vendor/shopware/core/Framework/Routing/RouteScopeListener.php line 50

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Routing;
  5. use Shopware\Core\Framework\Log\Package;
  6. use Shopware\Core\Framework\Routing\Exception\InvalidRouteScopeException;
  7. use Shopware\Core\PlatformRequest;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpFoundation\RequestStack;
  11. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  14. /**
  15.  * @internal
  16.  */
  17. #[Package('core')]
  18. class RouteScopeListener implements EventSubscriberInterface
  19. {
  20.     /**
  21.      * @var RouteScopeWhitelistInterface[]
  22.      */
  23.     private readonly array $whitelists;
  25.     /**
  26.      * @internal
  27.      *
  28.      * @param iterable<RouteScopeWhitelistInterface> $whitelists
  29.      */
  30.     public function __construct(
  31.         private readonly RouteScopeRegistry $routeScopeRegistry,
  32.         private readonly RequestStack $requestStack,
  33.         iterable $whitelists
  34.     ) {
  35.         $this->whitelists \is_array($whitelists) ? $whitelists iterator_to_array($whitelists);
  36.     }
  38.     public static function getSubscribedEvents(): array
  39.     {
  40.         return [
  41.             KernelEvents::CONTROLLER => [
  42.                 ['checkScope'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  43.             ],
  44.         ];
  45.     }
  47.     /**
  48.      * Validate that any given controller invocation creates a valid scope with the original master request
  49.      */
  50.     public function checkScope(ControllerEvent $event): void
  51.     {
  52.         if ($this->isWhitelistedController($event)) {
  53.             return;
  54.         }
  56.         $scopes $this->extractCurrentScopeAnnotation($event);
  57.         $masterRequest $this->getMainRequest();
  59.         foreach ($scopes as $routeScopeName) {
  60.             $routeScope $this->routeScopeRegistry->getRouteScope($routeScopeName);
  62.             $pathAllowed $routeScope->isAllowedPath($masterRequest->getPathInfo());
  63.             $requestAllowed $routeScope->isAllowed($masterRequest);
  65.             if ($pathAllowed && $requestAllowed) {
  66.                 return;
  67.             }
  68.         }
  70.         throw new InvalidRouteScopeException($masterRequest->attributes->get('_route'));
  71.     }
  73.     private function extractControllerClass(ControllerEvent $event): ?string
  74.     {
  75.         $controllerCallable \Closure::fromCallable($event->getController());
  76.         $controllerCallable = new \ReflectionFunction($controllerCallable);
  78.         $controller $controllerCallable->getClosureThis();
  80.         if (!$controller) {
  81.             return null;
  82.         }
  84.         return $controller::class;
  85.     }
  87.     private function isWhitelistedController(ControllerEvent $event): bool
  88.     {
  89.         $controllerClass $this->extractControllerClass($event);
  91.         if (!$controllerClass) {
  92.             return false;
  93.         }
  95.         foreach ($this->whitelists as $whitelist) {
  96.             if ($whitelist->applies($controllerClass)) {
  97.                 return true;
  98.             }
  99.         }
  101.         return false;
  102.     }
  104.     /**
  105.      * @return list<string>
  106.      */
  107.     private function extractCurrentScopeAnnotation(ControllerEvent $event): array
  108.     {
  109.         $currentRequest $event->getRequest();
  111.         /** @var list<string> $scopes */
  112.         $scopes $currentRequest->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);
  114.         if ($scopes !== []) {
  115.             return $scopes;
  116.         }
  118.         throw new InvalidRouteScopeException($currentRequest->attributes->get('_route'));
  119.     }
  121.     private function getMainRequest(): Request
  122.     {
  123.         $masterRequest $this->requestStack->getMainRequest();
  125.         if (!$masterRequest) {
  126.             throw new \InvalidArgumentException('Unable to check the request scope without master request');
  127.         }
  129.         return $masterRequest;
  130.     }
  131. }