accompanyingPeriodRepository->createQueryBuilder('ap'); $qb->where($qb->expr()->eq('ap.user', ':user')) ->andWhere( $qb->expr()->neq('ap.step', ':draft'), $qb->expr()->neq('ap.step', ':closed'), ) ->setParameter('user', $user) ->setParameter('draft', AccompanyingPeriod::STEP_DRAFT) ->setParameter('closed', AccompanyingPeriod::STEP_CLOSED); if ([] !== $postalCodes) { $qb->join('ap.locationHistories', 'location_history', Join::WITH, 'location_history.endDate IS NULL') ->leftJoin(Person\PersonCurrentAddress::class, 'person_address', Join::WITH, 'IDENTITY(location_history.personLocation) = IDENTITY(person_address.person)') ->join( Address::class, 'address', Join::WITH, 'COALESCE(IDENTITY(person_address.address), IDENTITY(location_history.addressLocation)) = address.id' ) ->andWhere( $qb->expr()->in('address.postcode', ':postal_codes') ) ->setParameter('postal_codes', $postalCodes); } return $qb; } /** * @throws NonUniqueResultException * @throws NoResultException */ public function countByUnDispatched(array $jobs, array $services, array $administrativeLocations): int { $qb = $this->addACLMultiCenterOnQuery( $this->buildQueryUnDispatched($jobs, $services, $administrativeLocations), $this->buildCenterOnScope() ); $qb->select('COUNT(ap)'); return $qb->getQuery()->getSingleScalarResult(); } public function countByUserAndPostalCodesOpenedAccompanyingPeriod(?User $user, array $postalCodes): int { if (null === $user) { return 0; } $qb = $this->buildQueryOpenedAccompanyingCourseByUserAndPostalCodes($user, $postalCodes); $qb = $this->addACLMultiCenterOnQuery($qb, $this->buildCenterOnScope(), false); $qb->select('COUNT(DISTINCT ap)'); return $qb->getQuery()->getSingleScalarResult(); } public function findByPerson( Person $person, string $role, ?array $orderBy = [], ?int $limit = null, ?int $offset = null, ): array { $qb = $this->accompanyingPeriodRepository->createQueryBuilder('ap'); $scopes = $this->authorizationHelper ->getReachableScopes( $role, $this->centerResolver->resolveCenters($person) ); $scopesCanSeeConfidential = $this->authorizationHelper ->getReachableScopes( AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL, $this->centerResolver->resolveCenters($person) ); if (0 === \count($scopes)) { return []; } $qb ->join('ap.participations', 'participation') ->where($qb->expr()->eq('participation.person', ':person')) ->setParameter('person', $person); $qb = $this->addACLClauses($qb, $scopes, $scopesCanSeeConfidential); $qb = $this->addOrderLimitClauses($qb, $orderBy, $limit, $offset); return $qb->getQuery()->getResult(); } public function addOrderLimitClauses(QueryBuilder $qb, ?array $orderBy = null, ?int $limit = null, ?int $offset = null): QueryBuilder { if (null !== $orderBy) { foreach ($orderBy as $field => $order) { $qb->addOrderBy('ap.'.$field, $order); } } if (null !== $limit) { $qb->setMaxResults($limit); } if (null !== $offset) { $qb->setFirstResult($offset); } return $qb; } /** * Add clause for scope on a query, based on no. * * @param QueryBuilder $qb where the accompanying period have the `ap` alias * @param array $scopesCanSee * @param array $scopesCanSeeConfidential */ public function addACLClauses(QueryBuilder $qb, array $scopesCanSee, array $scopesCanSeeConfidential): QueryBuilder { $qb ->andWhere( $qb->expr()->orX( $qb->expr()->neq('ap.step', ':draft'), $qb->expr()->orX( $qb->expr()->eq('ap.createdBy', ':creator'), $qb->expr()->isNull('ap.createdBy') ) ) ) ->setParameter('draft', AccompanyingPeriod::STEP_DRAFT) ->setParameter('user', $this->security->getUser()) ->setParameter('creator', $this->security->getUser()); // add join condition for scopes $orx = $qb->expr()->orX( // even if the scope is not in one authorized, the user can see the course if it is in DRAFT state $qb->expr()->eq('ap.step', ':draft') ); foreach ($scopesCanSee as $key => $scope) { // for each scope: // - either the user is the referrer of the course // - or the accompanying course is one of the reachable scopes // - and the parcours is not confidential OR the user is the referrer OR the user can see the confidential course $orOnScope = $qb->expr()->orX( $qb->expr()->isMemberOf(':scope_'.