Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
<?php
namespace Far\UserBundle\EventListener;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\EventDispatcher\Event;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
class AccessControl implements EventSubscriberInterface
{
private $em;
private $dispatcher;
private $security;
private $router;
public function __construct($em, $dispatcher, $security, $router)
{
$this->em = $em;
$this->dispatcher = $dispatcher;
$this->security = $security;
$this->router = $router;
}
public static function getSubscribedEvents()
{
return array(
KernelEvents::REQUEST => ['onKernelRequest', 0],
);
}
public function onKernelRequest($event)
{
if ($event->getRequestType() != HttpKernelInterface::MASTER_REQUEST) {
return null;
}
$user = $this->security->getToken()->getUser();
$request = $event->getRequest();
$requested_uri = $request->getRequestUri();
$internal_route = $request->get('_route'); // this what is used to validate access
if ($internal_route == 'fos_user_registration_register') {
return true;
}
if ($user == 'anon.') { // TODO security issue here must check if destination is allowed
$mainrequest = $event->getRequest();
// Matched route
$_route = $mainrequest->attributes->get('_route');
// Matched controller
$_controller = $mainrequest->attributes->get('_controller');
// All route parameters including the `_controller`
$params = $mainrequest->attributes->get('_route_params');
if ($_route != 'fos_user_security_login') {
$url = $this->router->generate('fos_user_security_login');
$response = new RedirectResponse($url);
$event->setResponse($response);
}
return;
}
if ($user->hasGroup("Admin")) {
return true;
}
$request = $event->getRequest();
$requested_uri = $request->getRequestUri();
$internal_route = $request->get('_route'); // this what is used to validate access
if (mb_substr($internal_route, 0, mb_strlen("lab_")) == "lab_") {
if ($user->hasGroup("Laboratorio")) {
return true;
} else {
// monolog here
throw new \Exception("Unauthorized access. $internal_route");
}
}
if (mb_substr($internal_route, 0, mb_strlen("stock")) == "stock") {
if ($user->hasGroup("Stock")) {
return true;
} else {
// monolog here
throw new \Exception("Unauthorized access. $internal_route");
}
}
if (mb_substr($internal_route, 0, mb_strlen("user")) == "user") {
if ($user->hasGroup("Admin")) {
return true;
} else {
// monolog here
throw new \Exception("Unauthorized access. $internal_route");
}
}
}
}
<container>
<services>
<service id="far_user.eventlistener.stock" class="Far\UserBundle\EventListener\AccessControl">
<tag name="kernel.event_subscriber" connection="default" />
<argument type="service" id="doctrine.orm.entity_manager"/>
<argument type="service" id="event_dispatcher"/>
<argument type="service" id="security.context"/>
<argument type="service" id="router"/>
</service>
</services>
</container>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment