<?php namespace App\Listener; use App\Entity\AclSetting; use App\Entity\User; use Doctrine\ORM\EntityManagerInterface; use Symfony\Component\HttpKernel\Event\RequestEvent; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\Security\Core\Security; class AccessControlListener { private Security $security; private EntityManagerInterface $em; public function __construct( Security $security, EntityManagerInterface $em ) { $this->security = $security; $this->em = $em; } /** * @param RequestEvent $event * * @return void */ public function onKernelRequest( RequestEvent $event ) { $request = $event->getRequest(); $route = $request->attributes->get( '_route' ); if ( $route === NULL ) { return; } // Récupérer l'utilisateur connecté (s'il y en a un) $user = $this->security->getUser(); if ( $user instanceof User ) { $allowed = $this->checkAccessControl( $user, $route ); if ( !$allowed ) { // Générer une réponse d'erreur 403 (Accès refusé) throw new AccessDeniedHttpException(); } } } /** * @param User $user * @param string $route * * @return bool */ private function checkAccessControl( User $user, string $route ): bool { if ( $route === 'dev_update_bdd' ) { return TRUE; } return $this->em->getRepository( AclSetting::class )->isUserGrantedByRoute( $user, $route ); } }