src/EventListener/AuthorizationListener.php line 84

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\EventListener;
  7. use App\Entity\Franchise\FranchiseInterface;
  8. use App\Entity\Security\Administrator;
  9. use App\Entity\Security\Manager;
  10. use App\Entity\Security\RoleInterface;
  11. use App\Entity\Security\ShopManager;
  12. use App\Entity\Shop\ShopInterface;
  13. use App\Helper\String\StringHelper;
  14. use App\Service\Franchise\FranchiseService;
  15. use App\Service\Shop\ShopService;
  16. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  17. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  18. use Symfony\Component\HttpFoundation\RedirectResponse;
  19. use Symfony\Component\HttpFoundation\Response;
  20. use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
  21. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  22. use Symfony\Component\HttpKernel\Event\RequestEvent;
  23. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  24. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  25. use Symfony\Component\Routing\RouterInterface;
  26. use Symfony\Component\Security\Core\Security;
  27. use Symfony\Contracts\Translation\TranslatorInterface;
  29. class AuthorizationListener implements EventSubscriberInterface
  30. {
  31.     private string $apiRouteBase;
  32.     private array $allowedInLightLicense = [
  33.         'foxorders_shop_menu_',
  34.         'foxorders_shop_category_',
  35.         'foxorders_shop_product_',
  36.         'foxorders_shop_option_',
  37.         'foxorders_shop_dashboard',
  38.         'foxorders_shop_qrcode_dematerialized_menu',
  39.         'foxorders_dashboard',
  40.         'foxorders_home',
  41.         'security_login',
  42.         'foxorders_franchise_',
  43.         'foxorders_google_cloud_translation',
  44.     ];
  46.     private array $shopAuthorizedRoutes = [
  47.         'foxorders_shop_shop_edit',
  48.         'foxorders_shop_qrcode_dematerialized_menu',
  49.         'foxorders_shop_dashboard',
  50.         'foxorders_shop_menu_show',
  51.     ];
  53.     public function __construct(
  54.         private Security $security,
  55.         private SessionInterface $session,
  56.         private StringHelper $stringHelper,
  57.         private ShopService $shopService,
  58.         private FranchiseService $franchiseService,
  59.         private FlashBagInterface $flash,
  60.         private RouterInterface $router,
  61.         private TranslatorInterface $translator,
  62.         private ParameterBagInterface $parameterBag,
  63.     ) {
  64.         $this->apiRouteBase '/' $this->parameterBag->get('api.route.base');
  65.     }
  67.     public static function getSubscribedEvents(): array
  68.     {
  69.         return [
  70.             ResponseEvent::class => 'onKernelResponse',
  71.             RequestEvent::class => 'onKernelRequest',
  72.         ];
  73.     }
  75.     public function onKernelResponse(ResponseEvent $event)
  76.     {
  77.         $pathInfo $event->getRequest()->getPathInfo();
  78.         if (null !== $pathInfo && true === str_starts_with($pathInfo$this->apiRouteBase)) {
  79.             return true;
  80.         }
  82.         $shop null;
  83.         $user $this->security->getUser();
  84.         $franchise $event->getRequest()->getSession()->get('franchise') ?? null;
  85.         $route $event->getRequest()->get('_route') ?? null;
  87.         if ($user instanceof Manager) {
  88.             $shop $this->session->get('shop');
  89.         }
  91.         if ($user instanceof ShopManager) {
  92.             $shop $user->getShop();
  93.         }
  95.         if (
  96.             null !== $franchise
  97.             && $user instanceof Manager
  98.             && false === $this->franchiseService->belongsToUser($franchise$user)
  99.         ) {
  100.             throw new AccessDeniedHttpException(Response::$statusTexts[Response::HTTP_FORBIDDEN]);
  101.         }
  103.         if (
  104.             null !== $route
  105.             && (true === str_ends_with($route'_index') || true === $this->stringHelper->contain($route$this->shopAuthorizedRoutes))
  106.             && ($user instanceof ShopManager || $user instanceof Manager)
  107.             && (null !== $event->getRequest()->getSession()->get('shop') && false === $this->shopService->belongsToUser($event->getRequest()->getSession()->get('shop'), $user))
  108.         ) {
  109.             throw new AccessDeniedHttpException(Response::$statusTexts[Response::HTTP_FORBIDDEN]);
  110.         }
  112.         if (
  113.             null !== $route
  114.             && true === $user instanceof ShopManager
  115.             && ShopInterface::LICENCE_LIGHT === $shop?->getLicence()
  116.             && false === $this->stringHelper->contain($route$this->allowedInLightLicense)
  117.         ) {
  118.             throw new AccessDeniedHttpException(Response::$statusTexts[Response::HTTP_FORBIDDEN]);
  119.         }
  121.         return true;
  122.     }
  124.     public function onKernelRequest(RequestEvent $event): void
  125.     {
  126.         $this->session->set('logged'null);
  127.         $user $this->security->getUser();
  128.         $route $event->getRequest()->get('_route');
  129.         $isApiRoute null !== $route && str_contains($route'api_') && false === str_starts_with($route'foxorders_documentation');
  131.         if (
  132.             null !== $route && false === $isApiRoute && 'security_login' !== $route
  133.             && (
  134.                 ($user instanceof Manager && FranchiseInterface::STATUS_DISABLED === $user->getFranchise()->getStatus())
  135.                  || ($user instanceof ShopManager && FranchiseInterface::STATUS_DISABLED === $user->getShop()->getFranchise()->getStatus())
  136.             )
  137.             && === \count(array_intersect([RoleInterface::ROLE_ADMINRoleInterface::ROLE_PREVIOUS_ADMIN], $this->security->getToken()->getRoleNames()))
  138.         ) {
  139.             $this->flash->add('account_locked'$this->translator->trans('app.global.messages.account_suspended'));
  140.             $event->setResponse(new RedirectResponse($this->router->generate('security_login')));
  141.         }
  143.         if ($user instanceof Administrator && null !== $route && (true === str_starts_with($route'foxorders_admin') || 'foxorders_shop_shop_index' === $route)) {
  144.             $this->session->set('shop'null);
  145.         }
  147.         if (null !== $route && true === str_starts_with($route'foxorders_franchise')) {
  148.             $this->session->set('logged''franchise');
  149.         }
  150.     }
  151. }