|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Ribs\RibsAdminBundle\Service; |
|
4
|
|
|
|
|
5
|
|
|
use Symfony\Component\DependencyInjection\ContainerInterface; |
|
6
|
|
|
use Symfony\Component\HttpFoundation\RequestStack; |
|
7
|
|
|
use Symfony\Component\HttpFoundation\Session\Session; |
|
8
|
|
|
use Symfony\Component\Routing\RouterInterface; |
|
9
|
|
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
|
10
|
|
|
|
|
11
|
|
|
class AccessRights |
|
12
|
|
|
{ |
|
13
|
|
|
private $em; |
|
14
|
|
|
private $router; |
|
15
|
|
|
private $session; |
|
16
|
|
|
private $request; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* AccessRights constructor. |
|
20
|
|
|
* @param ContainerInterface $em |
|
21
|
|
|
* @param RouterInterface $router |
|
22
|
|
|
* @param Session $session |
|
23
|
|
|
* @param RequestStack $request |
|
24
|
|
|
*/ |
|
25
|
|
|
public function __construct(ContainerInterface $em, RouterInterface $router, Session $session, RequestStack $request) |
|
26
|
|
|
{ |
|
27
|
|
|
$this->em = $em; |
|
28
|
|
|
$this->router = $router; |
|
29
|
|
|
$this->session = $session; |
|
30
|
|
|
$this->request = $request; |
|
31
|
|
|
} |
|
32
|
|
|
|
|
33
|
|
|
public function onKernelController() |
|
34
|
|
|
{ |
|
35
|
|
|
$route = $this->request->getCurrentRequest()->get("_route"); |
|
36
|
|
|
$admin_page = explode("_", $route)[0]; |
|
37
|
|
|
|
|
38
|
|
|
//to show admin panel |
|
39
|
|
|
if (in_array($route, ["_profiler", "_profiler_search_bar", "_wdt"])) { |
|
40
|
|
|
return; |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
$ribs_admin_rights = json_decode(file_get_contents($this->em->get("ribs_admin.globals")->getBaseBundlePath() . "/Resources/json/ribsadmin_rights.json")); |
|
44
|
|
|
|
|
45
|
|
|
if ($admin_page == "ribsadmin" && ($route !== 404) && ($route !== null)) { |
|
46
|
|
|
$route_right = $this->in_array_recursive($route, $ribs_admin_rights); |
|
47
|
|
|
|
|
48
|
|
|
if ($route_right === false) { |
|
49
|
|
|
throw new AccessDeniedException("No access"); |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
if ($this->testRouteRight($route_right) === true) { |
|
53
|
|
|
return; |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
throw new AccessDeniedException("No access"); |
|
57
|
|
|
} |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* @param string $right |
|
62
|
|
|
* @return bool |
|
63
|
|
|
* function that allow to test a right directly in the view |
|
64
|
|
|
*/ |
|
65
|
|
View Code Duplication |
public function testRight(string $right): bool |
|
|
|
|
|
|
66
|
|
|
{ |
|
67
|
|
|
$user_rights = $this->getUserRights(); |
|
68
|
|
|
$list_rights = $this->getRightsListOfUser(); |
|
69
|
|
|
|
|
70
|
|
|
$all_rights = array_merge($user_rights, $list_rights); |
|
71
|
|
|
|
|
72
|
|
|
if (in_array($right, $all_rights)) { |
|
73
|
|
|
return true; |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
return false; |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
/** |
|
80
|
|
|
* @param array $route_right |
|
81
|
|
|
* @return bool |
|
82
|
|
|
* test if route_right is found in users rights |
|
83
|
|
|
*/ |
|
84
|
|
View Code Duplication |
private function testRouteRight(array $route_right): bool { |
|
|
|
|
|
|
85
|
|
|
$user_rights = $this->getUserRights(); |
|
86
|
|
|
$list_rights = $this->getRightsListOfUser(); |
|
87
|
|
|
|
|
88
|
|
|
$all_rights = array_merge($user_rights, $list_rights); |
|
89
|
|
|
|
|
90
|
|
|
foreach ($all_rights as $right) { |
|
91
|
|
|
if (in_array($right, $route_right)) { |
|
92
|
|
|
return true; |
|
93
|
|
|
} |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
return false; |
|
97
|
|
|
} |
|
98
|
|
|
|
|
99
|
|
|
/** |
|
100
|
|
|
* @param $needle |
|
101
|
|
|
* @param $haystack |
|
102
|
|
|
* @return bool|mixed |
|
103
|
|
|
* fonction that search if the right contain an url or more |
|
104
|
|
|
*/ |
|
105
|
|
|
private function in_array_recursive($needle, $haystack) |
|
106
|
|
|
{ |
|
107
|
|
|
$rights = []; |
|
108
|
|
|
$it = new \RecursiveIteratorIterator(new \RecursiveArrayIterator($haystack)); |
|
109
|
|
|
|
|
110
|
|
|
foreach ($it AS $element => $value) { |
|
111
|
|
|
if ($value == $needle) { |
|
112
|
|
|
$rights[] = $it->getInnerIterator()["right"]; |
|
113
|
|
|
} |
|
114
|
|
|
} |
|
115
|
|
|
|
|
116
|
|
|
if (count($rights) === 0) { |
|
117
|
|
|
return false; |
|
118
|
|
|
} |
|
119
|
|
|
|
|
120
|
|
|
return $rights; |
|
121
|
|
|
} |
|
122
|
|
|
|
|
123
|
|
|
|
|
124
|
|
|
/** |
|
125
|
|
|
* @return array function that retun a array that contain all user rights or empty array if no right found |
|
126
|
|
|
*/ |
|
127
|
|
View Code Duplication |
private function getUserRights(): array |
|
|
|
|
|
|
128
|
|
|
{ |
|
129
|
|
|
$user_rights = $this->em->get("security.token_storage")->getToken()->getUser()->getUser()->getAccessRights(); |
|
130
|
|
|
|
|
131
|
|
|
if ($user_rights) { |
|
132
|
|
|
return explode(",", $user_rights); |
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
return [""]; |
|
136
|
|
|
} |
|
137
|
|
|
|
|
138
|
|
|
/** |
|
139
|
|
|
* @return array function that retun a array that contain all rights of rattached list right of the current user |
|
140
|
|
|
*/ |
|
141
|
|
View Code Duplication |
private function getRightsListOfUser(): array { |
|
|
|
|
|
|
142
|
|
|
$user_rights = $this->em->get("security.token_storage")->getToken()->getUser()->getUser()->getAccessRightList()->getAccessRights(); |
|
143
|
|
|
|
|
144
|
|
|
if ($user_rights) { |
|
145
|
|
|
return explode(",", $user_rights); |
|
146
|
|
|
} |
|
147
|
|
|
|
|
148
|
|
|
return [""]; |
|
149
|
|
|
} |
|
150
|
|
|
} |
Piou-piou /
RibsAdminBundle
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.