src/EventSubscriber/KernelControllerSubscriber.php line 65

Open in your IDE?
  1. <?php
  3. namespace App\EventSubscriber;
  5. use App\Controller\__Contact\cms_api\PersonalSpaceController;
  6. use App\Controller\__Contact\cms_api\UserCMSController;
  7. use App\Controller\__Contact\cms_api\ProcessController;
  8. use App\Controller\__Sale\LegalTextController;
  9. use App\Controller\Account\BookingController;
  10. use App\Controller\Contact\BookletDownloadController;
  11. use App\Controller\PaymentMode\PaymentModeController;
  12. use App\Repository\User\UserCmsRepository;
  13. use Croisiland\CommonBundle\Helper\CmsErpApiHelper;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\HttpFoundation\JsonResponse;
  16. use Symfony\Component\HttpFoundation\RequestStack;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  20. class KernelControllerSubscriber implements EventSubscriberInterface
  21. {
  22.     public const USERCMS_ALLOWED_ROUTES = [
  23.         'contact_cms_api_user_cms_login',
  24.         'contact_cms_api_user_cms_logout',
  25.         'contact_cms_api_user_cms_register',
  26.         'contact_cms_api_user_cms_check_email',
  27.         'contact_cms_api_get_reset_password_token',
  28.         'contact_cms_api_user_cms_change_password',
  29.     ];
  30.     public const BOOKING_ROUTES_TO_CONTROL = [
  31.         'account_booking_get_booking_complete_payments_view',
  32.         'account_booking_get_booking_complete_documents_view',
  33.         'account_booking_payment_is_split',
  34.         'account_booking_change_validate',
  35.         'account_booking__planned_payment_list',
  36.         'account_booking__payment_list',
  37.         'account_booking_amendment_validate',
  38.         'account_booking__passenger_information_request',
  39.         'account_booking__passenger_formality_request',
  40.         'account_booking__upload_document',
  41.         'account_booking__delete_document',
  43.         'account_booking_complete',
  45.         'contact_cms_api_process_new_quote',
  46.         'contact_cms_api_process_edit_quote',
  47.     ];
  48.     public const LEGAL_TEXT_ROUTES_TO_CONTROL = [
  49.         'sale_legal_text_cms_api_view',
  50.         'sale_legal_text_cms_api_list'
  51.     ];
  52.     protected RequestStack $requestStack;
  53.     protected UserCmsRepository $userCmsRepository;
  54.     protected CmsErpApiHelper $cmsErpApiHelper;
  56.     public function __construct(RequestStack $requestStack,
  57.                                 UserCmsRepository $userCmsRepository,
  58.                                 CmsErpApiHelper $cmsErpApiHelper)
  59.     {
  60.         $this->requestStack $requestStack;
  61.         $this->userCmsRepository $userCmsRepository;
  62.         $this->cmsErpApiHelper $cmsErpApiHelper;
  63.     }
  65.     public function onKernelController(ControllerEvent $event): void
  66.     {
  67.         $request $this->requestStack->getCurrentRequest();
  69.         if ($this->controlRequired($event)) {
  70.             $userToken null;
  71.             if (null !== $request->request->get('userToken')) {
  72.                 $userToken $request->request->get('userToken');
  73.             }
  74.             elseif (null !== $request->query->get('userToken')) {
  75.                 $userToken $request->query->get('userToken');
  76.             }
  77.             elseif (null !== $request->request->get('token')) {
  78.                 $userToken $request->request->get('token');
  79.             }
  80.             elseif (null !== $request->query->get('token')) {
  81.                 $userToken $request->query->get('token');
  82.             }
  84.             try {
  85.                 $userCMS $userToken === null null $this->userCmsRepository->findOneByAccountToken($userToken);
  86.             }
  87.             catch (\Exception $e) {
  88.                 $userCMS null;
  89.             }
  91.             if ($userCMS === null) {
  92.                 $event->setController(
  93.                     function() {
  94.                         return new JsonResponse(['error' => 'Connexion non autorisée'], Response::HTTP_FORBIDDEN);
  95.                     }
  96.                 );
  97.             }
  98.             else {
  99.                 $request->attributes->set('userCms'$userCMS);
  100.             }
  101.         }
  102.         elseif ($this->globalControlRequired($event)) {
  103.             $token $request->get('_access_token');
  105.             if ($token !== $this->cmsErpApiHelper->getToken()) {
  106.                 $event->setController(
  107.                     function() {
  108.                         return new JsonResponse(['error' => 'Connexion non autorisée'], Response::HTTP_FORBIDDEN);
  109.                     }
  110.                 );
  111.             }
  112.         }
  113.     }
  115.     private function controlRequired(ControllerEvent $event): bool
  116.     {
  117.         $controller is_array($event->getController()) ? $event->getController()[0] : $event->getController();
  118.         $request $this->requestStack->getCurrentRequest();
  119.         $routeName $request->get('_route');
  121.         if (get_class($controller) === UserCMSController::class && !in_array($routeNameself::USERCMS_ALLOWED_ROUTES)) {
  122.             return true;
  123.         }
  125.         if (get_class($controller) === BookingController::class && in_array($routeNameself::BOOKING_ROUTES_TO_CONTROL)) {
  126.             return true;
  127.         }
  129.         if (get_class($controller) === ProcessController::class) {
  130.             return true;
  131.         }
  133.         if (get_class($controller) === PersonalSpaceController::class) {
  134.             return true;
  135.         }
  137.         if (get_class($controller) === BookletDownloadController::class) {
  138.             return true;
  139.         }
  141.         return false;
  142.     }
  144.     private function globalControlRequired(ControllerEvent $event): bool
  145.     {
  146.         $controller is_array($event->getController()) ? $event->getController()[0] : $event->getController();
  147.         $request $this->requestStack->getCurrentRequest();
  148.         $routeName $request->get('_route');
  150.         if (strstr($routeName'contact_cms_api_') !== false) {
  151.             return true;
  152.         }
  154.         if (get_class($controller) === LegalTextController::class && in_array($routeNameself::LEGAL_TEXT_ROUTES_TO_CONTROL)) {
  155.             return true;
  156.         }
  158.         return false;
  159.     }
  161.     public static function getSubscribedEvents(): array
  162.     {
  163.         return [
  164.             'kernel.controller' => 'onKernelController',
  165.         ];
  166.     }
  167. }