src/EventSubscriber/RouteAccessSubscriber.php line 28

  1. <?php
  3. namespace App\EventSubscriber;
  5. use App\Repository\DroitUserRepository;
  6. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\HttpKernel\Event\RequestEvent;
  9. use Symfony\Component\HttpFoundation\RedirectResponse;
  10. use Symfony\Component\Routing\RouterInterface;
  11. use Symfony\Component\HttpKernel\KernelEvents;
  12. use Symfony\Component\Security\Core\Security;
  14. class RouteAccessSubscriber implements EventSubscriberInterface
  15. {
  17.     public function __construct(private Security $security, private DroitUserRepository $droitUserRepository)
  18.     {
  19.     }
  21.     public static function getSubscribedEvents(): array
  22.     {
  23.         return [
  24.             KernelEvents::REQUEST => 'onKernelRequest',
  25.         ];
  26.     }
  28.     public function onKernelRequest(RequestEvent $event): void
  29.     {
  30.         // Get the current user
  31.         $user $this->security->getUser();
  32.         if ($user) {
  34.             // Get the current route name
  35.             $currentRoute $event->getRequest()->attributes->get('_route');;
  36.             $defaultRoutes = [
  37.                 'resetuserPassword''app_firstpage''app_dashboard''my_profile''app_user_resetpasswordPerson','app_notification_full','app_getuser_currency_balance','app_ajax_getTranasctioDetail','app_ajax_filterCourseForRegistration','getPersonneDetails','studentdynamicSelect2Filter','studentAcitveSelect2Filter','studentdynamicFilter','app_user_activer_action_lie','app_user_ajouter_droit','app_fonction_activer_action_lie','app_fonction_ajouter_action','app_fees_audit','filterScoreboardStudentByDepartmentNlevel','showLecturerAttendance','getStudentInfo','saveStudentTempFiles','remove_courrier_file','apercuFichier','getfeeTypes','getAttendanceInfo','app_exams_delete','app_ajaxEditTempExamQuestion','app_ajaxSaveTempExamQuestion','app_scheduled_filter'
  38.             ];
  39.             $assignedRoutes array_merge($this->droitUserRepository->getAssignedRoutes($user), $defaultRoutes);
  40.             
  41.             // Allow only API routes and Super Admin have access to everything
  42.             if (substr($currentRoute08) !== 'app_api_' && !in_array('ROLE_SUPER_ADMIN'$user->getRoles())) {
  43.                 if (!in_array('ROLE_AGENT'$user->getRoles()) || !in_array('ROLE_STUDENT'$user->getRoles()) || !in_array('ROLE_LECTURER'$user->getRoles())) {
  44.             // dd($assignedRoutes);
  45.             $blockAccess in_array($currentRoute$assignedRoutes) || $currentRoute === null;
  46.                     if ($blockAccess === false) {
  47.                         $response = new Response('No permission to access this page.'Response::HTTP_FORBIDDEN);
  48.                         $event->setResponse($response);
  49.                     }
  50.                 }
  51.             }
  52.         }
  53.     }
  54. }