (empty($user->getPhonePrefix()) && empty($user->getPhoneNumber())) {
  207.             $user->setPhonePrefixAndPhone(null);
  208.         }
  210.         if (empty($user->getCostPerHour()) && is_null($user->getCostPerHour())) {
  211.             $user->setCostPerHour(0);
  212.         }
  214.     }
  216.     public static function getSubscribedEvents()
  217.     {
  218.         return [
  219.             KernelEvents::VIEW => ['onKernelView'EventPriorities::PRE_VALIDATE]
  220.         ];
  221.     }
  222. }