/**
* @Route(
* "/switch-organization/{id}",
* name="oro_security_switch_organization", defaults={"id"=0}
* )
* @ParamConverter("organization", class="OroOrganizationBundle:Organization")
* @throws NotFoundHttpException, AccessDeniedException
*/
public function switchOrganizationAction(Organization $organization)
{
$token = $this->container->get('security.context')->getToken();
if (!$token instanceof OrganizationContextTokenInterface || !$token->getUser() instanceof User || !$organization->isEnabled() || !$token->getUser()->getOrganizations()->contains($organization)) {
throw new AccessDeniedException($this->get('translator')->trans('oro.security.organization.access_denied', array('%organization_name%' => $organization->getName())));
}
$token->setOrganizationContext($organization);
return $this->redirect($this->generateUrl('oro_default'));
}
/**
* @Route(
* "/switch-organization/{id}",
* name="oro_security_switch_organization", defaults={"id"=0}
* )
*
* @param Organization $organization
*
* @return RedirectResponse , AccessDeniedException
*/
public function switchOrganizationAction(Organization $organization)
{
$token = $this->container->get('security.context')->getToken();
$user = $token->getUser();
if (!$token instanceof OrganizationContextTokenInterface || !$token->getUser() instanceof User || !$organization->isEnabled() || !$token->getUser()->getOrganizations()->contains($organization)) {
throw new AccessDeniedException($this->get('translator')->trans('oro.security.organization.access_denied', ['%organization_name%' => $organization->getName()]));
}
$event = new OrganizationSwitchBefore($user, $token->getOrganizationContext(), $organization);
$this->get('event_dispatcher')->dispatch(OrganizationSwitchBefore::NAME, $event);
$organization = $event->getOrganizationToSwitch();
if (!$user->getOrganizations(true)->contains($organization)) {
$message = $this->get('translator')->trans('oro.security.organization.access_denied', ['%organization_name%' => $organization->getName()]);
throw new AccessDeniedException($message);
}
$token->setOrganizationContext($organization);
$event = new OrganizationSwitchAfter($user, $organization);
$this->get('event_dispatcher')->dispatch(OrganizationSwitchAfter::NAME, $event);
return $this->redirect($this->generateUrl('oro_default'));
}
/**
* Check
* @param User $user
* @param Organization $organization
* @param string $class
* @param string $username
* @param int $organizationId
* @param int $expires
* @param string $hash
*/
protected function checkUserData(User $user, Organization $organization, $class, $username, $organizationId, $expires, $hash)
{
if (!$user instanceof UserInterface) {
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface,
but returned "%s".', get_class($user)));
}
if (!$organization instanceof Organization) {
throw new \RuntimeException(sprintf('Can not find organization with id "%s".', $organizationId));
}
if (!$organization->isEnabled()) {
throw new \RuntimeException(sprintf('Organization "%s" is not active.', $organization->getName()));
}
if (!$user->getOrganizations()->contains($organization)) {
throw new AuthenticationException(sprintf('User "%s" does not have access to organization "%s".', $username, $organization->getName()));
}
$isHashesIdentical = $this->compareHashes($hash, $this->generateCookieHash($class, $username, $expires, $user->getPassword()));
if (true !== $isHashesIdentical) {
throw new AuthenticationException('The cookie\'s hash is invalid.');
}
if ($expires < time()) {
throw new AuthenticationException('The cookie has expired.');
}
}
