Add new role to see confidential right on method AccompanyingPeriodACLAwareRepositoryInterface::findByUserAndPostalCodeOpenedAccompanyingPeriod

This commit is contained in:
2023-07-05 21:56:50 +02:00
parent a990591e0c
commit 779eb812b0
4 changed files with 200 additions and 90 deletions

View File

@@ -14,6 +14,7 @@ namespace Chill\PersonBundle\Repository;
use Chill\MainBundle\Entity\Address;
use Chill\MainBundle\Entity\Center;
use Chill\MainBundle\Entity\Location;
use Chill\MainBundle\Entity\PostalCode;
use Chill\MainBundle\Entity\Scope;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Entity\UserJob;
@@ -21,12 +22,8 @@ use Chill\MainBundle\Security\Authorization\AuthorizationHelperForCurrentUserInt
use Chill\MainBundle\Security\Resolver\CenterResolverManagerInterface;
use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Entity\AccompanyingPeriodParticipation;
use Chill\PersonBundle\Entity\Household\PersonHouseholdAddress;
use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use DateTime;
use DateTimeImmutable;
use Doctrine\DBAL\Types\Types;
use Doctrine\ORM\NonUniqueResultException;
use Doctrine\ORM\NoResultException;
use Doctrine\ORM\Query\Expr\Join;
@@ -60,51 +57,33 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
$this->centerResolver = $centerResolverDispatcher;
}
public function buildQueryOpenedAccompanyingCourseByUser(?User $user, array $postalCodes = []): QueryBuilder
public function buildQueryOpenedAccompanyingCourseByUserAndPostalCodes(?User $user, array $postalCodes = []): QueryBuilder
{
$qb = $this->accompanyingPeriodRepository->createQueryBuilder('ap');
$qb->where($qb->expr()->eq('ap.user', ':user'))
->andWhere(
$qb->expr()->neq('ap.step', ':draft'),
$qb->expr()->orX(
$qb->expr()->isNull('ap.closingDate'),
$qb->expr()->gt('ap.closingDate', ':now')
)
$qb->expr()->neq('ap.step', ':closed'),
)
->setParameter('user', $user)
->setParameter('now', new DateTime('now'))
->setParameter('draft', AccompanyingPeriod::STEP_DRAFT);
->setParameter('draft', AccompanyingPeriod::STEP_DRAFT)
->setParameter('closed', AccompanyingPeriod::STEP_CLOSED);
if ([] !== $postalCodes) {
$qb->join('ap.locationHistories', 'location_history')
->leftJoin(PersonHouseholdAddress::class, 'person_address', Join::WITH, 'IDENTITY(location_history.personLocation) = IDENTITY(person_address.person)')
$qb->join('ap.locationHistories', 'location_history', Join::WITH, 'location_history.endDate IS NULL')
->leftJoin(Person\PersonCurrentAddress::class, 'person_address', Join::WITH, 'IDENTITY(location_history.personLocation) = IDENTITY(person_address.person)')
->join(
Address::class,
'address',
Join::WITH,
'COALESCE(IDENTITY(location_history.addressLocation), IDENTITY(person_address.address)) = address.id'
'COALESCE(IDENTITY(person_address.address), IDENTITY(location_history.addressLocation)) = address.id'
)
->join('address.postcode', 'postcode')
->andWhere(
$qb->expr()->orX(
$qb->expr()->isNull('person_address'),
$qb->expr()->andX(
$qb->expr()->lte('person_address.validFrom', ':now'),
$qb->expr()->orX(
$qb->expr()->isNull('person_address.validTo'),
$qb->expr()->lt('person_address.validTo', ':now')
)
)
)
$qb->expr()->in('postcode.code', ':postal_codes')
)
->andWhere(
$qb->expr()->isNull('location_history.endDate')
)
->andWhere(
$qb->expr()->in('address.postcode', ':postal_codes')
)
->setParameter('now', new DateTimeImmutable('now'), Types::DATE_IMMUTABLE)
->setParameter('postal_codes', $postalCodes);
->setParameter('postal_codes', array_map(fn (PostalCode $postalCode) => $postalCode->getCode(), $postalCodes));
}
return $qb;
@@ -116,7 +95,7 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
*/
public function countByUnDispatched(array $jobs, array $services, array $administrativeLocations): int
