diff --git a/src/CoreBundle/DataProvider/Extension/CCalendarEventExtension.php b/src/CoreBundle/DataProvider/Extension/CCalendarEventExtension.php index 2109ef6ab3..f7ce36afea 100644 --- a/src/CoreBundle/DataProvider/Extension/CCalendarEventExtension.php +++ b/src/CoreBundle/DataProvider/Extension/CCalendarEventExtension.php @@ -19,6 +19,8 @@ use Symfony\Component\Security\Core\Security; final class CCalendarEventExtension implements QueryCollectionExtensionInterface //, QueryItemExtensionInterface { + use CourseLinkExtensionTrait; + public function __construct( private readonly Security $security, private readonly RequestStack $requestStack @@ -80,9 +82,9 @@ final class CCalendarEventExtension implements QueryCollectionExtensionInterface ; $request = $this->requestStack->getCurrentRequest(); - $courseId = $request->query->get('cid'); - $sessionId = $request->query->get('sid'); - $groupId = $request->query->get('gid'); + $courseId = $request->query->getInt('cid'); + $sessionId = $request->query->getInt('sid'); + $groupId = $request->query->getInt('gid'); $startDate = $request->query->get('startDate'); $endDate = $request->query->get('endDate'); @@ -106,28 +108,7 @@ final class CCalendarEventExtension implements QueryCollectionExtensionInterface ->setParameter('user', $user) ; } else { - $qb - ->andWhere('links.course = :course') - ->setParameter('course', $courseId) - ; - - if (empty($sessionId)) { - $qb->andWhere('links.session IS NULL'); - } else { - $qb - ->andWhere('links.session = :session') - ->setParameter('session', $sessionId) - ; - } - - if (empty($groupId)) { - $qb->andWhere('links.group IS NULL'); - } else { - $qb - ->andWhere('links.group = :group') - ->setParameter('group', $groupId) - ; - } + $this->addCourseLinkCondition($qb, $courseId, $sessionId, $groupId); } //$qb->leftJoin("$alias.receivers", 'r'); diff --git a/src/CoreBundle/DataProvider/Extension/CDocumentExtension.php b/src/CoreBundle/DataProvider/Extension/CDocumentExtension.php index e6070061cd..d819c97faa 100644 --- a/src/CoreBundle/DataProvider/Extension/CDocumentExtension.php +++ b/src/CoreBundle/DataProvider/Extension/CDocumentExtension.php @@ -22,6 +22,8 @@ use Symfony\Component\Security\Core\Security; */ final class CDocumentExtension implements QueryCollectionExtensionInterface //, QueryItemExtensionInterface { + use CourseLinkExtensionTrait; + public function __construct( private readonly Security $security, private readonly RequestStack $requestStack @@ -62,9 +64,9 @@ final class CDocumentExtension implements QueryCollectionExtensionInterface //, // Listing documents must contain the resource node parent (resourceNode.parent) and the course (cid) // At least the cid so the CourseListener can be called. $resourceParentId = $request->query->get('resourceNode_parent'); - $courseId = $request->query->get('cid'); - $sessionId = $request->query->get('sid'); - $groupId = $request->query->get('gid'); + $courseId = $request->query->getInt('cid'); + $sessionId = $request->query->getInt('sid'); + $groupId = $request->query->getInt('gid'); if (empty($resourceParentId)) { throw new AccessDeniedException('resourceNode.parent is required'); @@ -74,52 +76,7 @@ final class CDocumentExtension implements QueryCollectionExtensionInterface //, throw new AccessDeniedException('cid is required'); } - $rootAlias = $queryBuilder->getRootAliases()[0]; - - $queryBuilder - ->innerJoin("$rootAlias.resourceNode", 'node') - ->innerJoin('node.resourceLinks', 'links') - ; - - // Do not show deleted resources. - $queryBuilder - ->andWhere('links.visibility != :visibilityDeleted') - ->setParameter('visibilityDeleted', ResourceLink::VISIBILITY_DELETED) - ; - - $allowDraft = - $this->security->isGranted('ROLE_ADMIN') || - $this->security->isGranted('ROLE_CURRENT_COURSE_TEACHER'); - - if (!$allowDraft) { - $queryBuilder - ->andWhere('links.visibility != :visibilityDraft') - ->setParameter('visibilityDraft', ResourceLink::VISIBILITY_DRAFT) - ; - } - - $queryBuilder - ->andWhere('links.course = :course') - ->setParameter('course', $courseId) - ; - - if (empty($sessionId)) { - $queryBuilder->andWhere('links.session IS NULL'); - } else { - $queryBuilder - ->andWhere('links.session = :session') - ->setParameter('session', $sessionId) - ; - } - - if (empty($groupId)) { - $queryBuilder->andWhere('links.group IS NULL'); - } else { - $queryBuilder - ->andWhere('links.group = :group') - ->setParameter('group', $groupId) - ; - } + $this->addCourseLinkWithVisibilityConditions($queryBuilder, true, $courseId, $sessionId, $groupId); /*$queryBuilder-> andWhere('node.creator = :current_user') diff --git a/src/CoreBundle/DataProvider/Extension/CToolIntroExtension.php b/src/CoreBundle/DataProvider/Extension/CToolIntroExtension.php index 0619119d6e..ae02fe2982 100644 --- a/src/CoreBundle/DataProvider/Extension/CToolIntroExtension.php +++ b/src/CoreBundle/DataProvider/Extension/CToolIntroExtension.php @@ -20,6 +20,8 @@ use Symfony\Component\Security\Core\Security; final class CToolIntroExtension implements QueryCollectionExtensionInterface { + use CourseLinkExtensionTrait; + public function __construct( private readonly Security $security, private readonly RequestStack $requestStack @@ -33,74 +35,20 @@ final class CToolIntroExtension implements QueryCollectionExtensionInterface Operation $operation = null, array $context = [] ): void { - $this->addWhere($queryBuilder, $resourceClass); - } - - private function addWhere(QueryBuilder $queryBuilder, string $resourceClass): void - { if (CToolIntro::class !== $resourceClass) { return; } - /*if ($this->security->isGranted('ROLE_ADMIN')) { - return; - }*/ - if (null === $user = $this->security->getUser()) { throw new AccessDeniedException('Access Denied.'); } $request = $this->requestStack->getCurrentRequest(); - $courseId = $request->query->get('cid'); - $sessionId = $request->query->get('sid'); - $groupId = $request->query->get('gid'); - - $rootAlias = $queryBuilder->getRootAliases()[0]; - - $queryBuilder - ->innerJoin("$rootAlias.resourceNode", 'node') - ->innerJoin('node.resourceLinks', 'links') - ; - - // Do not show deleted resources. - $queryBuilder - ->andWhere('links.visibility != :visibilityDeleted') - ->setParameter('visibilityDeleted', ResourceLink::VISIBILITY_DELETED) - ; + $courseId = $request->query->getInt('cid'); + $sessionId = $request->query->getInt('sid'); + $groupId = $request->query->getInt('gid'); - $allowDraft = - $this->security->isGranted('ROLE_ADMIN') || - $this->security->isGranted('ROLE_CURRENT_COURSE_TEACHER'); - - if (!$allowDraft) { - $queryBuilder - ->andWhere('links.visibility != :visibilityDraft') - ->setParameter('visibilityDraft', ResourceLink::VISIBILITY_DRAFT) - ; - } - - $queryBuilder - ->andWhere('links.course = :course') - ->setParameter('course', $courseId) - ; - - if (empty($sessionId)) { - $queryBuilder->andWhere('links.session IS NULL'); - } else { - $queryBuilder - ->andWhere('links.session = :session') - ->setParameter('session', $sessionId) - ; - } - - if (empty($groupId)) { - $queryBuilder->andWhere('links.group IS NULL'); - } else { - $queryBuilder - ->andWhere('links.group = :group') - ->setParameter('group', $groupId) - ; - } + $this->addCourseLinkWithVisibilityConditions($queryBuilder, true, $courseId, $sessionId, $groupId); } } diff --git a/src/CoreBundle/DataProvider/Extension/CourseLinkExtensionTrait.php b/src/CoreBundle/DataProvider/Extension/CourseLinkExtensionTrait.php new file mode 100644 index 0000000000..009fa01e6b --- /dev/null +++ b/src/CoreBundle/DataProvider/Extension/CourseLinkExtensionTrait.php @@ -0,0 +1,79 @@ +getRootAliases()[0]; + + $queryBuilder + ->innerJoin("$rootAlias.resourceNode", 'node') + ->innerJoin('node.resourceLinks', 'links'); + + if ($checkVisibility) { + $this->addVisibilityCondition($queryBuilder); + } + + $this->addCourseLinkCondition($queryBuilder, $courseId, $sessionId, $groupId); + } + + protected function addVisibilityCondition(QueryBuilder $queryBuilder): void + { + // Do not show deleted resources. + $queryBuilder + ->andWhere('links.visibility != :visibilityDeleted') + ->setParameter('visibilityDeleted', ResourceLink::VISIBILITY_DELETED); + + $allowDraft = + $this->security->isGranted('ROLE_ADMIN') || + $this->security->isGranted('ROLE_CURRENT_COURSE_TEACHER'); + + if (!$allowDraft) { + $queryBuilder + ->andWhere('links.visibility != :visibilityDraft') + ->setParameter('visibilityDraft', ResourceLink::VISIBILITY_DRAFT); + } + } + + protected function addCourseLinkCondition( + QueryBuilder $queryBuilder, + int $courseId, + ?int $sessionId, + ?int $groupId + ): void { + $queryBuilder + ->andWhere('links.course = :course') + ->setParameter('course', $courseId); + + if (empty($sessionId)) { + $queryBuilder->andWhere('links.session IS NULL'); + } else { + $queryBuilder + ->andWhere('links.session = :session') + ->setParameter('session', $sessionId); + } + + if (empty($groupId)) { + $queryBuilder->andWhere('links.group IS NULL'); + } else { + $queryBuilder + ->andWhere('links.group = :group') + ->setParameter('group', $groupId); + } + } +}