Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
83.33% covered (warning)
83.33%
15 / 18
66.67% covered (warning)
66.67%
2 / 3
CRAP
0.00% covered (danger)
0.00%
0 / 1
AccessModuleConformiteSubscriber
83.33% covered (warning)
83.33%
15 / 18
66.67% covered (warning)
66.67%
2 / 3
12.67
0.00% covered (danger)
0.00%
0 / 1
 __construct
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 getSubscribedEvents
100.00% covered (success)
100.00%
5 / 5
100.00% covered (success)
100.00%
1 / 1
1
 onKernelController
75.00% covered (warning)
75.00%
9 / 12
0.00% covered (danger)
0.00%
0 / 1
11.56
1<?php
2
3/**
4 * This file is part of the MADIS - RGPD Management application.
5 *
6 * @copyright Copyright (c) 2018-2019 Soluris - Solutions Numériques Territoriales Innovantes
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21
22declare(strict_types=1);
23
24namespace App\Application\Symfony\EventSubscriber\Kernel;
25
26use App\Domain\Registry\Controller\ConformiteOrganisationController;
27use App\Domain\Registry\Controller\ConformiteTraitementController;
28use App\Domain\User\Model\User;
29use Symfony\Component\EventDispatcher\EventSubscriberInterface;
30use Symfony\Component\HttpKernel\Event\ControllerEvent;
31use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
32use Symfony\Component\HttpKernel\KernelEvents;
33use Symfony\Component\Security\Core\Security;
34
35class AccessModuleConformiteSubscriber implements EventSubscriberInterface
36{
37    /**
38     * @var Security
39     */
40    private $security;
41
42    public function __construct(Security $security)
43    {
44        $this->security = $security;
45    }
46
47    public static function getSubscribedEvents()
48    {
49        return [
50            KernelEvents::CONTROLLER => [
51                ['onKernelController'],
52            ],
53        ];
54    }
55
56    public function onKernelController(ControllerEvent $event): void
57    {
58        $controller = $event->getController();
59        /** @var User|null $user */
60        $user = $this->security->getUser();
61
62        if (!is_array($controller) || (is_array($controller) && !isset($controller[0])) || \is_null($user)) {
63            return;
64        }
65
66        if ($this->security->isGranted('ROLE_ADMIN')) {
67            return;
68        }
69
70        switch (true) {
71            case $controller[0] instanceof ConformiteTraitementController
72            && !$user->hasModuleConformiteTraitement():
73                throw new AccessDeniedHttpException('You can\'t access conformite des traitements');
74                break;
75            case $controller[0] instanceof ConformiteOrganisationController
76            && !$user->hasModuleConformiteOrganisation():
77                throw new AccessDeniedHttpException('You can\'t access conformite de la structure');
78                break;
79        }
80    }
81}