src/EventListener/KernelListener.php line 72

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Service\App\ApiResponseService;
  6. use InvalidArgumentException;
  7. use Symfony\Component\DependencyInjection\ContainerInterface;
  8. use Symfony\Component\HttpKernel\Event\RequestEvent;
  9. use Symfony\Component\Security\Core\Security;
  10. use Symfony\Component\Yaml\Yaml;
  11. use Symfony\Contracts\HttpClient\Exception\ClientExceptionInterface;
  12. use Symfony\Contracts\HttpClient\Exception\DecodingExceptionInterface;
  13. use Symfony\Contracts\HttpClient\Exception\RedirectionExceptionInterface;
  14. use Symfony\Contracts\HttpClient\Exception\ServerExceptionInterface;
  15. use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
  18. class KernelListener
  19. {
  20.     /** @var Security */
  21.     private Security $security;
  23.     /** @var ApiResponseService */
  24.     private ApiResponseService $apiResponseService;
  26.     /** @var ContainerInterface */
  27.     private ContainerInterface $container;
  29.     /** @var array */
  30.     private array $userRoles;
  32.     /** @var string */
  33.     private string $configFile;
  35.     /** @var string */
  36.     private string $securityFile;
  39.     /**
  40.      * @param Security $security
  41.      * @param ApiResponseService $apiResponseService
  42.      * @param ContainerInterface $container
  43.      * @param string $configFile
  44.      * @param string $securityFile
  45.      * @throws ClientExceptionInterface
  46.      * @throws RedirectionExceptionInterface
  47.      * @throws ServerExceptionInterface
  48.      */
  49.     public function __construct(
  50.         Security           $security,
  51.         ApiResponseService $apiResponseService,
  52.         ContainerInterface $container,
  53.         string             $configFile,
  54.         string             $securityFile
  55.     )
  56.     {
  57.         $this->security $security;
  58.         $this->apiResponseService $apiResponseService;
  59.         $this->container $container;
  60.         $this->configFile $configFile;
  61.         $this->securityFile $securityFile;
  62.     }
  64.     /**
  65.      * @param RequestEvent $event
  66.      * @throws ClientExceptionInterface
  67.      * @throws DecodingExceptionInterface
  68.      * @throws RedirectionExceptionInterface
  69.      * @throws ServerExceptionInterface
  70.      * @throws TransportExceptionInterface
  71.      */
  72.     public function onKernelRequest(RequestEvent $event)
  73.     {
  74.         $request $event->getRequest();
  75.         $route $request->attributes->get('_route');
  77.         if ($this->security->getUser()) {
  78.             $this->userRoles $this->security->getUser()->getRoles();
  80.             $configArray $this->loadYamlConfigurations($this->configFile);
  81.             $securityArray $this->loadYamlConfigurations($this->securityFile);
  83.             $adminRolesToSecure $securityArray['security']['role_hierarchy']['ADMIN_ROLES_TO_SECURE'];
  84.             $clientRolesToSecure $securityArray['security']['role_hierarchy']['CLIENT_ROLES_TO_SECURE'];
  86.             // secure all admin route
  87.             if (array_intersect($adminRolesToSecure$this->userRoles)) {
  88.                 if (!$this->accessAuthorisation($route$configArray)) {
  89.                     $event->setResponse($this->apiResponseService->getAccessDeniedResponse());
  90.                 }
  91.             }
  93.             // secure client route
  94.             if (array_intersect($clientRolesToSecure$this->userRoles)) {
  95.                 if (!$this->accessAuthorisation($route$configArray)) {
  96.                     $event->setResponse($this->apiResponseService->getAccessDeniedResponse());
  97.                 }
  98.             }
  100.         }
  101.     }
  103.     /**
  104.      * @param string $route
  105.      * @param array $configArray
  106.      * @return bool|null
  107.      */
  108.     private function accessAuthorisation(string $route, array $configArray): ?bool
  109.     {
  110.         if (array_key_exists($route$configArray)) {
  111.             if ($routeConfig $configArray[$route]) {
  112.                 return array_intersect($this->userRoles$routeConfig['requested_roles']) &&
  113.                     $this->container->get('security.authorization_checker')->isGranted($routeConfig['attribute'], $routeConfig['subject']);
  114.             }
  115.         }
  116.         return null;
  117.     }
  119.     /**
  120.      * @return array|mixed
  121.      */
  122.     private function loadYamlConfigurations(string $path)
  123.     {
  124.         $array Yaml::parse(file_get_contents($path));
  125.         if (!is_array($array)) {
  126.             throw new InvalidArgumentException(sprintf('The file "%s" must contain a YAML array.'$path));
  127.         }
  128.         return $array;
  129.     }
  131. }