/** * @Route( * "/switch-organization/{id}", * name="oro_security_switch_organization", defaults={"id"=0} * ) * @ParamConverter("organization", class="OroOrganizationBundle:Organization") * @throws NotFoundHttpException, AccessDeniedException */ public function switchOrganizationAction(Organization $organization) { $token = $this->container->get('security.context')->getToken(); if (!$token instanceof OrganizationContextTokenInterface || !$token->getUser() instanceof User || !$organization->isEnabled() || !$token->getUser()->getOrganizations()->contains($organization)) { throw new AccessDeniedException($this->get('translator')->trans('oro.security.organization.access_denied', array('%organization_name%' => $organization->getName()))); } $token->setOrganizationContext($organization); return $this->redirect($this->generateUrl('oro_default')); }
/** * @Route( * "/switch-organization/{id}", * name="oro_security_switch_organization", defaults={"id"=0} * ) * * @param Organization $organization * * @return RedirectResponse , AccessDeniedException */ public function switchOrganizationAction(Organization $organization) { $token = $this->container->get('security.context')->getToken(); $user = $token->getUser(); if (!$token instanceof OrganizationContextTokenInterface || !$token->getUser() instanceof User || !$organization->isEnabled() || !$token->getUser()->getOrganizations()->contains($organization)) { throw new AccessDeniedException($this->get('translator')->trans('oro.security.organization.access_denied', ['%organization_name%' => $organization->getName()])); } $event = new OrganizationSwitchBefore($user, $token->getOrganizationContext(), $organization); $this->get('event_dispatcher')->dispatch(OrganizationSwitchBefore::NAME, $event); $organization = $event->getOrganizationToSwitch(); if (!$user->getOrganizations(true)->contains($organization)) { $message = $this->get('translator')->trans('oro.security.organization.access_denied', ['%organization_name%' => $organization->getName()]); throw new AccessDeniedException($message); } $token->setOrganizationContext($organization); $event = new OrganizationSwitchAfter($user, $organization); $this->get('event_dispatcher')->dispatch(OrganizationSwitchAfter::NAME, $event); return $this->redirect($this->generateUrl('oro_default')); }
/** * Check * @param User $user * @param Organization $organization * @param string $class * @param string $username * @param int $organizationId * @param int $expires * @param string $hash */ protected function checkUserData(User $user, Organization $organization, $class, $username, $organizationId, $expires, $hash) { if (!$user instanceof UserInterface) { throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user))); } if (!$organization instanceof Organization) { throw new \RuntimeException(sprintf('Can not find organization with id "%s".', $organizationId)); } if (!$organization->isEnabled()) { throw new \RuntimeException(sprintf('Organization "%s" is not active.', $organization->getName())); } if (!$user->getOrganizations()->contains($organization)) { throw new AuthenticationException(sprintf('User "%s" does not have access to organization "%s".', $username, $organization->getName())); } $isHashesIdentical = $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword())); if (true !== $isHashesIdentical) { throw new AuthenticationException('The cookie\'s hash is invalid.'); } if ($expires < time()) { throw new AuthenticationException('The cookie has expired.'); } }