<?php
namespace App\EventSubscriber;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\HttpKernel\Event\ControllerEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
class CheckAccessGlobalSubscriber implements EventSubscriberInterface
{
private $manager;
private $allModules = array("App\Controller\MessageController", "App\Controller\UserController", "App\Controller\CompanyController", "App\Controller\ProjectController", "App\Controller\OrderController", "App\Controller\ContractController", "App\Controller\SupplierController", "App\Controller\TimesheetController", "App\Controller\DailyReportController", "App\Controller\TimetableController", "App\Controller\ServiceController", "App\Controller\BilanController", "App\Controller\ProductController","App\Controller\ClientController", "App\Controller\PunchController");
/** @var TokenStorageInterface */
protected $tokenStorage;
protected $authChecker;
public function __construct( EntityManagerInterface $manager, TokenStorageInterface $tokenStorage, AuthorizationCheckerInterface $authChecker) {
$this->manager = $manager;
$this->tokenStorage = $tokenStorage;
$this->authChecker = $authChecker;
}
public function onControllerEvent(ControllerEvent $event)
{
if (($this->tokenStorage->getToken() == null) OR ($this->authChecker->isGranted('IS_AUTHENTICATED_REMEMBERED') === false OR $this->authChecker->isGranted("ROLE_ADMIN"))) return;
/** @var User */
$user = $this->tokenStorage->getToken()->getUser();
$modules = $user->getCompany()->getModules();
$user_modules = $user->getModules();
$controller = $event->getController();
// when a controller class defines multiple action methods, the controller
// is returned as [$controllerInstance, 'methodName']
if (is_array($controller)) {
$controller = $controller[0];
}
//Get out if ur company is not active
if ($user AND $user->getCompany()->getIsActive() == false) {
$this->tokenStorage->setToken(null);
}
$controllerInstance = get_class($controller);
if (!in_array($controllerInstance,$this->allModules) OR $controllerInstance == "App\Controller\MessageController") return;
//client and product are sub controllers of service
$controllerInstance = (in_array($controllerInstance, array("App\Controller\ProductController","App\Controller\ClientController"))) ? "App\Controller\ServiceController" : $controllerInstance;
//Punch is sub controller of timetable
$controllerInstance = $controllerInstance == "App\Controller\PunchController" ? "App\Controller\TimetableController" : $controllerInstance;
$is_manager = $this->authChecker->isGranted("ROLE_MANAGER");
$globalModules = array("App\Controller\HomeController");
if ($is_manager) {
if (is_array($globalModules) AND is_array($modules) AND !in_array($controllerInstance, $globalModules) AND !in_array($controllerInstance, $modules)) {
throw new AccessDeniedHttpException("Ce module n'est pas disponnible!");
}
} else {
if (is_array($globalModules) AND is_array($modules) AND is_array($user_modules) AND !in_array($controllerInstance, $globalModules) AND (!in_array($controllerInstance, $modules) OR !in_array($controllerInstance, $user_modules))) {
throw new AccessDeniedHttpException("Ce module n'est pas disponnible!");
}
}
}
public static function getSubscribedEvents()
{
return [
ControllerEvent::class => 'onControllerEvent',
];
}
}