src/EventListener/RequestListener.php line 51

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Enum\User\UserRestrictionsEnum;
  6. use Symfony\Component\HttpKernel\Event\RequestEvent;
  7. use Symfony\Component\HttpFoundation\RedirectResponse;
  8. use App\Entity\User;
  9. use App\Entity\Location;
  10. use Symfony\Component\Routing\RouterInterface;
  11. use Symfony\Component\Security\Core\Security;
  12. use App\Service\DatabaseService;
  13. use App\Service\UserAccessService;
  14. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  16. class RequestListener
  17. {
  18.     /**
  19.      * @var RouterInterface
  20.      */
  21.     private $router;
  23.     /**
  24.      * @var Security
  25.      */
  26.     private $security;
  28.     /**
  29.      * @var DatabaseService
  30.      */
  31.     private $databaseService;
  33.     /**
  34.      * @var UserAccessService
  35.      */
  36.     private $userAccessService;
  38.     /**
  39.      * @var ParameterBagInterface
  40.      */
  41.     private $parameterBag;
  43.     public function __construct(RouterInterface $routerSecurity $securityDatabaseService $databaseServiceUserAccessService $userAccessServiceParameterBagInterface $parameterBag) {
  44.         $this->router $router;
  45.         $this->security $security;
  46.         $this->databaseService $databaseService;
  47.         $this->userAccessService $userAccessService;
  48.         $this->parameterBag $parameterBag;
  49.     }
  51.     public function onKernelRequest(RequestEvent $event): void
  52.     {
  53.         $request $event->getRequest();
  54.         $path $request->getPathInfo();
  55.         $user $this->security->getUser();
  57.         // Check for maintenance mode first (before any other processing)
  58.         $maintenanceResponse $this->checkMaintenanceMode($path);
  59.         if ($maintenanceResponse) {
  60.             $event->setResponse($maintenanceResponse);
  61.             return;
  62.         }
  64.         if (!$user instanceof User) {
  65.             return;
  66.         }
  68.         if ($path === "/login" && $request->getSession()->isStarted()) {
  70.             /** @var User $user */
  71.             $user $this->databaseService->getManager()->getRepository(User::class)->findOneBy(["username" =>$user->getUsername()]);
  73.             $activeLocations $user->getActiveLocations();
  75.             if($activeLocations->isEmpty()) {
  76.                 if ($user->isHatchAdministrator()) {
  77.                     $event->setResponse(new RedirectResponse($this->router->generate('admin_index')));
  78.                     return;
  79.                 } else {
  80.                     $event->getRequest()->getSession()->getFlashBag()->add('error'"No active locations for login");
  81.                     return;
  82.                 }
  83.             }
  84.             $defaultLocation $user->getDefaultLocation();
  85.             if ( $defaultLocation instanceof Location && $activeLocations->contains($defaultLocation) ) {
  86.                 $event->setResponse(new RedirectResponse($this->router->generate('client_index', ['locationId' =>$defaultLocation->getId()])));
  87.                 return;
  88.             }
  90.             if($user->isHatchAdministrator()) {
  91.                 $event->setResponse(new RedirectResponse($this->router->generate('admin_index')));
  92.                 return;
  93.             } elseif ($activeLocations->count() === 1) {
  94.                 $event->setResponse(new RedirectResponse($this->router->generate('client_index', ['locationId' =>$activeLocations->first()->getId()])));
  95.                 return;
  96.             } else {
  97.                 $event->setResponse(new RedirectResponse($this->router->generate('location_login_select')));
  98.                 return;
  99.             }
  100.         }
  102.         if (str_starts_with($path'/admin')) {
  104.             if ($user->isHatchAdministrator() && $user->hasRestrictions()) {
  105.                 $restrictionsMap UserRestrictionsEnum::getRestrictionsMap();
  106.                 $userRestrictions $user->getRestrictions();
  108.                 $allowedPaths = [];
  109.                 $redirectRoute 'app_login';
  111.                 foreach ($userRestrictions as $restriction) {
  112.                     if (isset($restrictionsMap[$restriction])) {
