src/AppBundle/Listener/PermissionKernelControllerListener.php line 31

Open in your IDE?
  1. <?php
  3. namespace AppBundle\Listener;
  5. use Symfony\Component\DependencyInjection\ContainerInterface;
  6. use Symfony\Component\HttpFoundation\JsonResponse;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\Response;
  9. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  10. use Symfony\Component\HttpKernel\HttpKernelInterface;
  11. use Topxia\Service\Common\ServiceKernel;
  13. class PermissionKernelControllerListener
  14. {
  15.     protected $paths;
  16.     /**
  17.      * @var ContainerInterface
  18.      */
  19.     private $container;
  20.     /**
  21.      * @var mixed
  22.      */
  23.     private $path;
  25.     public function __construct(ContainerInterface $container$path)
  26.     {
  27.         $this->container $container;
  28.         $this->path $path;
  29.     }
  31.     public function onKernelController(ControllerEvent $event)
  32.     {
  33.         if (HttpKernelInterface::MAIN_REQUEST != $event->getRequestType()) {
  34.             return;
  35.         }
  37.         $request $event->getRequest();
  38.         $currentUser ServiceKernel::instance()->getCurrentUser();
  40.         if (in_array('ROLE_SUPER_ADMIN'$currentUser['roles'])) {
  41.             return;
  42.         }
  43.         $route $this->container
  44.             ->get('router')
  45.             ->getMatcher()
  46.             ->match($request->getPathInfo());
  48.         $permissions = empty($route['_permissions']) ? [] : $route['_permissions'];
  49.         if (empty($permissions)) {
  50.             return;
  51.         }
  53.         foreach ($permissions as $permission) {
  54.             if ($currentUser->hasPermission($permission)) {
  55.                 return;
  56.             }
  57.         }
  59.         if ($this->isApiRequest($request)) {
  60.             $response = new JsonResponse([
  61.                 'status' => false,
  62.                 'message' => $this->container->get('translator')->trans('admin.sensitive_manage.prompt.tips'),
  63.                 'permissions' => (array) $permissions,
  64.             ], 403);
  65.         } elseif (!preg_match('/^\/admin/'$request->getPathInfo())) {
  66.             $response $this->container->get('twig')->render('role/permission-error.html.twig');
  67.         } else {
  68.             $response $this->container->get('twig')->render('admin/role/permission-error.html.twig');
  69.         }
  70.         $event->setController(function () use ($response) {
  71.             return new Response($response403);
  72.         });
  73.     }
  75.     private function isApiRequest(Request $request): bool
  76.     {
  77.         return in_array($request->headers->get('Accept'''), ['application/json''application/vnd.edusoho.v2+json''application/vnd.edusoho.v3+json']);
  78.     }
  79. }