src/EventSubscriber/OrganizationSubscriber.php line 29

  1. <?php
  3. namespace App\EventSubscriber;
  6. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  7. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  8. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  10. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  11. use Symfony\Component\HttpKernel\KernelEvents;
  13. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  14. use App\Controller\OrganizationAuthenticatedController;
  16. use App\Repository\Usm\UserRepository;
  18. class OrganizationSubscriber implements EventSubscriberInterface
  19. {
  20.     private $tokenStorage;
  21.     private $userRepository;
  22.     
  23.     public function __construct(TokenStorageInterface $tokenStorageUserRepository $userRepository)
  24.     {
  25.          $this->tokenStorage $tokenStorage;
  26.          $this->userRepository $userRepository;
  27.     }
  29.     public function onKernelController(ControllerEvent $event)
  30.     {
  31.         $controller $event->getController();
  33.         // when a controller class defines multiple action methods, the controller
  34.         // is returned as [$controllerInstance, 'methodName']
  35.         if (is_array($controller)) {
  36.             $controller $controller[0];
  37.         }
  38.         
  39.         if (!$token $this->tokenStorage->getToken()) {
  40.             return ;
  41.         }
  43.         if (!$user $token->getUser()) {
  44.             return ;
  45.         }
  47.         if ($controller instanceof OrganizationAuthenticatedController) {
  48.             $accessDenied false;
  49.             
  50.             if ($event->getRequest()->headers->has('Organization')){
  51.                 $headerOrganizationId $event->getRequest()->headers->get('Organization');
  52.                 
  53.                 $organizationId $this->userRepository->getUserOrganization($user->getId());
  54.                 
  55.                 $organizationValid false;
  56.                 
  57.                 if ($headerOrganizationId == $organizationId){
  58.                     $organizationValid true;
  59.                 }else{
  60.                     $userRoles $user->getRoles();
  61.                     
  62.                     if (in_array('ROLE_ADMIN'$userRoles)){
  63.                         $organizationValid true;
  64.                     }
  65.                 }
  66.                 
  67.                 if ($organizationValid){
  68.                     // mark the request as having passed owner authentication
  69.                     $event->getRequest()->attributes->set('auth_organization_id'$organizationId);
  70.                     $event->getRequest()->getSession()->set('__organization'$organizationId);
  71.                 }else{
  72.                     $accessDenied true;
  73.                 }
  74.             }
  75.             
  76.             if ($accessDenied) {
  77.                 throw new AccessDeniedHttpException('This action needs a valid organization!');
  78.             }
  79.         }
  80.     }
  81.     
  82.     public function onKernelResponse(ResponseEvent $event)
  83.     {
  84.         // check to see if onKernelController marked this as a token "auth'ed" request
  85.         if (!$organizationId $event->getRequest()->attributes->get('auth_organization_id')) {
  86.             return;
  87.         }
  89.         $response $event->getResponse();
  91.         // create a hash and set it as a response header
  92.         $hash sha1($response->getContent().$organizationId);
  93.         
  94.         $response->headers->set('X-ORGANIZATION-ID'$hash);
  95.     }
  97.     public static function getSubscribedEvents()
  98.     {
  99.         return [
  100.             KernelEvents::CONTROLLER => 'onKernelController',
  101.             KernelEvents::RESPONSE => 'onKernelResponse',
  102.         ];
  103.     }
  104. }