src/Domain/User/Symfony/EventSubscriber/Kernel/SwitchUserSubscriber.php line 111

Open in your IDE?
  1. <?php
  3. /**
  4.  * This file is part of the MADIS - RGPD Management application.
  5.  *
  6.  * @copyright Copyright (c) 2018-2019 Soluris - Solutions Numériques Territoriales Innovantes
  7.  * @author ANODE <contact@agence-anode.fr>
  8.  *
  9.  * This program is free software: you can redistribute it and/or modify
  10.  * it under the terms of the GNU Affero General Public License as published by
  11.  * the Free Software Foundation, either version 3 of the License, or
  12.  * (at your option) any later version.
  13.  *
  14.  * This program is distributed in the hope that it will be useful,
  15.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17.  * GNU Affero General Public License for more details.
  18.  *
  19.  * You should have received a copy of the GNU Affero General Public License
  20.  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  21.  */
  23. declare(strict_types=1);
  25. namespace App\Domain\User\Symfony\EventSubscriber\Kernel;
  27. use App\Domain\Reporting\Dictionary\LogJournalActionDictionary;
  28. use App\Domain\Reporting\Dictionary\LogJournalSubjectDictionary;
  29. use App\Domain\Reporting\Model\LogJournal;
  30. use App\Domain\User\Dictionary\UserRoleDictionary;
  31. use App\Domain\User\Model\Collectivity;
  32. use App\Domain\User\Model\User;
  33. use Doctrine\ORM\EntityManagerInterface;
  34. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  35. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  36. use Symfony\Component\Security\Core\Security;
  37. use Symfony\Component\Security\Http\Event\SwitchUserEvent;
  38. use Symfony\Component\Security\Http\SecurityEvents;
  40. class SwitchUserSubscriber implements EventSubscriberInterface
  41. {
  42.     /**
  43.      * @var Security
  44.      */
  45.     private $security;
  47.     /**
  48.      * @var EntityManagerInterface
  49.      */
  50.     private $entityManager;
  52.     /**
  53.      * @var \App\Domain\User\Repository\User
  54.      */
  55.     private $userRepository;
  57.     public function __construct(
  58.         Security $security,
  59.         EntityManagerInterface $em,
  60.         \App\Domain\User\Repository\User $userRepository
  61.     ) {
  62.         $this->security       $security;
  63.         $this->entityManager  $em;
  64.         $this->userRepository $userRepository;
  65.     }
  67.     public static function getSubscribedEvents()
  68.     {
  69.         return [
  70.             SecurityEvents::SWITCH_USER => 'onSwitchUser',
  71.         ];
  72.     }
  74.     private function supports(SwitchUserEvent $event)
  75.     {
  76.         $request             $event->getRequest();
  77.         $switchUserAttribute $request->get('_switch_user');
  79.         if ('_exit' === $switchUserAttribute || $this->security->isGranted('ROLE_ADMIN')) {
  80.             return true;
  81.         }
  83.         /** @var User $switchUser */
  84.         $switchUser $this->userRepository->findOneOrNullByEmail($switchUserAttribute);
  86.         if (\is_null($switchUser)) {
  87.             return false;
  88.         }
  90.         $deniedRoles = [UserRoleDictionary::ROLE_REFERENTUserRoleDictionary::ROLE_ADMIN];
  91.         if (\in_array($switchUser->getRoles()[0], $deniedRoles)) {
  92.             return false;
  93.         }
  95.         /** @var User $connectedUser */
  96.         $connectedUser  $this->security->getUser();
  97.         $collectivities \array_filter(
  98.             \iterable_to_array($connectedUser->getCollectivitesReferees()),
  99.             function (Collectivity $collectivity) use ($switchUser) {
  100.                 return $collectivity === $switchUser->getCollectivity();
  101.             }
  102.         );
  104.         if (empty($collectivities)) {
  105.             return false;
  106.         }
  108.         return true;
  109.     }
  111.     public function onSwitchUser(SwitchUserEvent $event)
  112.     {
  113.         if (!$this->supports($event)) {
  114.             throw new AccessDeniedException();
  115.         }
  117.         $request    $event->getRequest();
  118.         $switchUser $request->get('_switch_user');
  120.         /** @var User $user */
  121.         $user   $this->security->getUser();
  122.         $action LogJournalActionDictionary::SWITCH_USER_ON;
  123.         /** @var User $targetUser */
  124.         $targetUser         $event->getTargetUser();
  125.         $switchUserFullName $targetUser->getFullName();
  127.         if ('_exit' === $switchUser) {
  128.             $action             LogJournalActionDictionary::SWITCH_USER_OFF;
  129.             $switchUserFullName $user->getFullName();
  130.             /** @var User $user */
  131.             $user $event->getTargetUser();
  132.         }
  134.         $log = new LogJournal(
  135.             $user->getCollectivity(),
  136.             $user->getFullName(),
  137.             $user->getEmail(),
  138.             $action,
  139.             LogJournalSubjectDictionary::USER_USER,
  140.             $user->getId()->toString(),
  141.             $switchUserFullName
  142.         );
  144.         $this->entityManager->persist($log);
  145.         $this->entityManager->flush();
  146.     }
  147. }