vendor/shopware/core/Framework/Routing/RouteScopeListener.php line 53

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Routing;
  5. use Shopware\Core\Framework\Routing\Annotation\RouteScope as RouteScopeAnnotation;
  6. use Shopware\Core\Framework\Routing\Exception\InvalidRouteScopeException;
  7. use Shopware\Core\PlatformRequest;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpFoundation\RequestStack;
  11. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  14. class RouteScopeListener implements EventSubscriberInterface
  15. {
  16.     /**
  17.      * @var RequestStack
  18.      */
  19.     private $requestStack;
  21.     /**
  22.      * @var RouteScopeRegistry
  23.      */
  24.     private $routeScopeRegistry;
  26.     /**
  27.      * @var RouteScopeWhitelistInterface[]
  28.      */
  29.     private $whitelists;
  31.     public function __construct(
  32.         RouteScopeRegistry $routeScopeRegistry,
  33.         RequestStack $requestStack,
  34.         iterable $whitelists
  35.     ) {
  36.         $this->routeScopeRegistry $routeScopeRegistry;
  37.         $this->requestStack $requestStack;
  38.         $this->whitelists $whitelists;
  39.     }
  41.     public static function getSubscribedEvents(): array
  42.     {
  43.         return [
  44.             KernelEvents::CONTROLLER => [
  45.                 ['checkScope'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  46.             ],
  47.         ];
  48.     }
  50.     /**
  51.      * Validate that any given controller invocation creates a valid scope with the original master request
  52.      */
  53.     public function checkScope(ControllerEvent $event): void
  54.     {
  55.         if ($this->isWhitelistedController($event)) {
  56.             return;
  57.         }
  59.         $currentRouteScopeAnnotation $this->extractCurrentScopeAnnotation($event);
  60.         $masterRequest $this->getMasterRequest();
  62.         foreach ($currentRouteScopeAnnotation->getScopes() as $routeScopeName) {
  63.             $routeScope $this->routeScopeRegistry->getRouteScope($routeScopeName);
  65.             $pathAllowed $routeScope->isAllowedPath($masterRequest->getPathInfo());
  66.             $requestAllowed $routeScope->isAllowed($masterRequest);
  68.             if ($pathAllowed && $requestAllowed) {
  69.                 return;
  70.             }
  71.         }
  73.         throw new InvalidRouteScopeException($masterRequest->attributes->get('_route'));
  74.     }
  76.     private function extractControllerClass(ControllerEvent $event): string
  77.     {
  78.         $controllerCallable = \Closure::fromCallable($event->getController());
  79.         $controllerCallable = new \ReflectionFunction($controllerCallable);
  80.         $controllerClass = \get_class($controllerCallable->getClosureThis());
  82.         return $controllerClass;
  83.     }
  85.     private function isWhitelistedController(ControllerEvent $event): bool
  86.     {
  87.         $controllerClass $this->extractControllerClass($event);
  89.         foreach ($this->whitelists as $whitelist) {
  90.             $isWhitelisted $whitelist->applies($controllerClass);
  92.             if ($isWhitelisted) {
  93.                 return true;
  94.             }
  95.         }
  97.         return false;
  98.     }
  100.     private function extractCurrentScopeAnnotation(ControllerEvent $event): RouteScopeAnnotation
  101.     {
  102.         $currentRequest $event->getRequest();
  104.         $currentRouteScopeAnnotation $currentRequest->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE);
  106.         if ($currentRouteScopeAnnotation === null) {
  107.             throw new InvalidRouteScopeException($currentRequest->attributes->get('_route'));
  108.         }
  110.         return $currentRouteScopeAnnotation;
  111.     }
  113.     private function getMasterRequest(): Request
  114.     {
  115.         $masterRequest $this->requestStack->getMasterRequest();
  117.         if (!$masterRequest) {
  118.             throw new \InvalidArgumentException('Unable to check the request scope without master request');
  119.         }
  121.         return $masterRequest;
  122.     }
  123. }