vendor/se7enxweb/legacy-bridge/bundle/LegacyMapper/Security.php line 120

Open in your IDE?
  1. <?php
  3. /**
  4. * @copyright Copyright (C) eZ Systems AS. All rights reserved.
  5. * @license For full copyright and license information view LICENSE file distributed with this source code.
  6. */
  7. namespace eZ\Bundle\EzPublishLegacyBundle\LegacyMapper;
  9. use eZ\Publish\API\Repository\Repository;
  10. use eZ\Publish\Core\MVC\ConfigResolverInterface;
  11. use eZ\Publish\Core\MVC\Legacy\Event\PostBuildKernelEvent;
  12. use eZ\Publish\Core\MVC\Legacy\Event\PreBuildKernelWebHandlerEvent;
  13. use eZ\Publish\Core\MVC\Legacy\LegacyEvents;
  14. use ezpWebBasedKernelHandler;
  15. use eZUser;
  16. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  17. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  18. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  19. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  21. /**
  22. * This listener injects current user into legacy kernel once built.
  23. */
  24. class Security implements EventSubscriberInterface
  25. {
  26. /**
  27. * @var \eZ\Publish\API\Repository\Repository
  28. */
  29. private $repository;
  31. /**
  32. * @var \eZ\Publish\Core\MVC\ConfigResolverInterface
  33. */
  34. private $configResolver;
  36. /**
  37. * @var TokenStorageInterface
  38. */
  39. private $tokenStorage;
  41. /**
  42. * @var AuthorizationCheckerInterface
  43. */
  44. private $authChecker;
  46. private $enabled = true;
  48. public function __construct(Repository $repository, ConfigResolverInterface $configResolver, TokenStorageInterface $tokenStorage, AuthorizationCheckerInterface $authChecker)
  49. {
  50. $this->repository = $repository;
  51. $this->configResolver = $configResolver;
  52. $this->tokenStorage = $tokenStorage;
  53. $this->authChecker = $authChecker;
  54. }
  56. /**
  57. * Toggles the feature.
  58. *
  59. * @param bool $enabled
  60. */
  61. public function setEnabled($enabled)
  62. {
  63. $this->enabled = (bool)$enabled;
  64. }
  66. public static function getSubscribedEvents()
  67. {
  68. return [
  69. LegacyEvents::POST_BUILD_LEGACY_KERNEL => 'onKernelBuilt',
  70. LegacyEvents::PRE_BUILD_LEGACY_KERNEL_WEB => 'onLegacyKernelWebBuild',
  71. ];
  72. }
  74. /**
  75. * Performs actions related to security once the legacy kernel has been built.
  76. *
  77. * @param PostBuildKernelEvent $event
  78. */
  79. public function onKernelBuilt(PostBuildKernelEvent $event)
  80. {
  81. // Ignore if not in web context, if legacy_mode is active or if user is not authenticated
  82. if (
  83. $this->enabled === false
  84. || !$event->getKernelHandler() instanceof ezpWebBasedKernelHandler
  85. || $this->configResolver->getParameter('legacy_mode') === true
  86. || !$this->isUserAuthenticated()
  87. ) {
  88. return;
  89. }
  91. $userId = $this->repository->getPermissionResolver()->getCurrentUserReference()->getUserId();
  92. $event->getLegacyKernel()->runCallback(
  93. static function () use ($userId) {
  94. $legacyUser = eZUser::fetch($userId);
  95. eZUser::setCurrentlyLoggedInUser($legacyUser, $legacyUser->attribute('contentobject_id'), eZUser::NO_SESSION_REGENERATE);
  96. },
  97. false,
  98. false
  99. );
  100. }
  102. /**
  103. * @return bool
  104. */
  105. private function isUserAuthenticated()
  106. {
  107. // IS_AUTHENTICATED_FULLY inherits from IS_AUTHENTICATED_REMEMBERED.
  108. // User can be either authenticated by providing credentials during current session
  109. // or by "remember me" if available.
  110. return
  111. $this->tokenStorage->getToken() instanceof TokenInterface
  112. && $this->authChecker->isGranted('IS_AUTHENTICATED_REMEMBERED');
  113. }
  115. /**
  116. * Performs actions related to security before kernel build (mainly settings injection).
  117. *
  118. * @param PreBuildKernelWebHandlerEvent $event
  119. */
  120. public function onLegacyKernelWebBuild(PreBuildKernelWebHandlerEvent $event)
  121. {
  122. if ($this->configResolver->getParameter('legacy_mode') === true) {
  123. return;
  124. }
  126. $injectedMergeSettings = $event->getParameters()->get('injected-merge-settings', []);
  127. $accessRules = [
  128. 'access;disable',
  129. 'module;user/login',
  130. 'module;user/logout',
  131. ];
  132. // Merge existing settings with the new ones if needed.
  133. if (isset($injectedMergeSettings['site.ini/SiteAccessRules/Rules'])) {
  134. $accessRules = array_merge($injectedMergeSettings['site.ini/SiteAccessRules/Rules'], $accessRules);
  135. }
  136. $injectedMergeSettings['site.ini/SiteAccessRules/Rules'] = $accessRules;
  137. $event->getParameters()->set('injected-merge-settings', $injectedMergeSettings);
  138. }
  139. }