{
$qb = $this->addACLByUnDispatched(
$qb = $this->addACLMultiCenterOnQuery(
$this->buildQueryUnDispatched($jobs, $services, $administrativeLocations),
$this->buildCenterOnScope()
);
@@ -132,22 +111,12 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
return 0;
}
return $this->buildQueryOpenedAccompanyingCourseByUser($user, $postalCodes)
->select('COUNT(ap)')
->getQuery()
->getSingleScalarResult();
}
$qb = $this->buildQueryOpenedAccompanyingCourseByUserAndPostalCodes($user, $postalCodes);
$qb = $this->addACLMultiCenterOnQuery($qb, $this->buildCenterOnScope(), false);
public function countByUserOpenedAccompanyingPeriod(?User $user): int
{
if (null === $user) {
return 0;
}
$qb->select('COUNT(DISTINCT ap)');
return $this->buildQueryOpenedAccompanyingCourseByUser($user)
->select('COUNT(ap)')
->getQuery()
->getSingleScalarResult();
return $qb->getQuery()->getSingleScalarResult();
}
public function findByPerson(
@@ -283,7 +252,7 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
$qb = $this->buildQueryUnDispatched($jobs, $services, $administrativeAdministrativeLocations);
$qb->select('ap');
$qb = $this->addACLByUnDispatched($qb, $this->buildCenterOnScope(), false);
$qb = $this->addACLMultiCenterOnQuery($qb, $this->buildCenterOnScope(), false);
$qb = $this->addOrderLimitClauses($qb, $orderBy, $limit, $offset);
return $qb->getQuery()->getResult();
@@ -295,32 +264,9 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
return [];
}
$qb = $this->buildQueryOpenedAccompanyingCourseByUser($user);
$qb->setFirstResult($offset)
->setMaxResults($limit);
foreach ($orderBy as $field => $direction) {
$qb->addOrderBy('ap.' . $field, $direction);
}
return $qb->getQuery()->getResult();
}
public function findByUserOpenedAccompanyingPeriod(?User $user, array $orderBy = [], int $limit = 0, int $offset = 50): array
{
if (null === $user) {
return [];
}
$qb = $this->buildQueryOpenedAccompanyingCourseByUser($user);
$qb->setFirstResult($offset)
->setMaxResults($limit);
foreach ($orderBy as $field => $direction) {
$qb->addOrderBy('ap.' . $field, $direction);
}
$qb = $this->buildQueryOpenedAccompanyingCourseByUserAndPostalCodes($user, $postalCodes);
$qb = $this->addACLMultiCenterOnQuery($qb, $this->buildCenterOnScope(), false);
$qb = $this->addOrderLimitClauses($qb, $orderBy, $limit, $offset);
return $qb->getQuery()->getResult();
}
@@ -331,7 +277,7 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
* @param bool $allowNoCenter if true, will allow to see the periods linked to person which does not have any center. Very few edge case when some Person are not associated to a center.
* @return QueryBuilder
*/
public function addACLByUnDispatched(QueryBuilder $qb, array $centerScopes, bool $allowNoCenter = false): QueryBuilder
public function addACLMultiCenterOnQuery(QueryBuilder $qb, array $centerScopes, bool $allowNoCenter = false): QueryBuilder
{
$user = $this->security->getUser();
@@ -366,9 +312,9 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
// - and the parcours is not confidential OR the user is the referrer OR the user can see the confidential course
$orOnScope = $qb->expr()->orX(
$qb->expr()->isMemberOf(':scope_' . $idx, 'ap.scopes'),
$qb->expr()->eq('ap.user', ':user')
$qb->expr()->eq('ap.user', ':user_executing')
);
$qb->setParameter('user', $user);
$qb->setParameter('user_executing', $user);
if (in_array($scope, $scopesCanSeeConfidential, true)) {
$orScopeInsideCenter->add($orOnScope);
@@ -378,7 +324,7 @@ final readonly class AccompanyingPeriodACLAwareRepository implements Accompanyin
$orOnScope,
$qb->expr()->orX(
'ap.confidential = FALSE',
$qb->expr()->eq('ap.user', ':user')
$qb->expr()->eq('ap.user', ':user_executing')
)
);
$orScopeInsideCenter->add($andXOnScope);