vendor/pimcore/pimcore/bundles/AdminBundle/Controller/AdminController.php line 68

Open in your IDE?
  1. <?php
  3. /**
  4. * Pimcore
  5. *
  6. * This source file is available under two different licenses:
  7. * - GNU General Public License version 3 (GPLv3)
  8. * - Pimcore Commercial License (PCL)
  9. * Full copyright and license information is available in
  10. * LICENSE.md which is distributed with this source code.
  11. *
  12. * @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13. * @license http://www.pimcore.org/license GPLv3 and PCL
  14. */
  16. namespace Pimcore\Bundle\AdminBundle\Controller;
  18. use Pimcore\Bundle\AdminBundle\HttpFoundation\JsonResponse;
  19. use Pimcore\Bundle\AdminBundle\Security\User\TokenStorageUserResolver;
  20. use Pimcore\Bundle\AdminBundle\Security\User\User as UserProxy;
  21. use Pimcore\Controller\Controller;
  22. use Pimcore\Extension\Bundle\PimcoreBundleManager;
  23. use Pimcore\Logger;
  24. use Pimcore\Model\User;
  25. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  26. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  27. use Symfony\Component\Serializer\Encoder\DecoderInterface;
  28. use Symfony\Component\Serializer\SerializerInterface;
  29. use Symfony\Component\Translation\Exception\InvalidArgumentException;
  30. use Symfony\Contracts\Translation\TranslatorInterface;
  32. abstract class AdminController extends Controller implements AdminControllerInterface
  33. {
  34. public static function getSubscribedServices()
  35. {
  36. $services = parent::getSubscribedServices();
  37. $services['translator'] = TranslatorInterface::class;
  38. $services[TokenStorageUserResolver::class] = TokenStorageUserResolver::class;
  39. $services[PimcoreBundleManager::class] = PimcoreBundleManager::class;
  40. $services['pimcore_admin.serializer'] = '?Pimcore\\Admin\\Serializer';
  42. return $services;
  43. }
  45. /**
  46. * {@inheritdoc}
  47. */
  48. public function needsSessionDoubleAuthenticationCheck()
  49. {
  50. return true;
  51. }
  53. /**
  54. * {@inheritdoc}
  55. */
  56. public function needsStorageDoubleAuthenticationCheck()
  57. {
  58. return true;
  59. }
  61. /**
  62. * Get user from user proxy object which is registered on security component
  63. *
  64. * @param bool $proxyUser Return the proxy user (UserInterface) instead of the pimcore model
  65. *
  66. * @return UserProxy|User|null
  67. */
  68. protected function getAdminUser($proxyUser = false)
  69. {
  70. $resolver = $this->get(TokenStorageUserResolver::class);
  72. if ($proxyUser) {
  73. return $resolver->getUserProxy();
  74. }
  76. return $resolver->getUser();
  77. }
  79. /**
  80. * Check user permission
  81. *
  82. * @param string $permission
  83. *
  84. * @throws AccessDeniedHttpException
  85. */
  86. protected function checkPermission($permission)
  87. {
  88. if (!$this->getAdminUser() || !$this->getAdminUser()->isAllowed($permission)) {
  89. Logger::error(
  90. 'User {user} attempted to access {permission}, but has no permission to do so',
  91. [
  92. 'user' => $this->getAdminUser()->getName(),
  93. 'permission' => $permission,
  94. ]
  95. );
  97. throw $this->createAccessDeniedHttpException();
  98. }
  99. }
  101. /**
  102. * @param string $message
  103. * @param \Throwable|null $previous
  104. * @param int $code
  105. * @param array $headers
  106. *
  107. * @return AccessDeniedHttpException
  108. */
  109. protected function createAccessDeniedHttpException(string $message = 'Access Denied.', \Throwable $previous = null, int $code = 0, array $headers = []): AccessDeniedHttpException
  110. {
  111. // $headers parameter not supported by Symfony 3.4
  112. return new AccessDeniedHttpException($message, $previous, $code, $headers);
  113. }
  115. /**
  116. * @param string[] $permissions
  117. */
  118. protected function checkPermissionsHasOneOf(array $permissions)
  119. {
  120. $allowed = false;
  121. $permission = null;
  122. foreach ($permissions as $permission) {
  123. if ($this->getAdminUser()->isAllowed($permission)) {
  124. $allowed = true;
  126. break;
  127. }
  128. }
  130. if (!$this->getAdminUser() || !$allowed) {
  131. Logger::error(
  132. 'User {user} attempted to access {permission}, but has no permission to do so',
  133. [
  134. 'user' => $this->getAdminUser()->getName(),
  135. 'permission' => $permission,
  136. ]
  137. );
  139. throw new AccessDeniedHttpException('Attempt to access ' . $permission . ', but has no permission to do so.');
  140. }
  141. }
  143. /**
  144. * Check permission against all controller actions. Can optionally exclude a list of actions.
