3 namespace Drupal\permissions_by_term\Listener;
5 use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher;
6 use Drupal\permissions_by_term\Event\PermissionsByTermDeniedEvent;
7 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
8 use Symfony\Component\HttpKernel\KernelEvents;
9 use Symfony\Component\HttpFoundation\JsonResponse;
10 use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
11 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
12 use Symfony\Component\HttpFoundation\RedirectResponse;
13 use Symfony\Component\HttpFoundation\Request;
14 use Drupal\permissions_by_term\Service\AccessCheck;
15 use Drupal\permissions_by_term\Service\Term;
18 * Class KernelEventListener.
20 * @package Drupal\permissions_by_term
22 class KernelEventListener implements EventSubscriberInterface
28 private $accessCheckService;
36 * @var ContainerAwareEventDispatcher
38 private $eventDispatcher;
41 * Instantiating of objects on class construction.
43 public function __construct()
45 $this->accessCheckService = \Drupal::service('permissions_by_term.access_check');
46 $this->term = \Drupal::service('permissions_by_term.term');
47 $this->eventDispatcher = \Drupal::service('event_dispatcher');
51 * Access restriction on kernel request.
53 public function onKernelRequest(GetResponseEvent $event)
55 // Restricts access to nodes (views/edit).
56 if ($this->canRequestGetNode($event->getRequest())) {
57 $nid = $event->getRequest()->attributes->get('node')->get('nid')->getValue()['0']['value'];
58 if (!$this->accessCheckService->canUserAccessByNodeId($nid)) {
59 $accessDeniedEvent = new PermissionsByTermDeniedEvent($nid);
60 $this->eventDispatcher->dispatch(PermissionsByTermDeniedEvent::NAME, $accessDeniedEvent);
62 $this->sendUserToAccessDeniedPage();
66 // Restrict access to taxonomy terms by autocomplete list.
67 if ($event->getRequest()->attributes->get('target_type') == 'taxonomy_term' &&
68 $event->getRequest()->attributes->get('_route') == 'system.entity_autocomplete') {
69 $query_string = $event->getRequest()->get('q');
70 $query_string = trim($query_string);
72 $tid = $this->term->getTermIdByName($query_string);
73 if (!$this->accessCheckService->isAccessAllowedByDatabase($tid)) {
74 $this->sendUserToAccessDeniedPage();
80 * Restricts access on kernel response.
82 public function onKernelResponse(FilterResponseEvent $event) {
83 $this->restrictTermAccessAtAutoCompletion($event);
87 * Restricts access to terms on AJAX auto completion.
89 private function restrictTermAccessAtAutoCompletion(FilterResponseEvent $event) {
90 if ($event->getRequest()->attributes->get('target_type') == 'taxonomy_term' &&
91 $event->getRequest()->attributes->get('_route') == 'system.entity_autocomplete'
93 $json_suggested_terms = $event->getResponse()->getContent();
94 $suggested_terms = json_decode($json_suggested_terms);
96 foreach ($suggested_terms as $term) {
97 $tid = $this->term->getTermIdByName($term->label);
98 if ($this->accessCheckService->isAccessAllowedByDatabase($tid)) {
100 'value' => $term->value,
101 'label' => $term->label,
106 $json_response = new JsonResponse($allowed_terms);
107 $event->setResponse($json_response);
112 * The subscribed events.
114 public static function getSubscribedEvents()
117 KernelEvents::REQUEST => 'onKernelRequest',
118 KernelEvents::RESPONSE => 'onKernelResponse',
122 private function canRequestGetNode(Request $request) {
123 if (method_exists($request->attributes, 'get') && !empty($request->attributes->get('node'))) {
124 if (method_exists($request->attributes->get('node'), 'get')) {
132 private function sendUserToAccessDeniedPage() {
133 $redirect_url = new \Drupal\Core\Url('system.403');
134 $response = new RedirectResponse($redirect_url->toString());