src/Base/EventSubscriber/PermissionSubscriber.php line 67

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Base\EventSubscriber;
  7. use App\Base\Component\Permission;
  8. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\ListingEvents;
  9. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ListingEvent;
  10. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\PermissionEvent;
  11. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\PermissionEvents;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  14. use Symfony\Component\Security\Core\User\UserInterface;
  16. class PermissionSubscriber implements EventSubscriberInterface
  17. {
  18.     /** @var TokenStorageInterface */
  19.     private TokenStorageInterface $tokenStorage;
  21.     /**
  22.      * @param TokenStorageInterface $tokenStorage
  23.      */
  24.     public function __construct(
  25.         TokenStorageInterface $tokenStorage
  26.     ) {
  27.         $this->tokenStorage $tokenStorage;
  28.     }
  30.     /**
  31.      * @return string[]
  32.      */
  33.     public static function getSubscribedEvents()
  34.     {
  35.         return [
  36.             PermissionEvents::PRE_CHECK => 'onPermissionCheck',
  37.             ListingEvents::PRE_LOAD => 'onListingPreLoad',
  38.         ];
  39.     }
  41.     /**
  42.      * @param PermissionEvent $event
  43.      */
  44.     public function onPermissionCheck(PermissionEvent $event)
  45.     {
  46.         $token $this->tokenStorage->getToken();
  47.         $user $token->getUser();
  49.         if ($user instanceof UserInterface) {
  50.             if ($event->getType() === 'update') {
  51.                 $operation 'save';
  52.             } else if ($event->getType() === 'read') {
  53.                 $operation 'view';
  54.             } else {
  55.                 $operation $event->getType();
  56.             }
  57.             $event->setIsGranted($event->getElement()->isAllowed($operation));
  58.         } else {
  59.             $event->setIsGranted(false);
  60.         }
  61.     }
  63.     /**
  64.      * @param ListingEvent $event
  65.      * @return void
  66.      */
  67.     public function onListingPreLoad(ListingEvent $event)
  68.     {
  69.         $listing $event->getListing();
  71.         $token $this->tokenStorage->getToken();
  72.         $user $token->getUser();
  74.         if ($user instanceof UserInterface) {
  75.             if (!$user->getUser()->isAdmin()) {
  76.                 $userIds = [intval($user->getId())];
  77.                 if (is_array($user->getUser()->getRoles()) && count($user->getUser()->getRoles())) {
  78.                     $userIds array_merge($userIdsarray_map('intval'$user->getUser()->getRoles()));
  79.                 }
  80.                 $listing->setCondition(
  81.                     $listing->getCondition() .
  82.                     " AND ((oo_id IN (
  83.                                SELECT uwo.cid
  84.                                FROM users_workspaces_object uwo
  85.                                 WHERE uwo.userId in (" implode(','$userIds) . ") and uwo.list=1
  86.                                 )
  87.                                 )
  88.                                OR (oo_id IN (
  89.                                SELECT o.o_id
  90.                                FROM objects o
  91.                                inner join objects op on op.o_id=o.o_parentId
  92.                                inner join users_workspaces_object uwo on uwo.cid=op.o_parentId
  93.                                 WHERE uwo.userId in (" implode(','$userIds) . ") and uwo.list=1
  94.                                 )
  95.                                 )
  96.                                 ) "
  97.                 );
  98.             }
  99.         } else {
  100.             $listing->setCondition(' 1=2 ');
  101.         }
  103.         $event->setListing($listing);
  104.     }
  105. }