$key, 'ap.scopes'), $qb->expr()->eq('ap.user', ':user') ); if (in_array($scope, $scopesCanSeeConfidential, true)) { $orx->add($orOnScope); } else { // we must add a condition: the course is not confidential or the user is the referrer $andXOnScope = $qb->expr()->andX( $orOnScope, $qb->expr()->orX( 'ap.confidential = FALSE', $qb->expr()->eq('ap.user', ':user') ) ); $orx->add($andXOnScope); } $qb->setParameter('scope_'.$key, $scope); } $qb->andWhere($orx); return $qb; } public function buildCenterOnScope(): array { $centerOnScopes = []; foreach ($this->authorizationHelper->getReachableCenters(AccompanyingPeriodVoter::SEE) as $center) { $centerOnScopes[] = [ 'center' => $center, 'scopeOnRole' => $this->authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE, $center), 'scopeCanSeeConfidential' => $this->authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL, $center), ]; } return $centerOnScopes; } public function findByUnDispatched(array $jobs, array $services, array $administrativeAdministrativeLocations, ?array $orderBy = null, ?int $limit = null, ?int $offset = null): array { $qb = $this->buildQueryUnDispatched($jobs, $services, $administrativeAdministrativeLocations); $qb->select('ap'); $qb = $this->addACLMultiCenterOnQuery($qb, $this->buildCenterOnScope(), false); $qb = $this->addOrderLimitClauses($qb, $orderBy, $limit, $offset); return $qb->getQuery()->getResult(); } public function findByUserAndPostalCodesOpenedAccompanyingPeriod(?User $user, array $postalCodes, array $orderBy = [], int $limit = 0, int $offset = 50): array { if (null === $user) { return []; } $qb = $this->buildQueryOpenedAccompanyingCourseByUserAndPostalCodes($user, $postalCodes); $qb = $this->addACLMultiCenterOnQuery($qb, $this->buildCenterOnScope(), false); $qb = $this->addOrderLimitClauses($qb, $orderBy, $limit, $offset); return $qb->getQuery()->getResult(); } /** * @param list, scopeCanSeeConfidential: list}> $centerScopes * @param bool $allowNoCenter if true, will allow to see the periods linked to person which does not have any center. Very few edge case when some Person are not associated to a center. */ public function addACLMultiCenterOnQuery(QueryBuilder $qb, array $centerScopes, bool $allowNoCenter = false): QueryBuilder { $user = $this->security->getUser(); if (0 === \count($centerScopes) || !$user instanceof User) { return $qb->andWhere("'FALSE' = 'TRUE'"); } $orX = $qb->expr()->orX(); $idx = 0; foreach ($centerScopes as ['center' => $center, 'scopeOnRole' => $scopes, 'scopeCanSeeConfidential' => $scopesCanSeeConfidential]) { $and = $qb->expr()->andX( $qb->expr()->exists( 'SELECT 1 FROM '.AccompanyingPeriodParticipation::class." part_{$idx} ". "JOIN part_{$idx}.person p{$idx} LEFT JOIN p{$idx}.centerCurrent centerCurrent_{$idx} ". "WHERE part_{$idx}.accompanyingPeriod = ap.id AND (centerCurrent_{$idx}.center = :center_{$idx}" .($allowNoCenter ? " OR centerCurrent_{$idx}.id IS NULL)" : ')') ) ); $qb->setParameter('center_'.$idx, $center); $orScopeInsideCenter = $qb->expr()->orX( // even if the scope is not in one authorized, the user can see the course if it is in DRAFT state $qb->expr()->eq('ap.step', ':draft') ); ++$idx; foreach ($scopes as $scope) { // for each scope: // - either the user is the referrer of the course // - or the accompanying course is one of the reachable scopes // - and the parcours is not confidential OR the user is the referrer OR the user can see the confidential course $orOnScope = $qb->expr()->orX( $qb->expr()->isMemberOf(':scope_'.