/** * @DI\Observe("kernel.request") */ public function onViewAs(GetResponseEvent $event) { $request = $event->getRequest(); $attributes = $request->query->all(); if (array_key_exists('view_as', $attributes)) { $user = $this->tokenStorage->getToken()->getUser(); $viewAs = $attributes['view_as']; if ($viewAs === 'exit') { if ($this->authorization->isGranted('ROLE_USURPATE_WORKSPACE_ROLE')) { $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles()); $this->tokenStorage->setToken($token); } } else { $guid = substr($viewAs, strripos($viewAs, '_') + 1); $baseRole = substr($viewAs, 0, strripos($viewAs, '_')); if ($this->authorization->isGranted('ROLE_WS_MANAGER_' . $guid)) { if ($baseRole === 'ROLE_ANONYMOUS') { throw new \Exception('No implementation yet'); } else { $role = $this->roleManager->getRoleByName($viewAs); if ($role === null) { throw new \Exception("The role {$viewAs} does not exists"); } $token = new ViewAsToken(array('ROLE_USER', $viewAs, 'ROLE_USURPATE_WORKSPACE_ROLE')); $token->setUser($user); $this->tokenStorage->setToken($token); } } else { throw new AccessDeniedException(); } } } }
/** * @DI\Observe("kernel.request") */ public function onViewAs(GetResponseEvent $event) { $request = $event->getRequest(); $attributes = $request->query->all(); if (array_key_exists('view_as', $attributes)) { //first, if we're already usurpating a user role with the sf2 function, we cancel this. //ROLE_PREVIOUS_ADMIN means we're an administrator usurpating a user account. if ($this->authorization->isGranted('ROLE_PREVIOUS_ADMIN')) { $this->tokenUpdater->cancelUserUsurpation($this->tokenStorage->getToken()); } //then we go as intended $user = $this->tokenStorage->getToken()->getUser(); $viewAs = $attributes['view_as']; if ($viewAs === 'exit') { if ($this->authorization->isGranted('ROLE_USURPATE_WORKSPACE_ROLE')) { $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles()); $this->tokenStorage->setToken($token); } } else { $guid = substr($viewAs, strripos($viewAs, '_') + 1); $baseRole = substr($viewAs, 0, strripos($viewAs, '_')); if ($this->authorization->isGranted('ROLE_WS_MANAGER_' . $guid)) { if ($baseRole === 'ROLE_ANONYMOUS') { throw new \Exception('No implementation yet'); } else { $role = $this->roleManager->getRoleByName($viewAs); if ($role === null) { throw new \Exception("The role {$viewAs} does not exists"); } $token = new ViewAsToken(array('ROLE_USER', $viewAs, 'ROLE_USURPATE_WORKSPACE_ROLE')); $token->setUser($user); $this->tokenStorage->setToken($token); } } else { throw new AccessDeniedException(); } } } }