<?phpnamespace App\EventSubscriber;use App\Entity\User;use App\Service\Routes\RoutesPermissions;use Symfony\Component\EventDispatcher\EventSubscriberInterface;use Symfony\Component\HttpFoundation\RedirectResponse;use Symfony\Component\HttpKernel\Event\RequestEvent;use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;use Symfony\Component\Routing\RouterInterface;use Symfony\Component\Security\Core\Security;use Symfony\Contracts\Translation\TranslatorInterface;class PermissionsSubscriber implements EventSubscriberInterface{ public function __construct( private Security $security, private TranslatorInterface $translator, private RouterInterface $router, private RoutesPermissions $routesPermissions ) {} public static function getSubscribedEvents(): array { return [ RequestEvent::class => 'onKernelRequest' ]; } public function onKernelRequest(RequestEvent $event): void { // don't do anything if it's not the main request if (!$event->isMainRequest()) return; $uri = $event->getRequest()->getRequestUri(); if (preg_match('/^\/(logout|login|_(wdt|profiler))/', $uri)) return; $routeName = $event->getRequest()->get('_route'); /** @var User $user */ $user = $this->security->getUser(); if (!$user && !str_contains($routeName, 'admin')) return; if (!$user && str_contains($routeName, 'admin')) { $session = $event->getRequest()->getSession(); $session->getFlashBag()->add( 'danger', $this->translator->trans('security.forbidden', [], 'security') ); $event->setResponse(new RedirectResponse($this->router->generate('app_login'))); } if ($user && !$this->routesPermissions->checkUserPermissionByRouteName($routeName)) { throw new AccessDeniedHttpException('Forbidden'); } }}