Skip to content

Commit

Permalink
EZP-32333: Validate access for 'change password' menu item (#92)
Browse files Browse the repository at this point in the history
  • Loading branch information
@barw4
barw4 authored May 25, 2021
1 parent dc02bb4 commit f886c43
Showing 1 changed file with 17 additions and 11 deletions.
28 changes: 17 additions & 11 deletions src/lib/EventListener/UserMenuListener.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,29 @@

namespace EzSystems\EzPlatformUser\EventListener;

use eZ\Publish\API\Repository\PermissionResolver;
use eZ\Publish\API\Repository\UserService;
use EzSystems\EzPlatformAdminUi\Menu\Event\ConfigureMenuEvent;
use JMS\TranslationBundle\Model\Message;
use JMS\TranslationBundle\Translation\TranslationContainerInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;

class UserMenuListener implements EventSubscriberInterface, TranslationContainerInterface
{
public const ITEM_CHANGE_PASSWORD = 'user__change_password';

/** @var \Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface */
private $tokenStorage;
/** @var \eZ\Publish\API\Repository\PermissionResolver */
private $permissionResolver;

/**
* @param \Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface $tokenStorage
*/
public function __construct(TokenStorageInterface $tokenStorage)
{
$this->tokenStorage = $tokenStorage;
/** @var \eZ\Publish\API\Repository\UserService */
private $userService;

public function __construct(
PermissionResolver $permissionResolver,
UserService $userService
) {
$this->permissionResolver = $permissionResolver;
$this->userService = $userService;
}

/**
Expand All @@ -43,9 +47,11 @@ public static function getSubscribedEvents(): array
public function onUserMenuConfigure(ConfigureMenuEvent $event): void
{
$menu = $event->getMenu();
$token = $this->tokenStorage->getToken();

if (null !== $token && is_object($token->getUser())) {
$currentUserId = $this->permissionResolver->getCurrentUserReference()->getUserId();
$currentUser = $this->userService->loadUser($currentUserId);

if ($this->permissionResolver->canUser('user', 'password', $currentUser, [$currentUser])) {
$menu->addChild(
self::ITEM_CHANGE_PASSWORD,
[
Expand Down

0 comments on commit f886c43

Please sign in to comment.