vendor/pimcore/portal-engine/src/EventSubscriber/SecuritySubscriber.php line 164

Open in your IDE?
  1. <?php
  2. /**
  3.  * Pimcore
  4.  *
  5.  * This source file is available under following license:
  6.  * - Pimcore Commercial License (PCL)
  7.  *
  8.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  9.  *  @license    http://www.pimcore.org/license     PCL
  10.  */
  11. namespace Pimcore\Bundle\PortalEngineBundle\EventSubscriber;
  12. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  13. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  14. use Pimcore\Bundle\PortalEngineBundle\Service\PublicShare\PublicShareService;
  15. use Pimcore\Bundle\PortalEngineBundle\Service\Security\SecurityService;
  16. use Pimcore\Controller\FrontendController;
  17. use Pimcore\Event\AssetEvents;
  18. use Pimcore\Event\DataObjectEvents;
  19. use Pimcore\Event\Model\AssetEvent;
  20. use Pimcore\Event\Model\DataObjectEvent;
  21. use Pimcore\Tool;
  22. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  23. use Symfony\Component\HttpFoundation\RequestStack;
  24. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  25. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  26. use Symfony\Component\Security\Core\Security;
  27. /**
  28.  * Class IndexUpdateListener
  29.  *
  30.  * @package Pimcore\Bundle\PortalEngineBundle\EventListener
  31.  */
  32. class SecuritySubscriber implements EventSubscriberInterface
  33. {
  34.     /**
  35.      * @var PortalConfigService
  36.      */
  37.     protected $portalConfigService;
  38.     /**
  39.      * @var Security
  40.      */
  41.     protected $security;
  42.     /**
  43.      * @var SecurityService
  44.      */
  45.     protected $securityService;
  46.     /**
  47.      * @var RequestStack
  48.      */
  49.     protected $requestStack;
  50.     /**
  51.      * @var PublicShareService
  52.      */
  53.     protected $publicShareService;
  54.     protected $publicRoutes = [
  55.         'pimcore_portalengine_auth_login',
  56.         'pimcore_portalengine_auth_recover_password',
  57.         'pimcore_portalengine_public_share_public_list',
  58.         'pimcore_portalengine_rest_api_translation_load_catalogue',
  59.         'pimcore_directedit_downloadfile',
  60.         'pimcore_directedit_renotifybrowser',
  61.         'pimcore_directedit_uploadfile',
  62.         'pimcore_directedit_client_askactivity',
  63.     ];
  64.     protected $publicShareHashRoutes = [
  65.         'pimcore_portalengine_public_share_public_asset_detail',
  66.         'pimcore_portalengine_public_share_public_object_detail',
  67.         'pimcore_portalengine_rest_api_public_share_asset_list',
  68.         'pimcore_portalengine_rest_api_public_share_asset_list_filters',
  69.         'pimcore_portalengine_rest_api_public_share_asset_detail',
  70.         'pimcore_portalengine_rest_api_public_share_asset_detail_results_list',
  71.         'pimcore_portalengine_rest_api_public_share_data_object_list',
  72.         'pimcore_portalengine_rest_api_public_share_data_object_list_filters',
  73.         'pimcore_portalengine_rest_api_public_share_data_object_detail',
  74.         'pimcore_portalengine_rest_api_public_share_data_object_detail_results_list',
  75.         'pimcore_portalengine_rest_api_public_share_download_download_types',
  76.         'pimcore_portalengine_rest_api_batch_task_list',
  77.         'pimcore_portalengine_rest_api_batch_task_delete',
  78.         'pimcore_portalengine_rest_api_batch_task_process_notification_action',
  79.         'pimcore_portalengine_rest_api_asset_download',
  80.         'pimcore_portalengine_rest_api_download_trigger_download',
  81.         'pimcore_portalengine_rest_api_download_get_estimation_result',
  82.         'pimcore_portalengine_rest_api_download_multi_download_trigger_download_estimation',
  83.         'pimcore_portalengine_rest_api_download_single_download',
  84.         'pimcore_portalengine_rest_api_public_share_trigger_download_estimation',
  85.         'pimcore_portalengine_rest_api_public_share_detail_actions',
  86.         'pimcore_portalengine_rest_api_translation_valid_languages',
  87.         'pimcore_portalengine_rest_api_asset_metadata_layout',
  88.     ];
  89.     /**
  90.      * SecuritySubscriber constructor.
  91.      *
  92.      * @param PortalConfigService $portalConfigService
  93.      * @param Security $security
  94.      * @param SecurityService $securityService
  95.      * @param RequestStack $requestStack
  96.      * @param PublicShareService $publicShareService
  97.      */
  98.     public function __construct(PortalConfigService $portalConfigServiceSecurity $securitySecurityService $securityServiceRequestStack $requestStackPublicShareService $publicShareService)
  99.     {
  100.         $this->portalConfigService $portalConfigService;
  101.         $this->security $security;
  102.         $this->securityService $securityService;
  103.         $this->requestStack $requestStack;
  104.         $this->publicShareService $publicShareService;
  105.     }
  106.     /**
  107.      * @return array
  108.      */
  109.     public static function getSubscribedEvents()
  110.     {
  111.         return [
  112.             ControllerEvent::class => ['onKernelController'19],
  113.             DataObjectEvents::PRE_UPDATE => 'onPreUpdate',
  114.             AssetEvents::PRE_UPDATE => 'onPreUpdate',
  115.         ];
  116.     }
  117.     /**
  118.      * @param ControllerEvent $controllerEvent
  119.      */
  120.     public function onKernelController(ControllerEvent $controllerEvent)
  121.     {
  122.         if (!$controllerEvent->isMasterRequest()) {
  123.             return;
  124.         }
  125.         if (!$this->portalConfigService->isPortalEngineSite()) {
  126.             return;
  127.         }
  128.         if (!Tool::isFrontend()) {
  129.             return;
  130.         }
  131.         if (!$controllerEvent->getController()[0] instanceof FrontendController) {
  132.             return;
  133.         }
  134.         $route $controllerEvent->getRequest()->attributes->get('_route');
  135.         $isPublicRoute in_array(
  136.             $route,
  137.             $this->publicRoutes
  138.         );
  139.         $request $controllerEvent->getRequest();
  140.         if (in_array($route$this->publicShareHashRoutes) && $request->get('publicShareHash')) {
  141.             $publicShare $this->publicShareService->validateByHash($request->get('publicShareHash'));
  142.             $this->publicShareService->setUpPublicShare($publicShare);
  143.         }
  144.         if (!$isPublicRoute && !$this->security->isGranted(Permission::PORTAL_ACCESS)) {
  145.             throw new AuthenticationException('invalid login');
  146.         }
  147.     }
  148.     /**
  149.      * @param DataObjectEvent|AssetEvent $event
  150.      */
  151.     public function onPreUpdate($event)
  152.     {
  153.         if ($this->requestStack->getMasterRequest() && !$this->portalConfigService->isPortalEngineSite()) {
  154.             return;
  155.         }
  156.         if (!$portalUser $this->securityService->getPortalUser()) {
  157.             return;
  158.         }
  159.         $event->getElement()->setUserModification($this->securityService->getPimcoreUserId());
  160.     }
  161. }