src/EventSubscriber/LoginSubscriber.php line 31

Open in your IDE?
  1. <?php
  3. namespace App\EventSubscriber;
  5. use App\Component\UserRole\Manager\UserRoleManager;
  6. use App\Entity\User;
  7. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
  12. use Symfony\Component\Security\Http\Event\SwitchUserEvent;
  14. class LoginSubscriber implements EventSubscriberInterface
  15. {
  16.     public function __construct(
  17.         private readonly SessionInterface $session,
  18.         private readonly UserRoleManager $userRoleManager
  19.     ) {
  20.     }
  22.     public static function getSubscribedEvents(): array
  23.     {
  24.         return [
  25.             SwitchUserEvent::class => 'onSecuritySwitchUser',
  26.             LoginSuccessEvent::class => 'onLoginSuccess',
  27.             'scheb_two_factor.authentication.complete' => 'onTwoFactorAuthenticationComplete',
  28.         ];
  29.     }
  31.     public function onLoginSuccess(LoginSuccessEvent $event): void
  32.     {
  33.         $this->interactiveLogin($event->getAuthenticatedToken());
  34.     }
  36.     public function onTwoFactorAuthenticationComplete(TwoFactorAuthenticationEvent $event): void
  37.     {
  38.         $this->interactiveLogin($event->getToken());
  39.     }
  41.     public function onSecuritySwitchUser(SwitchUserEvent $event): void
  42.     {
  43.         $this->setUserGroupPermissions($event->getToken());
  44.     }
  46.     /**
  47.      * calculate and assign UserRoleEntries.
  48.      */
  49.     private function setUserGroupPermissions(TokenInterface $token)
  50.     {
  51.         // ROLE_SUPER_ADMIN doesn't need user_role_entries
  52.         if (\in_array('ROLE_SUPER_ADMIN'$token->getRoleNames(), true)) {
  53.             return;
  54.         }
  56.         $roles $token->getUser()->getUserRoles();
  58.         $entries = [];
  60.         foreach ($roles as $role) {
  61.             $rolePermissions $this->userRoleManager->getRolePermissions($role);
  63.             // if role has all permissions, skip iteration
  64.             if (!$rolePermissions) {
  65.                 $token->setAttribute('user_role_entries', []);
  67.                 return;
  68.             }
  70.             if (\count($entries) > 0) {
  71.                 $rolePermissions array_intersect_key($rolePermissions$entries);
  73.                 foreach (array_diff_key($entries$rolePermissions) as $key => $val) {
  74.                     unset($entries[$key]);
  75.                 }
  76.             }
  78.             foreach ($rolePermissions as $classType => $permission) {
  79.                 // if classType already has a mask, calculate new mask
  80.                 if (\array_key_exists($classType$entries)) {
  81.                     $entries[$classType] = $entries[$classType] | $permission['mask'];
  82.                     continue;
  83.                 }
  85.                 $entries[$classType] = $permission['mask'];
  86.             }
  87.         }
  89.         $token->setAttribute('user_role_entries'$entries);
  90.     }
  92.     private function interactiveLogin(TokenInterface $token): void
  93.     {
  94.         $this->setUserGroupPermissions($token);
  96.         /** @var User $user */
  97.         $user $token->getUser();
  99.         if (null !== $user->getLocale()) {
  100.             $this->session->set(AdminSubscriber::ADMIN_USER_LOCALE$user->getLocale());
  101.         }
  103.         $this->session->set('site_access'true);
  104.     }
  105. }