<?php
namespace App\Service;
use Pimcore\Model\DataObject;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use App\Service\UserPermission;
class PublicUserPermissionService
{
public $userPermission;
public function __construct()
{
$this->userPermission = new UserPermission();
}
public function publicUserPermissionCheck($user, $parameters, $translator)
{
try {
$missingPermissions = [];
$userEmail = [];
$userEmail['username'] = $user->getEmail();
$permissions = $this->userPermission->getUserPermissions($userEmail, $translator);
if(!$permissions['success']){
return ["success" => false, "message" => $permissions['message']];
}
foreach ($parameters as $parameter) {
$parameterMatch = false; // Initialize to false for each parameter
foreach ($permissions['grants'] as $key => $permission) {
if (strpos($parameter, $key) !== false) {
$parameterMatch = true;
break; // If a match is found, no need to check further permissions for this parameter
}
}
if (!$parameterMatch) {
$missingPermissions[] = $parameter;
}
}
if (!empty($missingPermissions)) {
// User is missing permissions for these parameters
$message = sprintf($translator->trans('User is not allowed to access the following parameters: %s'), implode(", ", $missingPermissions));
return ["success" => false, "message" => $message];
// You can return the message and set success to false
} else {
// User has all required permissions
return ["success" => true, "message" => $translator->trans("User has the required permissions.")];
// You can return a success message if the user has all permissions
}
} catch (\Exception $ex) {
throw new \Exception($ex->getMessage());
}
}
private function checkCredentials(string $username, string $password, $translator)
{
// Attempt to retrieve the PublicUser object by username
$publicUser = \Pimcore\Model\DataObject\Customer::getByUserId($username, true);
if ($publicUser instanceof \Pimcore\Model\DataObject\Customer) {
// Compare the submitted password with the stored value
$storedSecretKey = $publicUser->getSecretKey();
if ($password === $storedSecretKey) {
return ["success" => true, "message" => $translator->trans("Authentication successful"), "user" => $publicUser];
} else {
// Password mismatch
return ["success" => false, "message" => $translator->trans("Invalid password")];
}
} else {
// User not found
return ["success" => false, "message" => $translator->trans("User not found")];
}
}
public function isAuthorized(Request $request, $translator)
{
// Check if Basic Authentication headers are present
$authHeader = $request->headers->get('Authorization');
if (!$authHeader || strpos($authHeader, 'Basic ') !== 0) {
return ["success" => false, "message" => "Unauthorized"];
}
// Extract the username and password from the Authorization header
list($username, $password) = explode(':', base64_decode(substr($authHeader, 6)), 2);
// Validate username and password (you should implement your authentication logic here)
$response = $this->checkCredentials($username, $password, $translator);
if ($response["success"]) {
// Perform your API logic here
return ["success" => true, "user" => $response["user"]];
}
// Authentication failed, return a response with the error message
return ["success" => false, "message" => $response["message"]]; // Return the error message for false case
}
}