  113.                         $allowedPaths array_merge($allowedPaths$restrictionsMap[$restriction]['paths']);
  114.                         if ($redirectRoute === 'app_login') {
  115.                             $redirectRoute $restrictionsMap[$restriction]['redirect_route'];
  116.                         }
  117.                     }
  118.                 }
  120.                 $isAllowed false;
  121.                 foreach ($allowedPaths as $allowedPath) {
  123.                     // Check if the path contains regex pattern
  124.                     if (strpos($allowedPath'[') !== false) {
  126.                         // Convert simple regex pattern to full regex
  127.                         $pattern '#^' str_replace(['['']'], ['['']'], $allowedPath) . '$#';
  128.                         if (preg_match($pattern$path)) {
  129.                             $isAllowed true;
  130.                             break;
  131.                         }
  132.                     } else {
  134.                         // Use simple string comparison for non-regex paths
  135.                         if (str_starts_with($path$allowedPath)) {
  136.                             $isAllowed true;
  137.                             break;
  138.                         }
  139.                     }
  140.                 }
  142.                 if (!$isAllowed) {
  143.                     $event->setResponse(new RedirectResponse($this->router->generate($redirectRoute)));
  144.                     return;
  145.                 }
  147.             } elseif (!$user->isHatchAdministrator()) {
  148.                 $event->setResponse(new RedirectResponse($this->router->generate('app_login')));
  149.                 return;
  150.             }
  151.         }
  153.         if (str_starts_with($path'/client')) {
  154.             $locationId $request->attributes->get('locationId');
  155.             if ($locationId) {
  156.                 $location $this->databaseService->getManager()->getRepository(Location::class)->find($locationId);
  157.                 if ($location instanceof Location && $location->getCompany() && $location->getCompany()->isBillingHold()) {
  158.                     $firstValidLocation $this->userAccessService->getFirstActiveLocationInFirstNonBillingHoldCompany($user);
  159.                     $companyName $location->getCompany()->getName();
  160.                     $request->getSession()->getFlashBag()->add(
  161.                         'error',
  162.                         sprintf(
  163.                             'Payment is Past Due for %s. Please submit payment to regain access. For any questions, please contact ComplianceBilling@KipuHealth.com.',
  164.                             $companyName
  165.                         )
  166.                     );
  167.                     if ($firstValidLocation) {
  168.                         $event->setResponse(
  169.                             new RedirectResponse(
  170.                                 $this->router->generate('client_index', ['locationId' => $firstValidLocation->getId()])
  171.                             )
  172.                         );
  173.                     }
  174.                 }
  175.             }
  176.         }
  177.     }
  179.     /**
  180.      * Check for maintenance mode and return appropriate redirect response
  181.      */
  182.     private function checkMaintenanceMode(string $path): ?RedirectResponse
  183.     {
  184.         // Skip maintenance check for maintenance preview routes (for testing)
  185.         if (strpos($path'/maintenance-preview') === 0) {
  186.             return null;
  187.         }
  189.         // Check maintenance environment variables in priority order
  190.         $maintenanceChecks = [
  191.             'is_maintenance_planned' => 'maintenance_planned',
  192.             'is_maintenance_unexpected' => 'maintenance_unexpected'
  193.             'is_maintenance_failure' => 'maintenance_failure',
  194.             'is_maintenance_suspended' => 'maintenance_suspended',
  195.         ];
  197.         foreach ($maintenanceChecks as $parameter => $route) {
  198.             if ($this->parameterBag->has($parameter) && $this->parameterBag->get($parameter) === true) {
  199.                 return new RedirectResponse($this->router->generate($route));
  200.             }
  201.         }
  203.         return null;
  204.     }
  205. }