<?phpdeclare(strict_types=1);namespace App\EventListener\Api;use App\Application\Service\Customer\CustomerService;use App\Application\Service\Helper\LogWriterService;use App\Manager\System\CustomerManager;use App\Service\EnvironmentService;use Symfony\Component\HttpFoundation\Response;use Symfony\Component\HttpKernel\Event\RequestEvent;use Symfony\Component\Security\Core\Security;class ApiAccessControlListener{ protected LogWriterService $loggerService; protected CustomerService $customerService; protected CustomerManager $customerManager; protected Security $security; protected EnvironmentService $environmentService; public function __construct( LogWriterService $loggerService, CustomerService $customerService, CustomerManager $customerManager, Security $security, EnvironmentService $environmentService ) { $this->loggerService = $loggerService; $this->customerService = $customerService; $this->customerManager = $customerManager; $this->security = $security; $this->environmentService = $environmentService; } public function onKernelRequest(RequestEvent $event): void { if (!$this->environmentService->isApi()) { return; } if (!$this->environmentService->isApiSandbox()) { $token = $this->security->getToken(); if ($token === null || $token->getUser() === null) { return; } $customer = $this->customerManager->findOne($token->getUser()); if ($customer === null) { return; } if (!$this->customerService->hasValidPack($customer->getDateCsv())) { $response = new Response('User does not have a valid pack: '.$customer->getId(), Response::HTTP_FORBIDDEN); $event->setResponse($response); } } }}