src/Cms/TenantBundle/Listener/PolicyListener.php line 60

Open in your IDE?
  1. <?php
  3. namespace Cms\TenantBundle\Listener;
  5. use Cms\CoreBundle\Service\ContextManager;
  6. use Cms\TenantBundle\Controller\Dashboard\PolicyController;
  7. use Cms\TenantBundle\Entity\TenantTypeEmbeddable;
  8. use DateTimeImmutable;
  9. use Platform\SecurityBundle\Controller\LoginController;
  10. use Platform\SecurityBundle\Controller\SingleSignOnController;
  11. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\HttpFoundation\RedirectResponse;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\HttpKernel\Config\FileLocator;
  16. use Symfony\Component\HttpKernel\Event\RequestEvent;
  17. use Symfony\Component\HttpKernel\KernelEvents;
  18. use Symfony\Component\Routing\RouterInterface;
  20. final class PolicyListener implements EventSubscriberInterface
  21. {
  22.     // DI
  23.     protected ContextManager $contextManager;
  24.     protected RouterInterface $router;
  25.     protected FileLocator $locator;
  26.     protected ParameterBagInterface $params;
  28.     /**
  29.      * @param ContextManager $contextManager
  30.      * @param RouterInterface $router
  31.      * @param FileLocator $locator
  32.      * @param ParameterBagInterface $params
  33.      */
  34.     public function __construct(
  35.         ContextManager $contextManager,
  36.         RouterInterface $router,
  37.         FileLocator $locator,
  38.         ParameterBagInterface $params
  39.     )
  40.     {
  41.         $this->contextManager $contextManager;
  42.         $this->router $router;
  43.         $this->locator $locator;
  44.         $this->params $params;
  45.     }
  47.     /**
  48.      * {@inheritdoc}
  49.      */
  50.     public static function getSubscribedEvents(): array
  51.     {
  52.         return [
  53.             KernelEvents::REQUEST => ['onKernelRequest'],
  54.         ];
  55.     }
  57.     /**
  58.      * @param RequestEvent $event
  59.      */
  60.     public function onKernelRequest(RequestEvent $event): void
  61.     {
  62.         static $skipRoutes = [
  63.             PolicyController::ROUTES__VIEW,
  64.             PolicyController::ROUTES__ACCEPT,
  65.             PolicyController::ROUTES__TERMS,
  66.             PolicyController::ROUTES__TERMS_ACCEPT,
  67.             LoginController::ROUTES__SELECT,
  68.             SingleSignOnController::ROUTES__START,
  69.             SingleSignOnController::ROUTES__FINISH,
  70.             'app.platform.security.logout',
  71.         ];
  73.         // see if we are working with the main request
  74.         $request $event->getRequest();
  75.         if ( ! $event->isMainRequest()) {
  76.             return;
  77.         }
  79.         // there are certain urls we don't want covered by the policy
  80.         if (in_array($request->get('_route'), $skipRoutestrue)) {
  81.             return;
  82.         }
  84.         // obtain the tenant
  85.         $tenant $this->contextManager->getGlobalContext()->getTenant();
  86.         if ( ! $tenant) {
  87.             return;
  88.         }
  90.         // if we are currently impersonating a user, we don't want this person to accept the policy on their behalf.
  91.         // in this case we want to skip if impersonation is active, otherwise, pull the user
  92.         if ($this->contextManager->getGlobalContext()->isImpersonating()) {
  93.             return;
  94.         }
  95.         $currentUser $this->contextManager->getGlobalContext()->getAuthenticatedAccount();
  96.         if ( ! $currentUser) {
  97.             return;
  98.         }
  100.         if ( ! $request->isMethod(Request::METHOD_GET)) {
  101.             return;
  102.         }
  104.         if ($request->isXmlHttpRequest()) {
  105.             return;
  106.         }
  108.         // check our company policy first
  109.         $timestamp DateTimeImmutable::createFromFormat(
  110.             DATE_ISO8601,
  111.             $this->params->get('cms.core.policies.ferpa.timestamp')
  112.         );
  114.         // go ahead and check if the timestamps match or has not been accepted yet
  115.         // redirect if this person needs to accept our policy
  116.         if ($tenant->getType()->getPrimary() !== TenantTypeEmbeddable::PRIMARY__CDD) {
  117.             if ( ! $currentUser->getTermsAcceptedOn() || $currentUser->getTermsAcceptedOn() < $timestamp) {
  118.                 $event->setResponse(
  119.                     new RedirectResponse($this->router->generate(PolicyController::ROUTES__TERMS))
  120.                 );
  122.                 return;
  123.             }
  124.         }
  126.         // if the tenant doesn't have a policy, nothing to do
  127.         if ( ! $tenant->getPolicy()) {
  128.             return;
  129.         }
  131.         // if there is a policy, and it has not yet been accepted or is out-of-date, redirect to review it and accept
  132.         if ( ! $currentUser->getPolicyAcceptedOn() || $currentUser->getPolicyAcceptedOn() < $tenant->getPolicy()) {
  133.             $event->setResponse(
  134.                 new RedirectResponse($this->router->generate(PolicyController::ROUTES__VIEW))
  135.             );
  136.         }
  137.     }
  138. }