Passed
Push — master ( 5ded13...ec1ed8 )
by Julito
10:27
created

CourseExtension::addWhere()   B

Complexity

Conditions 6
Paths 7

Size

Total Lines 38
Code Lines 21

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 6
eloc 21
c 1
b 0
f 0
nc 7
nop 2
dl 0
loc 38
rs 8.9617
1
<?php
2
3
/* For licensing terms, see /license.txt */
4
5
declare(strict_types=1);
6
7
namespace Chamilo\CoreBundle\DataProvider\Extension;
8
9
use ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;
10
//use ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\QueryItemExtensionInterface;
11
use ApiPlatform\Core\Bridge\Doctrine\Orm\Util\QueryNameGeneratorInterface;
12
use Chamilo\CoreBundle\Entity\Course;
13
use Chamilo\CoreBundle\Entity\ResourceLink;
14
use Doctrine\ORM\QueryBuilder;
15
use Symfony\Component\HttpFoundation\RequestStack;
16
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
17
use Symfony\Component\Security\Core\Security;
18
19
/**
20
 * Extension is called when loading api/courses.json.
21
 */
22
final class CourseExtension implements QueryCollectionExtensionInterface
23
{
24
    private Security $security;
25
    private RequestStack $requestStack;
26
27
    public function __construct(Security $security, RequestStack $request)
28
    {
29
        $this->security = $security;
30
        $this->requestStack = $request;
31
    }
32
33
    public function applyToCollection(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, string $operationName = null): void
34
    {
35
        $this->addWhere($queryBuilder, $resourceClass);
36
    }
37
38
    /*public function applyToItem(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, array $identifiers, string $operationName = null, array $context = []): void
39
    {
40
        error_log('applyToItem');
41
        $this->addWhere($queryBuilder, $resourceClass);
42
    }*/
43
44
    private function addWhere(QueryBuilder $queryBuilder, string $resourceClass): void
45
    {
46
        if (Course::class !== $resourceClass) {
47
            return;
48
        }
49
50
        if ($this->security->isGranted('ROLE_ADMIN')) {
51
            return;
52
        }
53
54
        if (null === $user = $this->security->getUser()) {
55
            throw new AccessDeniedException('Access Denied.');
56
        }
57
58
        $request = $this->requestStack->getCurrentRequest();
59
60
        $rootAlias = $queryBuilder->getRootAliases()[0];
61
62
        $queryBuilder
63
            ->innerJoin("$rootAlias.resourceNode", 'node')
64
            ->innerJoin('node.resourceLinks', 'links')
65
        ;
66
67
        // Do not show deleted resources.
68
        $queryBuilder
69
            ->andWhere('links.visibility != :visibilityDeleted')
70
            ->setParameter('visibilityDeleted', ResourceLink::VISIBILITY_DELETED)
71
        ;
72
73
        $allowDraft =
74
            $this->security->isGranted('ROLE_ADMIN') ||
75
            $this->security->isGranted('ROLE_CURRENT_COURSE_TEACHER')
76
        ;
77
78
        if (!$allowDraft) {
79
            $queryBuilder
80
                ->andWhere('links.visibility != :visibilityDraft')
81
                ->setParameter('visibilityDraft', ResourceLink::VISIBILITY_DRAFT)
82
            ;
83
        }
84
85
        /*$queryBuilder->
86
            andWhere('node.creator = :current_user')
87
        ;*/
88
        //$queryBuilder->andWhere(sprintf('%s.node.creator = :current_user', $rootAlias));
89
        //$queryBuilder->setParameter('current_user', $user->getId());
90
    }
91
}
92