  145. *
  146. * @param ControllerEvent $event
  147. * @param string $permission
  148. * @param array $unrestrictedActions
  149. */
  150. protected function checkActionPermission(ControllerEvent $event, string $permission, array $unrestrictedActions = [])
  151. {
  152. $actionName = null;
  153. $controller = $event->getController();
  155. if (is_array($controller) && count($controller) === 2 && is_string($controller[1])) {
  156. $actionName = $controller[1];
  157. }
  159. if (null === $actionName || !in_array($actionName, $unrestrictedActions)) {
  160. $this->checkPermission($permission);
  161. }
  162. }
  164. /**
  165. * Encodes data into JSON string
  166. *
  167. * @param mixed $data The data to be encoded
  168. * @param array $context Context to pass to serializer when using serializer component
  169. * @param int $options Options passed to json_encode
  170. * @param bool $useAdminSerializer
  171. *
  172. * @TODO check if $useAdminSerializer still required?
  173. *
  174. * @return string
  175. */
  176. protected function encodeJson($data, array $context = [], $options = JsonResponse::DEFAULT_ENCODING_OPTIONS, bool $useAdminSerializer = true)
  177. {
  178. /** @var SerializerInterface $serializer */
  179. $serializer = null;
  181. if ($useAdminSerializer) {
  182. $serializer = $this->container->get('pimcore_admin.serializer');
  183. } else {
  184. $serializer = $this->container->get('serializer');
  185. }
  187. return $serializer->serialize($data, 'json', array_merge([
  188. 'json_encode_options' => $options,
  189. ], $context));
  190. }
  192. /**
  193. * Decodes a JSON string into an array/object
  194. *
  195. * @param mixed $json The data to be decoded
  196. * @param bool $associative Whether to decode into associative array or object
  197. * @param array $context Context to pass to serializer when using serializer component
  198. * @param bool $useAdminSerializer
  199. *
  200. * @return mixed
  201. */
  202. protected function decodeJson($json, $associative = true, array $context = [], bool $useAdminSerializer = true)
  203. {
  204. /** @var SerializerInterface|DecoderInterface $serializer */
  205. $serializer = null;
  207. if ($useAdminSerializer) {
  208. $serializer = $this->container->get('pimcore_admin.serializer');
  209. } else {
  210. $serializer = $this->container->get('serializer');
  211. }
  213. if ($associative) {
  214. $context['json_decode_associative'] = true;
  215. }
  217. return $serializer->decode($json, 'json', $context);
  218. }
  220. /**
  221. * Returns a JsonResponse that uses the admin serializer
  222. *
  223. * @param mixed $data The response data
  224. * @param int $status The status code to use for the Response
  225. * @param array $headers Array of extra headers to add
  226. * @param array $context Context to pass to serializer when using serializer component
  227. * @param bool $useAdminSerializer
  228. *
  229. * @return JsonResponse
  230. */
  231. protected function adminJson($data, $status = 200, $headers = [], $context = [], bool $useAdminSerializer = true)
  232. {
  233. $json = $this->encodeJson($data, $context, JsonResponse::DEFAULT_ENCODING_OPTIONS, $useAdminSerializer);
  235. return new JsonResponse($json, $status, $headers, true);
  236. }
  238. /**
  239. * Translates the given message.
  240. *
  241. * @param string $id The message id (may also be an object that can be cast to string)
  242. * @param array $parameters An array of parameters for the message
  243. * @param string|null $domain The domain for the message or null to use the default
  244. * @param string|null $locale The locale or null to use the default
  245. *
  246. * @return string The translated string
  247. *
  248. * @throws InvalidArgumentException If the locale contains invalid characters
  249. */
  250. public function trans($id, array $parameters = [], $domain = 'admin', $locale = null)
  251. {
  252. $translator = $this->get('translator');
  254. return $translator->trans($id, $parameters, $domain, $locale);
  255. }
  256. }