<?php
namespace Platform\ControlPanelBundle\Listeners;
use Cms\CoreBundle\Service\ContextManager;
use Platform\ControlPanelBundle\Controller\ContractorController;
use Platform\ControlPanelBundle\Controller\DashboardController;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ControllerEvent;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\KernelEvents;
final class RequestListener implements EventSubscriberInterface
{
/**
* @var ContextManager
*/
private $cm;
/**
* @param ContextManager $cm
*/
public function __construct(ContextManager $cm)
{
$this->cm = $cm;
}
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents(): array
{
return [
KernelEvents::CONTROLLER => ['controlPanelCheck'],
];
}
/**
* @param ControllerEvent $event
*/
public function controlPanelCheck(ControllerEvent $event)
{
// get the controller
$controller = $event->getController();
// should be an array of object then method call
if (is_array($controller) && $controller[0] instanceof DashboardController) {
// if we are not internal, throw 404
// IMPORTANT: we must check the authenticated account, otherwise there may be issues with impersonation
$account = $this->cm->getGlobalContext()->getAuthenticatedAccount();
if (empty($account) || ! $account->isInternal()) {
$event->setController(function () {
throw new NotFoundHttpException();
});
}
}
// should be an array of object then method call
if (is_array($controller) && $controller[0] instanceof ContractorController) {
// if we are not internal, throw 404
// IMPORTANT: we must check the authenticated account, otherwise there may be issues with impersonation
$account = $this->cm->getGlobalContext()->getAuthenticatedAccount();
if (empty($account) || ! $account->isContractor()) {
$event->setController(function () {
throw new NotFoundHttpException();
});
}
}
}
}