<?php
namespace App\EventListener;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\ControllerEvent;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Security;
use Doctrine\ORM\EntityManagerInterface;
use Doctrine\Common\Persistence\ManagerRegistry;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Serializer\Encoder\JsonEncoder;
use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
use Symfony\Component\Serializer\Normalizer\ObjectNormalizer;
use Symfony\Component\Serializer\Serializer;
use App\Entity\Operation;
use App\Entity\Permission;
use App\Entity\User;
class PermissionListener
{
private $router;
private $security;
private $em;
private $tokenStorage;
public function __construct(UrlGeneratorInterface $router, Security $security, EntityManagerInterface $em, ManagerRegistry $manager, TokenStorageInterface $tokenStorage)
{
$this->router = $router;
$this->security = $security;
$this->em = $em;
$this->tokenStorage = $tokenStorage;
}
public function onKernelController(ControllerEvent $event)
{
if ($this->tokenStorage->getToken() == null) return;
$hasAccess = $this->security->isGranted('ROLE_ADMIN');
if (!$hasAccess) return;
$controller = $event->getController();
if(!is_array($controller)) return;
if (strpos($event->getRequest()->getRequestUri(), $event->getRequest()->getBaseUrl().'/admin') === false) return;
$encoder = new JsonEncoder();
$defaultContext = [
AbstractNormalizer::CIRCULAR_REFERENCE_HANDLER => function ($object, $format, $context) {
return $object->getId();
},
];
$normalizer = new ObjectNormalizer(null, null, null, null, null, null, $defaultContext);
$serializer = new Serializer([$normalizer], [$encoder]);
$user = $this->security->getUser();
$request = $event->getRequest();
$method = $request->getMethod();
$action = '';
$code = '';
$area = '';
$description = '';
if ($user->getSessionId() != $request->getSession()->getId()) {
$event->setController(function() {
$logout = $this->router->generate('admin_logout');
return new RedirectResponse($logout);
});
}
$params = $event->getRequest()->get('_route_params');
foreach ($params as $key => $value) {
if ($key == 'id'){
$code = $value;
}
}
$hasAccess = false;
if ($controller[0] instanceof \App\Controller\ApiController){
$hasAccess = true;
$action = 'API';
}
if ($controller[0] instanceof \App\Controller\AdminController){
if ($controller[1] == 'admin') { $area = 'Dashboard'; $hasAccess = true; $action = 'Visualizar'; }
if ($controller[1] == 'coupon') { $area = 'Dashboard'; $hasAccess = true; $action = 'Visualizar'; }
if ($controller[1] == 'installation') { $area = 'Dashboard'; $hasAccess = true; $action = 'Visualizar'; }
}
//if ($controller[0] instanceof \App\Controller\ProfessionalController){ $area = 'Produtos - Profissionais'; }
if ($controller[0] instanceof \App\Controller\CategoryController){ $area = 'Cadastros - Categorias'; }
if ($controller[0] instanceof \App\Controller\CompanyController){ $area = 'Cadastros - Empresas'; }
if ($controller[0] instanceof \App\Controller\PromotionController){ $area = 'Cadastros - Promoções'; }
if ($controller[0] instanceof \App\Controller\PlanController){ $area = 'Cadastros - Planos'; }
if ($controller[0] instanceof \App\Controller\InstallationController){ $area = 'Aplicativo - Instalações'; }
if ($controller[0] instanceof \App\Controller\PushController){ $area = 'Aplicativo - Pushes'; }
if ($controller[0] instanceof \App\Controller\SubscriptionController){ $area = 'Operacional - Assinaturas'; }
if ($controller[0] instanceof \App\Controller\AffiliatedController){ $area = 'Operacional - Afiliados'; }
if ($controller[0] instanceof \App\Controller\CouponController){ $area = 'Operacional - Cupons'; }
if ($controller[0] instanceof \App\Controller\QrcodeController){ $area = 'Operacional - Qrcodes'; }
if ($controller[0] instanceof \App\Controller\AdministratorController){ $area = 'Usuários - Administradores'; }
if ($controller[0] instanceof \App\Controller\PermissionController){ $area = 'Usuários - Permissões'; }
if ($controller[0] instanceof \App\Controller\ClientController){ $area = 'Usuários - Clientes'; }
if ($controller[0] instanceof \App\Controller\PartnerController){ $area = 'Usuários - Parceiros'; }
if ($controller[0] instanceof \App\Controller\CategoryEntryController){ $area = 'Financeiro - Categorias'; }
if ($controller[0] instanceof \App\Controller\EntryController){ $area = 'Financeiro - Lançamentos'; }
if ($controller[0] instanceof \App\Controller\ConfigurationController){ $area = 'Website - Configurações'; }
if ($controller[0] instanceof \App\Controller\SlideController){ $area = 'Website - Slides'; }
if ($controller[0] instanceof \App\Controller\AdvantageController){ $area = 'Website - Vantagens'; }
if ($controller[0] instanceof \App\Controller\HowItWorkController){ $area = 'Website - Como funciona'; }
if ($controller[0] instanceof \App\Controller\FaqController){ $area = 'Website - Perguntas Frequentes'; }
if ($controller[0] instanceof \App\Controller\ScreenController){ $area = 'Website - Interfaces do app'; }
if ($controller[0] instanceof \App\Controller\HiringController){ $area = 'Website - Trabalhe conosco'; }
