chamilo-lms/src/CoreBundle/DataProvider/Extension/CDocumentExtension.php

<?php

/* For licensing terms, see /license.txt */

declare(strict_types=1);

namespace Chamilo\CoreBundle\DataProvider\Extension;

use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;

//use ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\QueryItemExtensionInterface;
use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;
use ApiPlatform\Metadata\Operation;
use Chamilo\CoreBundle\Entity\ResourceLink;
use Chamilo\CourseBundle\Entity\CDocument;
use Doctrine\ORM\QueryBuilder;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Security;

/**
 * Extension is called when loading api/documents.json.
 */
final class CDocumentExtension implements QueryCollectionExtensionInterface //, QueryItemExtensionInterface
{

    public function __construct(private readonly Security $security, private readonly RequestStack $requestStack)
    {
    }

    public function applyToCollection(
        QueryBuilder $queryBuilder,
        QueryNameGeneratorInterface $queryNameGenerator,
        string $resourceClass,
        Operation $operation = null,
        array $context = []
    ): void {
        $this->addWhere($queryBuilder, $resourceClass);
    }

    /*public function applyToItem(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, array $identifiers, string $operationName = null, array $context = []): void
    {
        $this->addWhere($queryBuilder, $resourceClass);
    }*/

    private function addWhere(QueryBuilder $queryBuilder, string $resourceClass): void
    {
        if (CDocument::class !== $resourceClass) {
            return;
        }

        /*if ($this->security->isGranted('ROLE_ADMIN')) {
            return;
        }*/

        if (null === $user = $this->security->getUser()) {
            throw new AccessDeniedException('Access Denied.');
        }

        $request = $this->requestStack->getCurrentRequest();

        // Listing documents must contain the resource node parent (resourceNode.parent) and the course (cid)
        // At least the cid so the CourseListener can be called.
        $resourceParentId = $request->query->get('resourceNode_parent');
        $courseId = $request->query->get('cid');
        $sessionId = $request->query->get('sid');
        $groupId = $request->query->get('gid');

        if (empty($resourceParentId)) {
            throw new AccessDeniedException('resourceNode.parent is required');
        }

        if (empty($courseId)) {
            throw new AccessDeniedException('cid is required');
        }

        $rootAlias = $queryBuilder->getRootAliases()[0];

        $queryBuilder
            ->innerJoin("$rootAlias.resourceNode", 'node')
            ->innerJoin('node.resourceLinks', 'links');

        // Do not show deleted resources.
        $queryBuilder
            ->andWhere('links.visibility != :visibilityDeleted')
            ->setParameter('visibilityDeleted', ResourceLink::VISIBILITY_DELETED);

        $allowDraft =
            $this->security->isGranted('ROLE_ADMIN') ||
            $this->security->isGranted('ROLE_CURRENT_COURSE_TEACHER');

        if (!$allowDraft) {
            $queryBuilder
                ->andWhere('links.visibility != :visibilityDraft')
                ->setParameter('visibilityDraft', ResourceLink::VISIBILITY_DRAFT);
        }

        $queryBuilder
            ->andWhere('links.course = :course')
            ->setParameter('course', $courseId);

        if (empty($sessionId)) {
            $queryBuilder->andWhere('links.session IS NULL');
        } else {
            $queryBuilder
                ->andWhere('links.session = :session')
                ->setParameter('session', $sessionId);
        }

        if (empty($groupId)) {
            $queryBuilder->andWhere('links.group IS NULL');
        } else {
            $queryBuilder
                ->andWhere('links.group = :group')
                ->setParameter('group', $groupId);
        }

        /*$queryBuilder->
            andWhere('node.creator = :current_user')
        ;*/
        //$queryBuilder->andWhere(sprintf('%s.node.creator = :current_user', $rootAlias));
        //$queryBuilder->setParameter('current_user', $user->getId());
    }
}
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`<?php`

			`/* For licensing terms, see /license.txt */`

			`declare(strict_types=1);`

			`namespace Chamilo\CoreBundle\DataProvider\Extension;`

Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;`

Document: Fix folder visibility (WIP) 5 years ago			`//use ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\QueryItemExtensionInterface;`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;`
			`use ApiPlatform\Metadata\Operation;`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`use Chamilo\CoreBundle\Entity\ResourceLink;`
			`use Chamilo\CourseBundle\Entity\CDocument;`
			`use Doctrine\ORM\QueryBuilder;`
Documents: check security roles 4 years ago			`use Symfony\Component\HttpFoundation\RequestStack;`
			`use Symfony\Component\Security\Core\Exception\AccessDeniedException;`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`use Symfony\Component\Security\Core\Security;`

Documents: check security roles 4 years ago			`/**`
Minor - format code, remove logs 4 years ago			`* Extension is called when loading api/documents.json.`
Documents: check security roles 4 years ago			`*/`
Document: Fix folder visibility (WIP) 5 years ago			`final class CDocumentExtension implements QueryCollectionExtensionInterface //, QueryItemExtensionInterface`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`{`

Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`public function __construct(private readonly Security $security, private readonly RequestStack $requestStack)`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`{`
			`}`

Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`public function applyToCollection(`
			`QueryBuilder $queryBuilder,`
			`QueryNameGeneratorInterface $queryNameGenerator,`
			`string $resourceClass,`
			`Operation $operation = null,`
			`array $context = []`
			`): void {`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`$this->addWhere($queryBuilder, $resourceClass);`
			`}`

Document: Fix folder visibility (WIP) 5 years ago			`/*public function applyToItem(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, array $identifiers, string $operationName = null, array $context = []): void`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`{`
			`$this->addWhere($queryBuilder, $resourceClass);`
Document: Fix folder visibility (WIP) 5 years ago			`}*/`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago
			`private function addWhere(QueryBuilder $queryBuilder, string $resourceClass): void`
			`{`
Documents: check security roles 4 years ago			`if (CDocument::class !== $resourceClass) {`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`return;`
			`}`

Documents: Add tests + fix session access 4 years ago			`/*if ($this->security->isGranted('ROLE_ADMIN')) {`
Documents: check security roles 4 years ago			`return;`
Documents: Add tests + fix session access 4 years ago			`}*/`
Documents: check security roles 4 years ago
			`if (null === $user = $this->security->getUser()) {`
Documents: Add tests + fix session access 4 years ago			`throw new AccessDeniedException('Access Denied.');`
Documents: check security roles 4 years ago			`}`

			`$request = $this->requestStack->getCurrentRequest();`

			`// Listing documents must contain the resource node parent (resourceNode.parent) and the course (cid)`
			`// At least the cid so the CourseListener can be called.`
			`$resourceParentId = $request->query->get('resourceNode_parent');`
			`$courseId = $request->query->get('cid');`
			`$sessionId = $request->query->get('sid');`
			`$groupId = $request->query->get('gid');`

			`if (empty($resourceParentId)) {`
			`throw new AccessDeniedException('resourceNode.parent is required');`
			`}`

			`if (empty($courseId)) {`
			`throw new AccessDeniedException('cid is required');`
			`}`

Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`$rootAlias = $queryBuilder->getRootAliases()[0];`

			`$queryBuilder`
Fix arguments type hint 5 years ago			`->innerJoin("$rootAlias.resourceNode", 'node')`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`->innerJoin('node.resourceLinks', 'links');`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago
Documents: Fix student/admin access in course + add test 4 years ago			`// Do not show deleted resources.`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`$queryBuilder`
			`->andWhere('links.visibility != :visibilityDeleted')`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`->setParameter('visibilityDeleted', ResourceLink::VISIBILITY_DELETED);`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago
Minor - remove unused code, fix new CToolIntro, use attributes 4 years ago			`$allowDraft =`
			`$this->security->isGranted('ROLE_ADMIN') \|\|`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`$this->security->isGranted('ROLE_CURRENT_COURSE_TEACHER');`
Documents: Add toggle visibility button + test 4 years ago
Documents: Fix student/admin access in course + add test 4 years ago			`if (!$allowDraft) {`
Documents: Add toggle visibility button + test 4 years ago			`$queryBuilder`
			`->andWhere('links.visibility != :visibilityDraft')`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`->setParameter('visibilityDraft', ResourceLink::VISIBILITY_DRAFT);`
Documents: Add toggle visibility button + test 4 years ago			`}`
Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago
Documents: check security roles 4 years ago			`$queryBuilder`
			`->andWhere('links.course = :course')`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`->setParameter('course', $courseId);`
Documents: check security roles 4 years ago
			`if (empty($sessionId)) {`
			`$queryBuilder->andWhere('links.session IS NULL');`
			`} else {`
			`$queryBuilder`
			`->andWhere('links.session = :session')`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`->setParameter('session', $sessionId);`
Documents: check security roles 4 years ago			`}`

Documents: Add tests + fix session access 4 years ago			`if (empty($groupId)) {`
			`$queryBuilder->andWhere('links.group IS NULL');`
			`} else {`
			`$queryBuilder`
			`->andWhere('links.group = :group')`
Internal: Update API resources to ApiPlatform v2.7 syntax 2 years ago			`->setParameter('group', $groupId);`
Documents: Add tests + fix session access 4 years ago			`}`

Minor - Add CDocumentExtension to filter the results call with api core In this example, the document is filter for a student so he cannot see deleted documents. (WIP) See: https://api-platform.com/docs/core/extensions/ 5 years ago			`/*$queryBuilder->`
			`andWhere('node.creator = :current_user')`
			`;*/`
			`//$queryBuilder->andWhere(sprintf('%s.node.creator = :current_user', $rootAlias));`
			`//$queryBuilder->setParameter('current_user', $user->getId());`
			`}`
			`}`