mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-06-07 18:44:08 +00:00
442 lines
16 KiB
PHP
442 lines
16 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/*
|
|
* Chill is a software for social workers
|
|
*
|
|
* For the full copyright and license information, please view
|
|
* the LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Chill\PersonBundle\Repository;
|
|
|
|
use Chill\MainBundle\Entity\Address;
|
|
use Chill\MainBundle\Entity\Center;
|
|
use Chill\MainBundle\Entity\Location;
|
|
use Chill\MainBundle\Entity\Scope;
|
|
use Chill\MainBundle\Entity\User;
|
|
use Chill\MainBundle\Entity\UserJob;
|
|
use Chill\MainBundle\Security\Authorization\AuthorizationHelperForCurrentUserInterface;
|
|
use Chill\MainBundle\Security\Resolver\CenterResolverManagerInterface;
|
|
use Chill\PersonBundle\Entity\AccompanyingPeriod;
|
|
use Chill\PersonBundle\Entity\AccompanyingPeriodParticipation;
|
|
use Chill\PersonBundle\Entity\Household\PersonHouseholdAddress;
|
|
use Chill\PersonBundle\Entity\Person;
|
|
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
|
|
use DateTime;
|
|
use DateTimeImmutable;
|
|
use Doctrine\DBAL\Types\Types;
|
|
use Doctrine\ORM\NonUniqueResultException;
|
|
use Doctrine\ORM\NoResultException;
|
|
use Doctrine\ORM\Query\Expr\Join;
|
|
use Doctrine\ORM\QueryBuilder;
|
|
use Repository\AccompanyingPeriodACLAwareRepositoryTest;
|
|
use Symfony\Component\Security\Core\Security;
|
|
use function count;
|
|
|
|
/**
|
|
* @see AccompanyingPeriodACLAwareRepositoryTest
|
|
*/
|
|
final readonly class AccompanyingPeriodACLAwareRepository implements AccompanyingPeriodACLAwareRepositoryInterface
|
|
{
|
|
private AccompanyingPeriodRepository $accompanyingPeriodRepository;
|
|
|
|
private AuthorizationHelperForCurrentUserInterface $authorizationHelper;
|
|
|
|
private CenterResolverManagerInterface $centerResolver;
|
|
|
|
private Security $security;
|
|
|
|
public function __construct(
|
|
AccompanyingPeriodRepository $accompanyingPeriodRepository,
|
|
Security $security,
|
|
AuthorizationHelperForCurrentUserInterface $authorizationHelper,
|
|
CenterResolverManagerInterface $centerResolverDispatcher
|
|
) {
|
|
$this->accompanyingPeriodRepository = $accompanyingPeriodRepository;
|
|
$this->security = $security;
|
|
$this->authorizationHelper = $authorizationHelper;
|
|
$this->centerResolver = $centerResolverDispatcher;
|
|
}
|
|
|
|
public function buildQueryOpenedAccompanyingCourseByUser(?User $user, array $postalCodes = []): QueryBuilder
|
|
{
|
|
$qb = $this->accompanyingPeriodRepository->createQueryBuilder('ap');
|
|
|
|
$qb->where($qb->expr()->eq('ap.user', ':user'))
|
|
->andWhere(
|
|
$qb->expr()->neq('ap.step', ':draft'),
|
|
$qb->expr()->orX(
|
|
$qb->expr()->isNull('ap.closingDate'),
|
|
$qb->expr()->gt('ap.closingDate', ':now')
|
|
)
|
|
)
|
|
->setParameter('user', $user)
|
|
->setParameter('now', new DateTime('now'))
|
|
->setParameter('draft', AccompanyingPeriod::STEP_DRAFT);
|
|
|
|
if ([] !== $postalCodes) {
|
|
$qb->join('ap.locationHistories', 'location_history')
|
|
->leftJoin(PersonHouseholdAddress::class, 'person_address', Join::WITH, 'IDENTITY(location_history.personLocation) = IDENTITY(person_address.person)')
|
|
->join(
|
|
Address::class,
|
|
'address',
|
|
Join::WITH,
|
|
'COALESCE(IDENTITY(location_history.addressLocation), IDENTITY(person_address.address)) = address.id'
|
|
)
|
|
->andWhere(
|
|
$qb->expr()->orX(
|
|
$qb->expr()->isNull('person_address'),
|
|
$qb->expr()->andX(
|
|
$qb->expr()->lte('person_address.validFrom', ':now'),
|
|
$qb->expr()->orX(
|
|
$qb->expr()->isNull('person_address.validTo'),
|
|
$qb->expr()->lt('person_address.validTo', ':now')
|
|
)
|
|
)
|
|
)
|
|
)
|
|
->andWhere(
|
|
$qb->expr()->isNull('location_history.endDate')
|
|
)
|
|
->andWhere(
|
|
