vendor/sylius/rbac-plugin/src/Access/Listener/AccessCheckListener.php line 58

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Sylius\RbacPlugin\Access\Listener;
  7. use Sylius\Component\Core\Model\AdminUserInterface;
  8. use Sylius\RbacPlugin\Access\Checker\AdministratorAccessCheckerInterface;
  9. use Sylius\RbacPlugin\Access\Checker\RouteNameCheckerInterface;
  10. use Sylius\RbacPlugin\Access\Creator\AccessRequestCreatorInterface;
  11. use Sylius\RbacPlugin\Access\Exception\InsecureRequestException;
  12. use Sylius\RbacPlugin\Access\Exception\UnresolvedRouteNameException;
  13. use Sylius\RbacPlugin\Access\Model\AccessRequest;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Session\Session;
  16. use Symfony\Component\HttpKernel\Event\GetResponseEvent;
  17. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  19. use Symfony\Component\Security\Core\User\UserInterface;
  20. use Webmozart\Assert\Assert;
  22. final class AccessCheckListener
  23. {
  24.     /** @var AccessRequestCreatorInterface */
  25.     private $accessRequestCreator;
  27.     /** @var AdministratorAccessCheckerInterface */
  28.     private $administratorAccessChecker;
  30.     /** @var TokenStorageInterface */
  31.     private $tokenStorage;
  33.     /** @var UrlGeneratorInterface */
  34.     private $router;
  36.     /** @var Session */
  37.     private $session;
  39.     /** @var RouteNameCheckerInterface */
  40.     private $adminRouteChecker;
  42.     public function __construct(
  43.         AccessRequestCreatorInterface $accessRequestCreator,
  44.         AdministratorAccessCheckerInterface $administratorAccessChecker,
  45.         TokenStorageInterface $tokenStorage,
  46.         UrlGeneratorInterface $router,
  47.         Session $session,
  48.         RouteNameCheckerInterface $adminRouteChecker
  49.     ) {
  50.         $this->accessRequestCreator $accessRequestCreator;
  51.         $this->administratorAccessChecker $administratorAccessChecker;
  52.         $this->tokenStorage $tokenStorage;
  53.         $this->router $router;
  54.         $this->session $session;
  55.         $this->adminRouteChecker $adminRouteChecker;
  56.     }
  58.     public function onKernelRequest(GetResponseEvent $event): void
  59.     {
  60.         try {
  61.             $accessRequest $this->createAccessRequestFromEvent($event);
  62.         } catch (InsecureRequestException $exception) {
  63.             return;
  64.         }
  66.         if ($this->administratorAccessChecker->canAccessSection($this->getCurrentAdmin(), $accessRequest)) {
  67.             return;
  68.         }
  70.         $this->addAccessErrorFlash($event->getRequest()->getMethod());
  71.         $event->setResponse($this->getRedirectResponse($event->getRequest()->headers->get('referer')));
  72.     }
  74.     /** @throws InsecureRequestException */
  75.     private function createAccessRequestFromEvent(GetResponseEvent $event): AccessRequest
  76.     {
  77.         if (!$event->isMasterRequest()) {
  78.             throw new InsecureRequestException();
  79.         }
  81.         $routeName $event->getRequest()->attributes->get('_route');
  82.         $requestMethod $event->getRequest()->getMethod();
  84.         if ($routeName === null) {
  85.             throw new InsecureRequestException();
  86.         }
  88.         if (!$this->adminRouteChecker->isAdminRoute($routeName)) {
  89.             throw new InsecureRequestException();
  90.         }
  92.         try {
  93.             $accessRequest $this->accessRequestCreator->createFromRouteName($routeName$requestMethod);
  94.         } catch (UnresolvedRouteNameException $exception) {
  95.             throw new InsecureRequestException();
  96.         }
  98.         return $accessRequest;
  99.     }
  101.     private function getCurrentAdmin(): AdminUserInterface
  102.     {
  103.         $token $this->tokenStorage->getToken();
  104.         Assert::notNull($token);
  106.         /** @var AdminUserInterface|null $currentAdmin */
  107.         $currentAdmin $token->getUser();
  108.         Assert::isInstanceOf($currentAdminUserInterface::class);
  110.         return $currentAdmin;
  111.     }
  113.     private function addAccessErrorFlash(string $requestMethod): void
  114.     {
  115.         if ('GET' === $requestMethod || 'HEAD' === $requestMethod) {
  116.             $this->session->getFlashBag()->add('error''sylius_rbac.you_have_no_access_to_this_section');
  118.             return;
  119.         }
  121.         $this->session->getFlashBag()->add('error''sylius_rbac.you_are_not_allowed_to_do_that');
  122.     }
  124.     private function getRedirectResponse(?string $referer): RedirectResponse
  125.     {
  126.         if (null !== $referer) {
  127.             return new RedirectResponse($referer);
  128.         }
  130.         return new RedirectResponse($this->router->generate('sylius_admin_dashboard'));
  131.     }
  132. }