if ($controller[0] instanceof \App\Controller\ContactController){ $area = 'Website - Contatos'; }
if ($controller[0] instanceof \App\Controller\OperationController){ $area = 'Auditoria - Administração'; }
//if ($controller[0] instanceof \App\Controller\OperationAppController){ $area = 'Auditoria - Aplicativo'; }
/*if ($controller[0] instanceof \App\GatewayBundle\Controller\AdminController){
if ($controller[1] == 'info') { $area = 'Financeiro - Informações'; }
if ($controller[1] == 'saque') { $area = 'Financeiro - Saques'; }
if ($controller[1] == 'antecipacao') { $area = 'Financeiro - Antecipação'; }
if ($controller[1] == 'refund') { $area = 'Financeiro - Estorno'; }
}*/
$permission = $this->em->getRepository(Permission::class)->findOneBy(
array('area' => $area, 'user' => $user),array(),null,null
);
if ( ($controller[1] == 'dashboad') && ($method == 'GET') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de dashboard.';
}
}
if ( ($controller[1] == 'calendar') && ($method == 'GET') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de calendário.';
}
}
if ( ($controller[1] == 'info') && ($method == 'GET') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de informações do financeiro.';
}
}
if ( ($controller[1] == 'info') && ($method == 'POST') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Solicitou um saque.';
}
}
if ( ($controller[1] == 'saque') && ($method == 'GET') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de saques do financeiro.';
}
}
if ( ($controller[1] == 'antecipacao') && ($method == 'GET') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de antecipações do financeiro.';
}
}
if ( ($controller[1] == 'refund') && ($method == 'GET') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Solicitou um estorno no financeiro.';
}
}
if ( ($controller[1] == 'administration') && ($method == 'GET') ) {
$action = 'Listar';
if ( ($permission) && ($permission->getList() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de listagem.';
}
}
if ( ($controller[1] == 'application') && ($method == 'GET') ) {
$action = 'Listar';
if ( ($permission) && ($permission->getList() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de listagem.';
}
}
if ( ($controller[1] == 'administration') && ($method == 'POST') ) {
$action = 'Filtrar';
if ( ($permission) && ($permission->getFilter() == true) ) {
$hasAccess = true;
}
$filters = $event->getRequest()->request->all();
$description = 'Solicitação de filtragem realizada. Critérios: ';
if ($filters != null) {
$value = $serializer->serialize($filters, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($filters as $filter) {
foreach ($filter as $key => $value) {
if (($key != '_token') && ($value != null)) {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if ( ($controller[1] == 'application') && ($method == 'POST') ) {
$action = 'Filtrar';
if ( ($permission) && ($permission->getFilter() == true) ) {
$hasAccess = true;
}
$filters = $event->getRequest()->request->all();
$description = 'Solicitação de filtragem realizada. Critérios: ';
if ($filters != null) {
$value = $serializer->serialize($filters, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($filters as $filter) {
foreach ($filter as $key => $value) {
if (($key != '_token') && ($value != null)) {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if ( ( ($controller[1] == 'stepData') || ($controller[1] == 'stepService') || ($controller[1] == 'stepUser') || ($controller[1] == 'stepCheckout') || ($controller[1] == 'stepPayment') ) && ($method == 'GET') ) {
$action = 'Incluir';
if ( ($permission) && ($permission->getInclude() == true) ) {
$hasAccess = true;
$description = 'Tela de inclusão de registro acessada.';
}
}
if ( ( ($controller[1] == 'stepData') || ($controller[1] == 'stepService') || ($controller[1] == 'stepUser') || ($controller[1] == 'stepCheckout') || ($controller[1] == 'stepPayment') ) && ($method == 'POST') ) {
$action = 'Incluir';
if ( ($permission) && ($permission->getInclude() == true) ) {
$hasAccess = true;
}
$forms = $event->getRequest()->request->all();
$description = 'Solicitação de inclusão realizada. Critérios: ';
if ($forms != null) {
$value = $serializer->serialize($forms, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($forms as $form) {
foreach ($form as $key => $value) {
if ($key != '_token') {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if ( ($controller[1] == 'deleteService') && ($method == 'GET') ) {
$action = 'Incluir';
if ( ($permission) && ($permission->getInclude() == true) ) {
$hasAccess = true;
$description = 'Tela de exclusão de registro acessada.';
}
}
if ( ($controller[1] == 'index') && ($method == 'GET') ) {
$action = 'Listar';
if ( ($permission) && ($permission->getList() == true) ) {
$hasAccess = true;
$description = 'Visualizou a tela de listagem.';
}
}
if ( ($controller[1] == 'index') && ($method == 'POST') ) {
$action = 'Filtrar';
if ( ($permission) && ($permission->getFilter() == true) ) {
$hasAccess = true;
}
$filters = $event->getRequest()->request->all();
$description = 'Solicitação de filtragem realizada. Critérios: ';
if ($filters != null) {
