|
|
|
|
@ -9,18 +9,19 @@ namespace Chamilo\CoreBundle\DataProvider\Extension; |
|
|
|
|
use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface; |
|
|
|
|
use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface; |
|
|
|
|
use ApiPlatform\Metadata\Operation; |
|
|
|
|
use Chamilo\CoreBundle\Entity\AccessUrlRelCourse; |
|
|
|
|
use Chamilo\CoreBundle\Entity\CourseRelUser; |
|
|
|
|
use Chamilo\CoreBundle\Entity\User; |
|
|
|
|
use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper; |
|
|
|
|
use Doctrine\ORM\QueryBuilder; |
|
|
|
|
use Symfony\Bundle\SecurityBundle\Security; |
|
|
|
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
|
|
|
|
|
|
|
|
|
// use ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\QueryItemExtensionInterface; |
|
|
|
|
|
|
|
|
|
final class CourseRelUserExtension implements QueryCollectionExtensionInterface // , QueryItemExtensionInterface |
|
|
|
|
final class CourseRelUserExtension implements QueryCollectionExtensionInterface |
|
|
|
|
{ |
|
|
|
|
public function __construct( |
|
|
|
|
private readonly Security $security |
|
|
|
|
private readonly Security $security, |
|
|
|
|
private readonly AccessUrlHelper $accessUrlHelper |
|
|
|
|
) {} |
|
|
|
|
|
|
|
|
|
public function applyToCollection( |
|
|
|
|
@ -30,13 +31,34 @@ final class CourseRelUserExtension implements QueryCollectionExtensionInterface |
|
|
|
|
?Operation $operation = null, |
|
|
|
|
array $context = [] |
|
|
|
|
): void { |
|
|
|
|
if ($this->accessUrlHelper->isMultiple()) { |
|
|
|
|
$accessUrl = $this->accessUrlHelper->getCurrent(); |
|
|
|
|
$rootAlias = $queryBuilder->getRootAliases()[0]; |
|
|
|
|
if (isset($context['filters']['sticky']) && $context['filters']['sticky']) { |
|
|
|
|
$queryBuilder |
|
|
|
|
->innerJoin( |
|
|
|
|
AccessUrlRelCourse::class, |
|
|
|
|
'url_rel', |
|
|
|
|
'WITH', |
|
|
|
|
'url_rel.course = ' . $rootAlias |
|
|
|
|
) |
|
|
|
|
->andWhere('url_rel.url = :access_url_id') |
|
|
|
|
->setParameter('access_url_id', $accessUrl->getId()); |
|
|
|
|
} else { |
|
|
|
|
$queryBuilder |
|
|
|
|
->innerJoin("$rootAlias.course", 'c') |
|
|
|
|
->innerJoin('c.urls', 'url_rel') |
|
|
|
|
->andWhere('url_rel.url = :access_url_id') |
|
|
|
|
->setParameter('access_url_id', $accessUrl->getId()); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ($this->security->isGranted('ROLE_ADMIN')) { |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (CourseRelUser::class === $resourceClass) { |
|
|
|
|
// Blocks a ROLE_USER to access CourseRelUsers from another User. |
|
|
|
|
if ('collection_query' === $operation->getName()) { |
|
|
|
|
if ('collection_query' === $operation?->getName()) { |
|
|
|
|
/** @var User|null $user */ |
|
|
|
|
if (null === $user = $this->security->getUser()) { |
|
|
|
|
throw new AccessDeniedException('Access Denied.'); |
|
|
|
|
@ -51,12 +73,6 @@ final class CourseRelUserExtension implements QueryCollectionExtensionInterface |
|
|
|
|
$this->addWhere($queryBuilder, $resourceClass); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/*public function applyToItem(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, array $identifiers, string $operationName = null, array $context = []): void |
|
|
|
|
{ |
|
|
|
|
error_log('applyToItem'); |
|
|
|
|
$this->addWhere($queryBuilder, $resourceClass); |
|
|
|
|
}*/ |
|
|
|
|
|
|
|
|
|
private function addWhere(QueryBuilder $queryBuilder, string $resourceClass): void |
|
|
|
|
{ |
|
|
|
|
if (CourseRelUser::class !== $resourceClass) { |
|
|
|
|
|
christianbeeznst
1 year ago