<?php
namespace App\EventSubscriber;
use ApiPlatform\Core\EventListener\EventPriorities;
use App\Document\Participation;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\ParameterBag;
use Symfony\Component\HttpKernel\Event\ControllerEvent;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\KernelEvents;
/**
* Class ParticipationSubscriber.
*/
class ParticipationSubscriber implements EventSubscriberInterface
{
/**
* @return array
*/
public static function getSubscribedEvents()
{
return [
KernelEvents::CONTROLLER => [
['hasFilter', EventPriorities::PRE_READ],
]
];
}
public function hasFilter(ControllerEvent $event)
{
$query = $event->getRequest()->query;
$resource = $event->getRequest()->attributes->get('_api_resource_class');
if (Participation::class !== $resource) {
return;
}
if (!$query instanceof ParameterBag) {
return;
}
if(is_null($query->get('operation_company_companyID'))){
throw new AccessDeniedHttpException('Can\'t request this route without company filter');
}
}
}