$idx, 'ap.scopes'), $qb->expr()->eq('ap.user', ':user_executing') ); $qb->setParameter('user_executing', $user); if (in_array($scope, $scopesCanSeeConfidential, true)) { $orScopeInsideCenter->add($orOnScope); } else { // we must add a condition: the course is not confidential or the user is the referrer $andXOnScope = $qb->expr()->andX( $orOnScope, $qb->expr()->orX( 'ap.confidential = FALSE', $qb->expr()->eq('ap.user', ':user_executing') ) ); $orScopeInsideCenter->add($andXOnScope); } $qb->setParameter('scope_'.$idx, $scope); ++$idx; } $and->add($orScopeInsideCenter); $orX->add($and); ++$idx; } return $qb->andWhere($orX); } /** * @param array|UserJob[] $jobs * @param array|Scope[] $services * @param array|Location[] $locations */ public function buildQueryUnDispatched(array $jobs, array $services, array $locations): QueryBuilder { $qb = $this->accompanyingPeriodRepository->createQueryBuilder('ap'); $qb->where( $qb->expr()->andX( $qb->expr()->isNull('ap.user'), $qb->expr()->neq('ap.step', ':draft'), $qb->expr()->neq('ap.step', ':closed') ) ) ->setParameter('draft', AccompanyingPeriod::STEP_DRAFT) ->setParameter('closed', AccompanyingPeriod::STEP_CLOSED); if (0 < \count($jobs)) { $qb->andWhere($qb->expr()->in('ap.job', ':jobs')) ->setParameter('jobs', $jobs); } if (0 < \count($locations)) { $qb->andWhere($qb->expr()->in('ap.administrativeLocation', ':locations')) ->setParameter('locations', $locations); } if (0 < \count($services)) { $or = $qb->expr()->orX(); foreach ($services as $key => $service) { $or->add($qb->expr()->isMemberOf(':scopef_'.$key, 'ap.scopes')); $qb->setParameter('scopef_'.$key, $service); } $qb->andWhere($or); } return $qb; } public function findByUserAssociation(User $user, array $steps, ?\DateTimeImmutable $from, ?\DateTimeImmutable $to, int $filter, ?int $start = 0, ?int $limit = 1000): array { $qb = $this->buildQueryByUserAssociation($user, $steps, $from, $to, $filter); $qb->addOrderBy('acp.openingDate', 'DESC'); if (null !== $start) { $qb->setFirstResult($start); } if (null !== $limit) { $qb->setMaxResults($limit); } return $qb->getQuery()->getResult(); } public function countByUserAssociation(User $user, array $steps, ?\DateTimeImmutable $from, ?\DateTimeImmutable $to, int $filter): int { $qb = $this->buildQueryByUserAssociation($user, $steps, $from, $to, $filter); $qb->select('COUNT(DISTINCT acp.id)'); return $qb->getQuery()->getSingleScalarResult(); } public function buildQueryByUserAssociation(User $user, array $steps, ?\DateTimeImmutable $from, ?\DateTimeImmutable $to, int $filter): QueryBuilder { $qb = $this->accompanyingPeriodRepository->createQueryBuilder('acp'); // Create an andX expression to hold the user association conditions $whereUserAssociation = $qb->expr()->andX(); if (($filter & self::USER_IS_REFERRER) > 0) { $whereUserAssociation->add($qb->expr()->eq('acp.user', ':user')); } if (($filter & self::USER_IS_WORK_REFERRER) > 0) { $whereUserAssociation->add( $qb->expr()->exists( 'SELECT 1 FROM '.AccompanyingPeriod\AccompanyingPeriodWork::class.' subw JOIN subw.referrersHistory subw_ref_history WHERE subw.id = acpw.id AND subw_ref_history.user = :user AND subw_ref_history.endDate IS NULL' ) ); $qb->innerJoin('acp.works', 'acpw'); } if (($filter & self::USER_IS_INTERVENING) > 0) { $expr = 'SELECT 1 FROM '.AccompanyingPeriod\AccompanyingPeriodInfo::class.' info WHERE info.accompanyingPeriod = acp AND info.user = :user'; if (null !== $from) { $expr .= ' AND info.infoDate >= :from'; $qb->setParameter('from', $from); } if (null !== $to) { $expr .= ' AND info.infoDate <= :to'; $qb->setParameter('to', $to); } $whereUserAssociation->add( $qb->expr()->exists($expr) ); } // Apply the compound condition to the query builder $qb->andWhere($whereUserAssociation); // Apply the steps condition $qb->andWhere($qb->expr()->in('acp.step', ':steps')); // Set the remaining parameters $qb->setParameter('user', $user) ->setParameter('steps', $steps); return $qb; } }