Comments (2)
KCahuete
commented on September 24, 2024
If someone is looking for a way to do this, I manage to make this security check by adding a listener on kernel.controller.
services.yml
mybundle.listener.before_controller:
class: MybundleBundle\Listener\BeforeControllerListener
arguments: ["@security.token_storage", "@mgilet.notification"]
tags:
- { name: kernel.event_listener, event: kernel.controller, method: onKernelController }
BeforeControllerListener
<?php
namespace MybundleBundle\Listener;
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Mgilet\NotificationBundle\Controller\NotificationController;
use Mgilet\NotificationBundle\Manager\NotificationManager;
class BeforeControllerListener
{
protected $tokenStorage;
protected $notificationManager;
public function __construct(TokenStorage $tokenStorage, NotificationManager $notificationManager)
{
$this->tokenStorage = $tokenStorage;
$this->notificationManager = $notificationManager;
}
public function onKernelController(FilterControllerEvent $event)
{
$controller = $event->getController();
$request = $event->getRequest();
if (!is_array($controller)) {
// not an object but a different kind of callable. Do nothing
return;
}
$controllerObject = $controller[0];
// skip initializing for exceptions
if ($controllerObject instanceof ExceptionController) {
return;
}
/**
* Security check of MgiletNotificationBundle
* Not allowing access of controller if notifiable entity is not matching current user
*/
if($controllerObject instanceof NotificationController && $notifiable = $request->attributes->get('notifiable')) {
if($this->notificationManager->getNotifiableInterface($this->notificationManager->getNotifiableEntityById($notifiable)) != $this->getUser())
throw new AccessDeniedException();
}
}
/**
* Get a user from the Security Token Storage.
* Equivalent of controller getUser() method
*
* @return mixed
*/
protected function getUser()
{
if (!$this->tokenStorage) {
return;
}
if (null === $token = $this->tokenStorage->getToken()) {
return;
}
if (!\is_object($user = $token->getUser())) {
// e.g. anonymous authentication
return;
}
return $user;
}
}
from notification-bundle.
maximilienGilet
commented on September 24, 2024
This is a great example, thanks !
The bundle is intended to be used with any entity (not only users) so this could be a nice addition in the docs for common use cases
from notification-bundle.
Related Issues (20)
- Seen at and type configs HOT 1
- I have difficulty to make notification system in symfony 4 HOT 15
- How to display the notifications one by one in list HOT 3
- Security anyone? HOT 2
- mgilet_notification_render(app.user) gives me an error HOT 1
- make notification as seen on clik on it HOT 4
- Redirect users to a view rather than just returning JsonResponse(true)
- rendered notifications list contains no html HOT 2
- Missing config at installation : "Unknown Entity namespace" error. HOT 3
- Fix deprecation messages HOT 1
- How to use this in Symfony 4.4 HOT 3
- I need to understand how to listen these events with symfony 5 listener. HOT 3
- NotificationManager->removeNotification() does not remove notifications from Database HOT 1
- Hello HOT 3
- Conflict between Doctrine migration bundle and this bundle
- Notifications list contains no html HOT 4
- Upgrade / make compatible with Symfony 5.x HOT 2
- Problem with installed version of Twig 3.0 HOT 3
- Using Bundle
- configuration for "mgilet_notification" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from notification-bundle.