$value = $serializer->serialize($filters, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($filters as $filter) {
foreach ($filter as $key => $value) {
if (($key != '_token') && ($value != null)) {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if ( ($controller[1] == 'new') && ($method == 'GET') ) {
$action = 'Incluir';
if ( ($permission) && ($permission->getInclude() == true) ) {
$hasAccess = true;
$description = 'Tela de inclusão de registro acessada.';
}
}
if ( ($controller[1] == 'new') && ($method == 'POST') ) {
$action = 'Incluir';
if ( ($permission) && ($permission->getInclude() == true) ) {
$hasAccess = true;
}
$forms = $event->getRequest()->request->all();
$description = 'Solicitação de inclusão realizada. Critérios: ';
if ($forms != null) {
$value = $serializer->serialize($forms, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($forms as $form) {
foreach ($form as $key => $value) {
if ($key != '_token') {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if ( ($controller[1] == 'show') && ($method == 'GET') ) {
$action = 'Visualizar';
if ( ($permission) && ($permission->getView() == true) ) {
$hasAccess = true;
$description = 'Tela de visualização de registro acessada.';
}
}
if ( ($controller[1] == 'edit') && ($method == 'GET') ) {
$action = 'Alterar';
if ( ($permission) && ($permission->getModify() == true) ) {
$hasAccess = true;
$description = 'Tela de alteração de registro acessada.';
}
}
if ( ($controller[1] == 'edit') && ($method == 'POST') ) {
$action = 'Alterar';
if ( ($permission) && ($permission->getModify() == true) ) {
$hasAccess = true;
}
$forms = $event->getRequest()->request->all();
$description = 'Solicitação de alteração realizada. Critérios: ';
if ($forms != null) {
$value = $serializer->serialize($forms, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($forms as $form) {
foreach ($form as $key => $value) {
if ($key != '_token') {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if ( ($controller[1] == 'delete') && ($method == 'DELETE') ) {
$action = 'Apagar';
if ( ($permission) && ($permission->getErase() == true) ) {
$hasAccess = true;
$description = 'Solicitação de exclusão de registro realizada.';
}
}
if ( ($controller[1] == 'report') && ($method == 'POST') ) {
$action = 'Imprimir';
if ( ($permission) && ($permission->getPrint() == true) ) {
$hasAccess = true;
$description = 'Solicitação de impressão de listagem realizada.';
}
}
if ( ($controller[1] == 'multiple') && ($method == 'GET') ) {
$action = 'Incluir';
if ( ($permission) && ($permission->getInclude() == true) ) {
$hasAccess = true;
$description = 'Tela de inclusão de múltiplos registros acessada.';
}
}
if ( ($controller[1] == 'multiple') && ($method == 'POST') ) {
$action = 'Incluir';
if ( ($permission) && ($permission->getInclude() == true) ) {
$hasAccess = true;
}
$forms = $event->getRequest()->request->all();
$description = 'Solicitação de inclusão realizada. Critérios: ';
if ($forms != null) {
$value = $serializer->serialize($forms, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($forms as $form) {
foreach ($form as $key => $value) {
if ($key != '_token') {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if ( ($controller[1] == 'removeImage') && (($method == 'GET') || ($method == 'POST')) ) {
$action = 'Alterar';
if ( ($permission) && ($permission->getModify() == true) ) {
$hasAccess = true;
}
$forms = $event->getRequest()->request->all();
$description = 'Solicitação de alteração realizada. Critérios: ';
if ($forms != null) {
$value = $serializer->serialize($forms, 'json');
$description = $description . ' :: ' . $value;
/*foreach ($forms as $form) {
foreach ($form as $key => $value) {
if ($key != '_token') {
$value = $serializer->serialize($value, 'json');
$description = $description . ' ' . $key . ' => ' . $value . ' :: ';
}
}
}*/
}
}
if (!$hasAccess) {
$session = $event->getRequest()->getSession();
$session->getFlashBag()->add('accessForbiden', "Você não tem permissão para acessar a página solicitada: " . $area . ". Entre em contato com seu administrador.");
$event->setController(function() {
$alertsPage = $this->router->generate('admin_dashboard_coupon');
return new RedirectResponse($alertsPage);
});
$description = 'Tentativa de acesso proibido. ' . $description;
$operation = new Operation();
$operation->setDate(new \DateTime('now', new \DateTimeZone('America/Fortaleza')));
$operation->setUser($user->getName() . ' - ' . $user->getEmail());
$operation->setUserId($user->getId());
$operation->setAction($action);
$operation->setEntity($area);
$operation->setEntityId($code);
$operation->setDescription($description);
$this->em->persist($operation);
$this->em->flush();
} else {
$operation = new Operation();
$operation->setDate(new \DateTime('now', new \DateTimeZone('America/Fortaleza')));
$operation->setUser($user->getName() . ' - ' . $user->getEmail());
$operation->setUserId($user->getId());
$operation->setAction($action);
$operation->setEntity($area);
$operation->setEntityId($code);
$operation->setDescription($description);
$this->em->persist($operation);
$this->em->flush();
return;
}
}
}