<?phpnamespace Platform\ControlPanelBundle\Listeners;use Cms\CoreBundle\Service\ContextManager;use Platform\ControlPanelBundle\Controller\ContractorController;use Platform\ControlPanelBundle\Controller\DashboardController;use Symfony\Component\EventDispatcher\EventSubscriberInterface;use Symfony\Component\HttpKernel\Event\ControllerEvent;use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;use Symfony\Component\HttpKernel\KernelEvents;final class RequestListener implements EventSubscriberInterface{ /** * @var ContextManager */ private $cm; /** * @param ContextManager $cm */ public function __construct(ContextManager $cm) { $this->cm = $cm; } /** * {@inheritdoc} */ public static function getSubscribedEvents(): array { return [ KernelEvents::CONTROLLER => ['controlPanelCheck'], ]; } /** * @param ControllerEvent $event */ public function controlPanelCheck(ControllerEvent $event) { // get the controller $controller = $event->getController(); // should be an array of object then method call if (is_array($controller) && $controller[0] instanceof DashboardController) { // if we are not internal, throw 404 // IMPORTANT: we must check the authenticated account, otherwise there may be issues with impersonation $account = $this->cm->getGlobalContext()->getAuthenticatedAccount(); if (empty($account) || ! $account->isInternal()) { $event->setController(function () { throw new NotFoundHttpException(); }); } } // should be an array of object then method call if (is_array($controller) && $controller[0] instanceof ContractorController) { // if we are not internal, throw 404 // IMPORTANT: we must check the authenticated account, otherwise there may be issues with impersonation $account = $this->cm->getGlobalContext()->getAuthenticatedAccount(); if (empty($account) || ! $account->isContractor()) { $event->setController(function () { throw new NotFoundHttpException(); }); } } }}