src/Access/Listener/AccessCheckListener.php line 43

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Access\Listener;
  7. use Arobases\SyliusRightsManagementPlugin\Access\Checker\AdminRouteChecker;
  8. use Arobases\SyliusRightsManagementPlugin\Access\Checker\AdminRouteCheckerInterface;
  9. use Arobases\SyliusRightsManagementPlugin\Access\Checker\AdminUserAccessChecker;
  10. use Arobases\SyliusRightsManagementPlugin\Access\Checker\AdminUserAccessCheckerInterface;
  11. use Arobases\SyliusRightsManagementPlugin\Provider\CurrentAdminUserProvider;
  12. use Arobases\SyliusRightsManagementPlugin\Provider\CurrentAdminUserProviderInterface;
  13. use Sylius\Component\Core\Model\AdminUserInterface;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Session\Session;
  16. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  17. use Symfony\Component\HttpKernel\Event\RequestEvent;
  18. use Symfony\Component\HttpKernel\HttpKernelInterface;
  19. use Symfony\Component\Routing\RouterInterface;
  21. class AccessCheckListener
  22. {
  23.     private CurrentAdminUserProviderInterface $currentAdminUserProvider;
  25.     private AdminUserAccessCheckerInterface $adminUserAccessChecker;
  27.     private AdminRouteCheckerInterface $adminRouteAccessChecker;
  29.     private SessionInterface $session;
  31.     private RouterInterface $router;
  33.     public function __construct(CurrentAdminUserProviderInterface $currentAdminUserProviderAdminUserAccessCheckerInterface $adminUserAccessCheckerAdminRouteCheckerInterface $adminRouteAccessCheckerSessionInterface $sessionRouterInterface $router)
  34.     {
  35.         $this->currentAdminUserProvider $currentAdminUserProvider;
  36.         $this->adminUserAccessChecker $adminUserAccessChecker;
  37.         $this->adminRouteAccessChecker $adminRouteAccessChecker;
  38.         $this->session $session;
  39.         $this->router $router;
  40.     }
  43.     public function onKernelRequest(RequestEvent $event): void
  44.     {
  45.         if ($event->getRequestType() !== HttpKernelInterface::MAIN_REQUEST) {
  46.             return;
  47.         }
  49.         $routeName $event->getRequest()->get('_route');
  51.         if (null === $routeName) {
  52.             return;
  53.         }
  55.         if (strpos($routeName'partial') || $routeName === 'sylius_admin_dashboard' || $routeName === 'sylius_admin_login' || $routeName === '2fa_login' || $routeName === '2fa_login_check') {
  56.             return;
  57.         }
  59.         if (!$this->adminRouteAccessChecker->isAdminRoute($routeName)) {
  60.             return;
  61.         }
  63.         $adminUser $this->currentAdminUserProvider->getCurrentAdminUser();
  65.         if ($adminUser->getRole() === null) {
  66.             $event->setResponse($this->redirectUser($this->getRedirectRoute(), $this->getRedirectMessage()));
  67.         }
  69.         if ($adminUser instanceof AdminUserInterface && $adminUser->getRole()) {
  70.             $isUserGranted $this->adminUserAccessChecker->isUserGranted($adminUser$routeName);
  72.             if (!$isUserGranted) {
  73.                 $event->setResponse($this->redirectUser($this->getRedirectRoute(), $this->getRedirectMessage()));
  74.             }
  75.         }
  76.     }
  78.     private function getRedirectRoute(): string
  79.     {
  80.         return  $this->router->generate('sylius_admin_dashboard');
  81.     }
  83.     private function getRedirectMessage(): string
  84.     {
  85.         return  'arobases_sylius_rights_management.message.access_denied';
  86.     }
  88.     protected function redirectUser(string $routestring $message): RedirectResponse
  89.     {
  90.         $this->session->getFlashBag()->add('error'$message);
  92.         return new RedirectResponse($route);
  93.     }
  94. }