<?php
namespace App\EventListener;
use App\Controller\User\Me\RoleController;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
class UserRoleListener
{
private AuthorizationCheckerInterface $authorizationChecker;
private TokenStorageInterface $tokenStorage;
public function __construct(
AuthorizationCheckerInterface $authorizationChecker,
TokenStorageInterface $tokenStorage
) {
$this->authorizationChecker = $authorizationChecker;
$this->tokenStorage = $tokenStorage;
}
public function __invoke(RequestEvent $event)
{
$request = $event->getRequest();
if ('/api/app/supplier-requests' == $request->server->get('REQUEST_URI')) {
return;
}
if ('/api/user/me/forgot-password' == $request->server->get('REQUEST_URI')) {
return;
}
if (
null === $this->tokenStorage->getToken() ||
!$this->tokenStorage->getToken()->isAuthenticated()
) {
return;
}
if (RoleController::class === $request->attributes->get('_controller')) {
return;
}
if (!$request->headers->has('x-user-role')) {
throw new AccessDeniedHttpException();
}
$authorizationCheck = $this->authorizationChecker
->isGranted($request->headers->get('x-user-role'));
if (!$authorizationCheck) {
throw new AccessDeniedHttpException();
}
$request->attributes->set('userRole', $request->headers->get('x-user-role'));
}
}