vendor/pimcore/portal-engine/src/EventSubscriber/SecuritySubscriber.php line 175

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\EventSubscriber;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  17. use Pimcore\Bundle\PortalEngineBundle\Service\PublicShare\PublicShareService;
  18. use Pimcore\Bundle\PortalEngineBundle\Service\Security\SecurityService;
  19. use Pimcore\Controller\FrontendController;
  20. use Pimcore\Event\AssetEvents;
  21. use Pimcore\Event\DataObjectEvents;
  22. use Pimcore\Event\Model\AssetEvent;
  23. use Pimcore\Event\Model\DataObjectEvent;
  24. use Pimcore\Tool;
  25. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  26. use Symfony\Component\HttpFoundation\RequestStack;
  27. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  28. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  29. use Symfony\Component\Security\Core\Security;
  31. /**
  32.  * Class IndexUpdateListener
  33.  *
  34.  * @package Pimcore\Bundle\PortalEngineBundle\EventListener
  35.  */
  36. class SecuritySubscriber implements EventSubscriberInterface
  37. {
  38.     /**
  39.      * @var PortalConfigService
  40.      */
  41.     protected $portalConfigService;
  43.     /**
  44.      * @var Security
  45.      */
  46.     protected $security;
  48.     /**
  49.      * @var SecurityService
  50.      */
  51.     protected $securityService;
  53.     /**
  54.      * @var RequestStack
  55.      */
  56.     protected $requestStack;
  58.     /**
  59.      * @var PublicShareService
  60.      */
  61.     protected $publicShareService;
  63.     protected $publicRoutes = [
  64.         'pimcore_portalengine_auth_login',
  65.         'pimcore_portalengine_auth_oidc',
  66.         'pimcore_portalengine_auth_recover_password',
  67.         'pimcore_portalengine_public_share_public_list',
  68.         'pimcore_portalengine_rest_api_translation_load_catalogue',
  69.         'pimcore_directedit_downloadfile',
  70.         'pimcore_directedit_renotifybrowser',
  71.         'pimcore_directedit_uploadfile',
  72.         'pimcore_directedit_client_askactivity',
  73.     ];
  75.     protected $customPublicRoutes = [];
  77.     protected $publicShareHashRoutes = [
  78.         'pimcore_portalengine_public_share_public_asset_detail',
  79.         'pimcore_portalengine_public_share_public_object_detail',
  80.         'pimcore_portalengine_rest_api_public_share_asset_list',
  81.         'pimcore_portalengine_rest_api_public_share_asset_list_filters',
  82.         'pimcore_portalengine_rest_api_public_share_asset_detail',
  83.         'pimcore_portalengine_rest_api_public_share_asset_detail_results_list',
  84.         'pimcore_portalengine_rest_api_public_share_data_object_list',
  85.         'pimcore_portalengine_rest_api_public_share_data_object_list_filters',
  86.         'pimcore_portalengine_rest_api_public_share_data_object_detail',
  87.         'pimcore_portalengine_rest_api_public_share_data_object_detail_results_list',
  88.         'pimcore_portalengine_rest_api_public_share_download_download_types',
  89.         'pimcore_portalengine_rest_api_batch_task_list',
  90.         'pimcore_portalengine_rest_api_batch_task_delete',
  91.         'pimcore_portalengine_rest_api_batch_task_process_notification_action',
  92.         'pimcore_portalengine_rest_api_asset_download',
  93.         'pimcore_portalengine_rest_api_download_trigger_download',
  94.         'pimcore_portalengine_rest_api_download_get_estimation_result',
  95.         'pimcore_portalengine_rest_api_download_multi_download_trigger_download_estimation',
  96.         'pimcore_portalengine_rest_api_download_single_download',
  97.         'pimcore_portalengine_rest_api_download_do_single_download',
  98.         'pimcore_portalengine_rest_api_public_share_trigger_download_estimation',
  99.         'pimcore_portalengine_rest_api_public_share_detail_actions',
  100.         'pimcore_portalengine_rest_api_translation_valid_languages',
  101.         'pimcore_portalengine_rest_api_asset_metadata_layout',
  102.     ];
  104.     /**
  105.      * @param PortalConfigService $portalConfigService
  106.      * @param Security $security
  107.      * @param SecurityService $securityService
  108.      * @param RequestStack $requestStack
  109.      * @param PublicShareService $publicShareService
  110.      * @param array $customPublicRoutes
  111.      */
  112.     public function __construct(PortalConfigService $portalConfigServiceSecurity $securitySecurityService $securityServiceRequestStack $requestStackPublicShareService $publicShareService, array $customPublicRoutes)
  113.     {
  114.         $this->portalConfigService $portalConfigService;
  115.         $this->security $security;
  116.         $this->securityService $securityService;
  117.         $this->requestStack $requestStack;
  118.         $this->publicShareService $publicShareService;
  119.         $this->customPublicRoutes $customPublicRoutes;
  120.     }
  122.     /**
  123.      * @return array
  124.      */
  125.     public static function getSubscribedEvents()
  126.     {
  127.         return [
  128.             ControllerEvent::class => ['onKernelController'19],
  129.             DataObjectEvents::PRE_UPDATE => 'onPreUpdate',
  130.             AssetEvents::PRE_UPDATE => 'onPreUpdate',
  131.         ];
  132.     }
  134.     /**
  135.      * @param ControllerEvent $controllerEvent
  136.      */
  137.     public function onKernelController(ControllerEvent $controllerEvent)
  138.     {
  139.         if (!$controllerEvent->isMasterRequest()) {
  140.             return;
  141.         }
  143.         if (!$this->portalConfigService->isPortalEngineSite()) {
  144.             return;
  145.         }
  147.         if (!Tool::isFrontend()) {
  148.             return;
  149.         }
  151.         if (!$controllerEvent->getController()[0] instanceof FrontendController) {
  152.             return;
  153.         }
  155.         $route $controllerEvent->getRequest()->attributes->get('_route');
  156.         $isPublicRoute in_array(
  157.             $route,
  158.             array_merge($this->publicRoutes$this->customPublicRoutes)
  159.         );
  161.         $request $controllerEvent->getRequest();
  162.         if (in_array($route$this->publicShareHashRoutes) && $request->get('publicShareHash')) {
  163.             $publicShare $this->publicShareService->validateByHash($request->get('publicShareHash'));
  164.             $this->publicShareService->setUpPublicShare($publicShare);
  165.         }
  167.         if (!$isPublicRoute && !$this->security->isGranted(Permission::PORTAL_ACCESS)) {
  168.             throw new AuthenticationException('invalid login');
  169.         }
  170.     }
  172.     /**
  173.      * @param DataObjectEvent|AssetEvent $event
  174.      */
  175.     public function onPreUpdate($event)
  176.     {
  177.         if ($this->requestStack->getMasterRequest() && !$this->portalConfigService->isPortalEngineSite()) {
  178.             return;
  179.         }
  180.         if (!$portalUser $this->securityService->getPortalUser()) {
  181.             return;
  182.         }
  183.         $event->getElement()->setUserModification($this->securityService->getPimcoreUserId());
  184.     }
  185. }