/** * Check request to decide if user has access to specific route * * @param GetResponseEvent $event * @throws AccessDeniedException * @throws InvalidRouteException * @throws UserNotFoundException */ public function onKernelRequest(GetResponseEvent $event) { $routeName = $event->getRequest()->get("_route"); if (strpos($routeName, "app_default_") === 0) { throw new InvalidRouteException(); } $routeCollection = $this->router->getRouteCollection(); $route = $routeCollection->get($routeName); if ($route instanceof Route) { //Check if need to validate route //Sometime we want to allow access without validation: index page, login page $accessValidation = $route->getOption('access_validation'); if ($accessValidation === false) { return; } //Validate current user access to route $this->authentication->setCurrentUser($this->request->get("token")); $user = $this->authentication->getCurrentUser(); if (!$user instanceof User) { throw new UserNotFoundException(); } $access = $this->accessService->checkPermissions($user, $routeName); if ($access === false) { throw new AccessDeniedException($user, $routeName); } } }
/** * @param InputInterface $input * @param OutputInterface $output * @return null */ protected function execute(InputInterface $input, OutputInterface $output) { try { $access = $this->accessService->create($input->getArgument('route'), $this->getType($input), $this->getValue($input)); } catch (Exception $e) { $output->writeln('<fg=red>' . $e->getMessage() . '</>'); return; } $output->writeln(sprintf('<fg=green>Access rule created successfully for route: %s.</>', $access->getRoute())); }