vendor/pimcore/portal-engine/src/EventSubscriber/SecuritySubscriber.php line 136

Open in your IDE?
  1. <?php
  2. /**
  3.  * Pimcore
  4.  *
  5.  * This source file is available under following license:
  6.  * - Pimcore Commercial License (PCL)
  7.  *
  8.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  9.  *  @license    http://www.pimcore.org/license     PCL
  10.  */
  11. namespace Pimcore\Bundle\PortalEngineBundle\EventSubscriber;
  12. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  13. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  14. use Pimcore\Bundle\PortalEngineBundle\Service\PublicShare\PublicShareService;
  15. use Pimcore\Bundle\PortalEngineBundle\Service\Security\SecurityService;
  16. use Pimcore\Controller\FrontendController;
  17. use Pimcore\Event\AssetEvents;
  18. use Pimcore\Event\DataObjectEvents;
  19. use Pimcore\Event\Model\AssetEvent;
  20. use Pimcore\Event\Model\DataObjectEvent;
  21. use Pimcore\Tool;
  22. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  23. use Symfony\Component\HttpFoundation\RequestStack;
  24. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  25. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  26. use Symfony\Component\Security\Core\Security;
  27. /**
  28.  * Class IndexUpdateListener
  29.  *
  30.  * @package Pimcore\Bundle\PortalEngineBundle\EventListener
  31.  */
  32. class SecuritySubscriber implements EventSubscriberInterface
  33. {
  34.     /**
  35.      * @var PortalConfigService
  36.      */
  37.     protected $portalConfigService;
  38.     /**
  39.      * @var Security
  40.      */
  41.     protected $security;
  42.     /**
  43.      * @var SecurityService
  44.      */
  45.     protected $securityService;
  46.     /**
  47.      * @var RequestStack
  48.      */
  49.     protected $requestStack;
  50.     /**
  51.      * @var PublicShareService
  52.      */
  53.     protected $publicShareService;
  54.     protected $publicRoutes = [
  55.         'pimcore_portalengine_auth_login',
  56.         'pimcore_portalengine_auth_oidc',
  57.         'pimcore_portalengine_auth_recover_password',
  58.         'pimcore_portalengine_public_share_public_list',
  59.         'pimcore_portalengine_rest_api_translation_load_catalogue',
  60.         'pimcore_directedit_downloadfile',
  61.         'pimcore_directedit_renotifybrowser',
  62.         'pimcore_directedit_uploadfile',
  63.         'pimcore_directedit_client_askactivity',
  64.     ];
  65.     protected $customPublicRoutes = [];
  66.     protected $publicShareHashRoutes = [
  67.         'pimcore_portalengine_public_share_public_asset_detail',
  68.         'pimcore_portalengine_public_share_public_object_detail',
  69.         'pimcore_portalengine_rest_api_public_share_asset_list',
  70.         'pimcore_portalengine_rest_api_public_share_asset_list_filters',
  71.         'pimcore_portalengine_rest_api_public_share_asset_detail',
  72.         'pimcore_portalengine_rest_api_public_share_asset_detail_results_list',
  73.         'pimcore_portalengine_rest_api_public_share_data_object_list',
  74.         'pimcore_portalengine_rest_api_public_share_data_object_list_filters',
  75.         'pimcore_portalengine_rest_api_public_share_data_object_detail',
  76.         'pimcore_portalengine_rest_api_public_share_data_object_detail_results_list',
  77.         'pimcore_portalengine_rest_api_public_share_download_download_types',
  78.         'pimcore_portalengine_rest_api_batch_task_list',
  79.         'pimcore_portalengine_rest_api_batch_task_delete',
  80.         'pimcore_portalengine_rest_api_batch_task_process_notification_action',
  81.         'pimcore_portalengine_rest_api_asset_download',
  82.         'pimcore_portalengine_rest_api_download_trigger_download',
  83.         'pimcore_portalengine_rest_api_download_get_estimation_result',
  84.         'pimcore_portalengine_rest_api_download_multi_download_trigger_download_estimation',
  85.         'pimcore_portalengine_rest_api_download_single_download',
  86.         'pimcore_portalengine_rest_api_public_share_trigger_download_estimation',
  87.         'pimcore_portalengine_rest_api_public_share_detail_actions',
  88.         'pimcore_portalengine_rest_api_translation_valid_languages',
  89.         'pimcore_portalengine_rest_api_asset_metadata_layout',
  90.     ];
  91.     /**
  92.      * @param PortalConfigService $portalConfigService
  93.      * @param Security $security
  94.      * @param SecurityService $securityService
  95.      * @param RequestStack $requestStack
  96.      * @param PublicShareService $publicShareService
  97.      * @param array $customPublicRoutes
  98.      */
  99.     public function __construct(PortalConfigService $portalConfigServiceSecurity $securitySecurityService $securityServiceRequestStack $requestStackPublicShareService $publicShareService, array $customPublicRoutes)
  100.     {
  101.         $this->portalConfigService $portalConfigService;
  102.         $this->security $security;
  103.         $this->securityService $securityService;
  104.         $this->requestStack $requestStack;
  105.         $this->publicShareService $publicShareService;
  106.         $this->customPublicRoutes $customPublicRoutes;
  107.     }
  108.     /**
  109.      * @return array
  110.      */
  111.     public static function getSubscribedEvents()
  112.     {
  113.         return [
  114.             ControllerEvent::class => ['onKernelController'19],
  115.             DataObjectEvents::PRE_UPDATE => 'onPreUpdate',
  116.             AssetEvents::PRE_UPDATE => 'onPreUpdate',
  117.         ];
  118.     }
  119.     /**
  120.      * @param ControllerEvent $controllerEvent
  121.      */
  122.     public function onKernelController(ControllerEvent $controllerEvent)
  123.     {
  124.         if (!$controllerEvent->isMasterRequest()) {
  125.             return;
  126.         }
  127.         if (!$this->portalConfigService->isPortalEngineSite()) {
  128.             return;
  129.         }
  130.         if (!Tool::isFrontend()) {
  131.             return;
  132.         }
  133.         if (!$controllerEvent->getController()[0] instanceof FrontendController) {
  134.             return;
  135.         }
  136.         $route $controllerEvent->getRequest()->attributes->get('_route');
  137.         $isPublicRoute in_array(
  138.             $route,
  139.             array_merge($this->publicRoutes$this->customPublicRoutes)
  140.         );
  141.         $request $controllerEvent->getRequest();
  142.         if (in_array($route$this->publicShareHashRoutes) && $request->get('publicShareHash')) {
  143.             $publicShare $this->publicShareService->validateByHash($request->get('publicShareHash'));
  144.             $this->publicShareService->setUpPublicShare($publicShare);
  145.         }
  146.         if (!$isPublicRoute && !$this->security->isGranted(Permission::PORTAL_ACCESS)) {
  147.             throw new AuthenticationException('invalid login');
  148.         }
  149.     }
  150.     /**
  151.      * @param DataObjectEvent|AssetEvent $event
  152.      */
  153.     public function onPreUpdate($event)
  154.     {
  155.         if ($this->requestStack->getMasterRequest() && !$this->portalConfigService->isPortalEngineSite()) {
  156.             return;
  157.         }
  158.         if (!$portalUser $this->securityService->getPortalUser()) {
  159.             return;
  160.         }
  161.         $event->getElement()->setUserModification($this->securityService->getPimcoreUserId());
  162.     }
  163. }