vendor/dachcom-digital/members/src/MembersBundle/Manager/RestrictionManager.php line 69

Open in your IDE?
  1. <?php
  3. namespace MembersBundle\Manager;
  5. use MembersBundle\Adapter\Group\GroupInterface;
  6. use MembersBundle\Adapter\User\UserInterface;
  7. use MembersBundle\Configuration\Configuration;
  8. use MembersBundle\Restriction\ElementRestriction;
  9. use MembersBundle\Restriction\Restriction;
  10. use Pimcore\Model\Asset;
  11. use Pimcore\Model\Document;
  12. use Pimcore\Model\DataObject;
  13. use Pimcore\Model\Element\ElementInterface;
  14. use Pimcore\Tool;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  17. class RestrictionManager implements RestrictionManagerInterface
  18. {
  19.     public const PROTECTED_ASSET_FOLDER 'restricted-assets';
  21.     public const RESTRICTION_STATE_LOGGED_IN 'members.restriction.logged_in';
  22.     public const RESTRICTION_STATE_NOT_LOGGED_IN 'members.restriction.not_logged_in';
  23.     public const RESTRICTION_SECTION_ALLOWED 'members.restriction.allowed';
  24.     public const RESTRICTION_SECTION_NOT_ALLOWED 'members.restriction.not_allowed';
  25.     public const RESTRICTION_SECTION_REFUSED 'members.restriction.refused';
  26.     public const REQUEST_RESTRICTION_STORAGE 'members.restriction.store';
  28.     protected Configuration $configuration;
  29.     protected TokenStorageInterface $tokenStorage;
  31.     public function __construct(Configuration $configurationTokenStorageInterface $tokenStorage)
  32.     {
  33.         $this->configuration $configuration;
  34.         $this->tokenStorage $tokenStorage;
  35.     }
  37.     public function getElementRestrictedGroups(ElementInterface $element): array
  38.     {
  39.         $restriction false;
  40.         $groups[] = 'default';
  42.         if ($element instanceof Document) {
  43.             $restriction $this->getRestrictionElement($element'page');
  44.         } elseif ($element instanceof DataObject\Concrete) {
  45.             $restriction $this->getRestrictionElement($element'object');
  46.         } elseif ($element instanceof Asset) {
  47.             $restriction $this->getRestrictionElement($element'asset');
  48.         }
  50.         if (!$restriction instanceof Restriction) {
  51.             return $groups;
  52.         }
  54.         $groups = [];
  55.         if (is_array($restriction->getRelatedGroups())) {
  56.             $groups $restriction->getRelatedGroups();
  57.         }
  59.         return $groups;
  60.     }
  62.     public function getElementRestrictionStatus(ElementInterface $element): ElementRestriction
  63.     {
  64.         $user $this->getUser();
  65.         $elementRestriction = new ElementRestriction();
  67.         $restriction null;
  68.         if ($element instanceof Document) {
  69.             $restriction $this->getRestrictionElement($element'page');
  70.         } elseif ($element instanceof DataObject\Concrete) {
  71.             $restriction $this->getRestrictionElement($element'object');
  72.         } elseif ($element instanceof Asset) {
  73.             $restriction $this->getRestrictionElement($element'asset');
  74.         }
  76.         if ($user instanceof UserInterface) {
  77.             $elementRestriction->setState(self::RESTRICTION_STATE_LOGGED_IN);
  78.         }
  80.         if ($restriction === null) {
  81.             if ($element instanceof Asset) {
  82.                 //protect asset if element is in restricted area with no added restriction group.
  83.                 $elementRestriction->setSection($this->isFrontendRequestByAdmin() || !$this->elementIsInProtectedStorageFolder($element)
  84.                     ? self::RESTRICTION_SECTION_ALLOWED
  85.                     self::RESTRICTION_SECTION_NOT_ALLOWED
  86.                 );
  87.             } else {
  88.                 $elementRestriction->setSection(self::RESTRICTION_SECTION_ALLOWED);
  89.             }
  91.             return $elementRestriction;
  92.         }
  94.         if (is_array($restriction->getRelatedGroups())) {
  95.             $elementRestriction->setRestrictionGroups($restriction->getRelatedGroups());
  96.         }
  98.         //check if user is not logged in.
  99.         if (!$user instanceof UserInterface) {
  100.             return $elementRestriction;
  101.         }
  103.         return $elementRestriction->setSection($this->filterAllowedSectionToUser($user->getGroups(), $restriction->getRelatedGroups()));
  105.     }
  107.     private function filterAllowedSectionToUser(array $userGroups, array $elementGroups): string
  108.     {
  109.         $sectionStatus self::RESTRICTION_SECTION_NOT_ALLOWED;
  111.         if (!empty($elementGroups)) {
  112.             $allowedGroups = [];
  114.             /** @var GroupInterface $group */
  115.             foreach ($userGroups as $group) {
  116.                 $allowedGroups[] = $group->getId();
  117.             }
  119.             $intersectResult array_intersect($elementGroups$allowedGroups);
  120.             if (count($intersectResult) > 0) {
  121.                 $sectionStatus self::RESTRICTION_SECTION_ALLOWED;
  122.             }
  123.         }
  125.         return $sectionStatus;
  126.     }
  128.     private function getRestrictionElement(ElementInterface $elementstring $cType 'page'): ?Restriction
  129.     {
  130.         $restriction null;
  132.         if ($this->isFrontendRequestByAdmin()) {
  133.             return null;
  134.         }
  136.         try {
  137.             if ($cType === 'page') {
  138.                 $restriction Restriction::getByTargetId($element->getId(), $cType);
  139.             } elseif ($cType === 'asset') {
  140.                 $restriction Restriction::getByTargetId($element->getId(), $cType);
  141.             } else {
  142.                 $restrictionConfig $this->configuration->getConfig('restriction');
  143.                 $allowedTypes $restrictionConfig['allowed_objects'];
  144.                 if ($element instanceof DataObject\Concrete && in_array($element->getClass()?->getName(), $allowedTypestrue)) {
  145.                     $restriction Restriction::getByTargetId($element->getId(), $cType);
  146.                 }
  147.             }
  148.         } catch (\Exception $e) {
  149.             // fail silently
  150.         }
  152.         return $restriction;
  153.     }
  155.     public function elementIsInProtectedStorageFolder(ElementInterface $element): bool
  156.     {
  157.         if (!$element instanceof Asset) {
  158.             return false;
  159.         }
  161.         return $this->pathIsInProtectedStorageFolder($element->getPath());
  162.     }
  164.     public function pathIsInProtectedStorageFolder(string $path): bool
  165.     {
  166.         return str_contains($pathself::PROTECTED_ASSET_FOLDER);
  167.     }
  169.     public function isFrontendRequestByAdmin(): bool
  170.     {
  171.         return Tool::isFrontendRequestByAdmin();
  172.     }
  174.     public function getUser(): ?UserInterface
  175.     {
  176.         $token $this->tokenStorage->getToken();
  178.         if (is_null($token)) {
  179.             return null;
  180.         }
  182.         $user $token->getUser();
  184.         return $user instanceof UserInterface $user null;
  185.     }
  186. }