vendor/shopware/core/Framework/Routing/RouteScopeListener.php line 56

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Routing;
  5. use Shopware\Core\Framework\Routing\Annotation\RouteScope as RouteScopeAnnotation;
  6. use Shopware\Core\Framework\Routing\Exception\InvalidRouteScopeException;
  7. use Shopware\Core\PlatformRequest;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpFoundation\RequestStack;
  11. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  14. class RouteScopeListener implements EventSubscriberInterface
  15. {
  16.     /**
  17.      * @var RequestStack
  18.      */
  19.     private $requestStack;
  21.     /**
  22.      * @var RouteScopeRegistry
  23.      */
  24.     private $routeScopeRegistry;
  26.     /**
  27.      * @var RouteScopeWhitelistInterface[]
  28.      */
  29.     private $whitelists;
  31.     /**
  32.      * @internal
  33.      */
  34.     public function __construct(
  35.         RouteScopeRegistry $routeScopeRegistry,
  36.         RequestStack $requestStack,
  37.         iterable $whitelists
  38.     ) {
  39.         $this->routeScopeRegistry $routeScopeRegistry;
  40.         $this->requestStack $requestStack;
  41.         $this->whitelists $whitelists;
  42.     }
  44.     public static function getSubscribedEvents(): array
  45.     {
  46.         return [
  47.             KernelEvents::CONTROLLER => [
  48.                 ['checkScope'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  49.             ],
  50.         ];
  51.     }
  53.     /**
  54.      * Validate that any given controller invocation creates a valid scope with the original master request
  55.      */
  56.     public function checkScope(ControllerEvent $event): void
  57.     {
  58.         if ($this->isWhitelistedController($event)) {
  59.             return;
  60.         }
  62.         $scopes $this->extractCurrentScopeAnnotation($event);
  63.         $masterRequest $this->getMainRequest();
  65.         foreach ($scopes as $routeScopeName) {
  66.             $routeScope $this->routeScopeRegistry->getRouteScope($routeScopeName);
  68.             $pathAllowed $routeScope->isAllowedPath($masterRequest->getPathInfo());
  69.             $requestAllowed $routeScope->isAllowed($masterRequest);
  71.             if ($pathAllowed && $requestAllowed) {
  72.                 return;
  73.             }
  74.         }
  76.         throw new InvalidRouteScopeException($masterRequest->attributes->get('_route'));
  77.     }
  79.     private function extractControllerClass(ControllerEvent $event): string
  80.     {
  81.         $controllerCallable = \Closure::fromCallable($event->getController());
  82.         $controllerCallable = new \ReflectionFunction($controllerCallable);
  84.         return \get_class($controllerCallable->getClosureThis());
  85.     }
  87.     private function isWhitelistedController(ControllerEvent $event): bool
  88.     {
  89.         $controllerClass $this->extractControllerClass($event);
  91.         foreach ($this->whitelists as $whitelist) {
  92.             if ($whitelist->applies($controllerClass)) {
  93.                 return true;
  94.             }
  95.         }
  97.         return false;
  98.     }
  100.     private function extractCurrentScopeAnnotation(ControllerEvent $event): array
  101.     {
  102.         $currentRequest $event->getRequest();
  104.         /** @var RouteScopeAnnotation|array $scopes */
  105.         $scopes $currentRequest->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);
  107.         if ($scopes instanceof RouteScopeAnnotation) {
  108.             return $scopes->getScopes();
  109.         }
  111.         if ($scopes !== []) {
  112.             return $scopes;
  113.         }
  115.         throw new InvalidRouteScopeException($currentRequest->attributes->get('_route'));
  116.     }
  118.     private function getMainRequest(): Request
  119.     {
  120.         $masterRequest $this->requestStack->getMainRequest();
  122.         if (!$masterRequest) {
  123.             throw new \InvalidArgumentException('Unable to check the request scope without master request');
  124.         }
  126.         return $masterRequest;
  127.     }
  128. }