src/Service/PublicUserPermissionService.php line 70

Open in your IDE?
  1. <?php
  3. namespace App\Service;
  5. use Pimcore\Model\DataObject;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use App\Service\UserPermission;
  10. class PublicUserPermissionService
  11. {
  12. public $userPermission;
  13. public function __construct()
  14. {
  15. $this->userPermission = new UserPermission();
  16. }
  18. public function publicUserPermissionCheck($user, $parameters, $translator)
  19. {
  20. try {
  21. $missingPermissions = [];
  23. $userEmail = [];
  24. $userEmail['username'] = $user->getEmail();
  25. $permissions = $this->userPermission->getUserPermissions($userEmail, $translator);
  26. if(!$permissions['success']){
  27. return ["success" => false, "message" => $permissions['message']];
  28. }
  29. foreach ($parameters as $parameter) {
  30. $parameterMatch = false; // Initialize to false for each parameter
  32. foreach ($permissions['grants'] as $key => $permission) {
  33. if (strpos($parameter, $key) !== false) {
  34. $parameterMatch = true;
  35. break; // If a match is found, no need to check further permissions for this parameter
  36. }
  37. }
  39. if (!$parameterMatch) {
  40. $missingPermissions[] = $parameter;
  41. }
  42. }
  44. if (!empty($missingPermissions)) {
  45. // User is missing permissions for these parameters
  46. $message = sprintf($translator->trans('User is not allowed to access the following parameters: %s'), implode(", ", $missingPermissions));
  47. return ["success" => false, "message" => $message];
  48. // You can return the message and set success to false
  49. } else {
  50. // User has all required permissions
  51. return ["success" => true, "message" => $translator->trans("User has the required permissions.")];
  52. // You can return a success message if the user has all permissions
  53. }
  54. } catch (\Exception $ex) {
  55. throw new \Exception($ex->getMessage());
  56. }
  57. }
  59. private function checkCredentials(string $username, string $password, $translator)
  60. {
  61. // Attempt to retrieve the PublicUser object by username
  62. $publicUser = \Pimcore\Model\DataObject\Customer::getByUserId($username, true);
  64. if ($publicUser instanceof \Pimcore\Model\DataObject\Customer) {
  65. // Compare the submitted password with the stored value
  66. $storedSecretKey = $publicUser->getSecretKey();
  68. if ($password === $storedSecretKey) {
  70. return ["success" => true, "message" => $translator->trans("Authentication successful"), "user" => $publicUser];
  71. } else {
  72. // Password mismatch
  73. return ["success" => false, "message" => $translator->trans("Invalid password")];
  74. }
  75. } else {
  76. // User not found
  77. return ["success" => false, "message" => $translator->trans("User not found")];
  78. }
  79. }
  81. public function isAuthorized(Request $request, $translator)
  82. {
  83. // Check if Basic Authentication headers are present
  84. $authHeader = $request->headers->get('Authorization');
  85. if (!$authHeader || strpos($authHeader, 'Basic ') !== 0) {
  86. return ["success" => false, "message" => "Unauthorized"];
  87. }
  88. // Extract the username and password from the Authorization header
  89. list($username, $password) = explode(':', base64_decode(substr($authHeader, 6)), 2);
  90. // Validate username and password (you should implement your authentication logic here)
  91. $response = $this->checkCredentials($username, $password, $translator);
  93. if ($response["success"]) {
  94. // Perform your API logic here
  95. return ["success" => true, "user" => $response["user"]];
  96. }
  97. // Authentication failed, return a response with the error message
  98. return ["success" => false, "message" => $response["message"]]; // Return the error message for false case
  100. }
  101. }