src/EventSubscriber/AdminCompanyImpersonationSubscriber.php line 30

Open in your IDE?
  1. <?php
  3. namespace App\EventSubscriber;
  5. use App\Entity\Company;
  6. use App\Security\UserSecurityHelper;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpKernel\Event\RequestEvent;
  10. use Symfony\Component\HttpKernel\KernelEvents;
  11. use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
  13. class AdminCompanyImpersonationSubscriber implements EventSubscriberInterface
  14. {
  15. private const string HEADER_NAME = 'X-Company-Id';
  17. public function __construct(
  18. private readonly UserSecurityHelper $securityHelper,
  19. private readonly EntityManagerInterface $entityManager
  20. ) {
  21. }
  23. public static function getSubscribedEvents(): array
  24. {
  25. return [
  26. KernelEvents::REQUEST => ['onKernelRequest', 7], // Execute before security checks
  27. ];
  28. }
  30. public function onKernelRequest(RequestEvent $event): void
  31. {
  32. if (!$event->isMainRequest()) {
  33. return;
  34. }
  36. try {
  38. if (!$this->securityHelper->isGranted('ROLE_ADMIN')) {
  39. return;
  40. }
  42. $request = $event->getRequest();
  43. $galabCustomerId = $request->headers->get(self::HEADER_NAME);
  45. if (!$galabCustomerId) {
  46. return;
  47. }
  49. $company = $this->entityManager->getRepository(Company::class)
  50. ->findOneBy(['galabCustomerId' => $galabCustomerId]);
  52. if (!$company) {
  53. return;
  54. }
  56. // Store the impersonated company in the request attributes
  57. $request->attributes->set('impersonated_company', $company);
  58. } catch (AuthenticationCredentialsNotFoundException) {
  60. }
  62. }
  63. }