$qb->expr()->in('address.postcode', ':postal_codes')
|
|
)
|
|
->setParameter('now', new DateTimeImmutable('now'), Types::DATE_IMMUTABLE)
|
|
->setParameter('postal_codes', $postalCodes);
|
|
}
|
|
|
|
return $qb;
|
|
}
|
|
|
|
/**
|
|
* @throws NonUniqueResultException
|
|
* @throws NoResultException
|
|
*/
|
|
public function countByUnDispatched(array $jobs, array $services, array $administrativeLocations): int
|
|
{
|
|
$qb = $this->addACLByUnDispatched(
|
|
$this->buildQueryUnDispatched($jobs, $services, $administrativeLocations),
|
|
$this->buildCenterOnScope()
|
|
);
|
|
|
|
$qb->select('COUNT(ap)');
|
|
|
|
return $qb->getQuery()->getSingleScalarResult();
|
|
}
|
|
|
|
public function countByUserAndPostalCodesOpenedAccompanyingPeriod(?User $user, array $postalCodes): int
|
|
{
|
|
if (null === $user) {
|
|
return 0;
|
|
}
|
|
|
|
return $this->buildQueryOpenedAccompanyingCourseByUser($user, $postalCodes)
|
|
->select('COUNT(ap)')
|
|
->getQuery()
|
|
->getSingleScalarResult();
|
|
}
|
|
|
|
public function countByUserOpenedAccompanyingPeriod(?User $user): int
|
|
{
|
|
if (null === $user) {
|
|
return 0;
|
|
}
|
|
|
|
return $this->buildQueryOpenedAccompanyingCourseByUser($user)
|
|
->select('COUNT(ap)')
|
|
->getQuery()
|
|
->getSingleScalarResult();
|
|
}
|
|
|
|
public function findByPerson(
|
|
Person $person,
|
|
string $role,
|
|
?array $orderBy = [],
|
|
?int $limit = null,
|
|
?int $offset = null
|
|
): array {
|
|
$qb = $this->accompanyingPeriodRepository->createQueryBuilder('ap');
|
|
$scopes = $this->authorizationHelper
|
|
->getReachableScopes(
|
|
$role,
|
|
$this->centerResolver->resolveCenters($person)
|
|
);
|
|
$scopesCanSeeConfidential = $this->authorizationHelper
|
|
->getReachableScopes(
|
|
AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL,
|
|
$this->centerResolver->resolveCenters($person)
|
|
);
|
|
|
|
if (0 === count($scopes)) {
|
|
return [];
|
|
}
|
|
|
|
$qb
|
|
->join('ap.participations', 'participation')
|
|
->where($qb->expr()->eq('participation.person', ':person'))
|
|
->setParameter('person', $person);
|
|
|
|
$qb = $this->addACLClauses($qb, $scopes, $scopesCanSeeConfidential);
|
|
$qb = $this->addOrderLimitClauses($qb, $orderBy, $limit, $offset);
|
|
|
|
return $qb->getQuery()->getResult();
|
|
}
|
|
|
|
public function addOrderLimitClauses(QueryBuilder $qb, ?array $orderBy = null, ?int $limit = null, ?int $offset = null): QueryBuilder
|
|
{
|
|
if (null !== $orderBy) {
|
|
foreach ($orderBy as $field => $order) {
|
|
$qb->addOrderBy('ap.' . $field, $order);
|
|
}
|
|
}
|
|
|
|
if (null !== $limit) {
|
|
$qb->setMaxResults($limit);
|
|
}
|
|
|
|
if (null !== $offset) {
|
|
$qb->setFirstResult($offset);
|
|
}
|
|
|
|
return $qb;
|
|
}
|
|
|
|
/**
|
|
* Add clause for scope on a query, based on no
|
|
*
|
|
* @param QueryBuilder $qb where the accompanying period have the `ap` alias
|
|
* @param array<Scope> $scopesCanSee
|
|
* @param array<Scope> $scopesCanSeeConfidential
|
|
* @return QueryBuilder
|
|
*/
|
|
public function addACLClauses(QueryBuilder $qb, array $scopesCanSee, array $scopesCanSeeConfidential): QueryBuilder
|
|
{
|
|
$qb
|
|
->andWhere(
|
|
$qb->expr()->orX(
|
|
$qb->expr()->neq('ap.step', ':draft'),
|
|
$qb->expr()->orX(
|
|
$qb->expr()->eq('ap.createdBy', ':creator'),
|
|
$qb->expr()->isNull('ap.createdBy')
|
|
)
|
|
)
|
|
)
|
|
->setParameter('draft', AccompanyingPeriod::STEP_DRAFT)
|
|
->setParameter('user', $this->security->getUser())
|
|
->setParameter('creator', $this->security->getUser());
|
|
|
|
// add join condition for scopes
|
|
$orx = $qb->expr()->orX(
|
|
// even if the scope is not in one authorized, the user can see the course if it is in DRAFT state
|
|
$qb->expr()->eq('ap.step', ':draft')
|
|
);
|
|
|
|
foreach ($scopesCanSee as $key => $scope) {
|
|
// for each scope:
|
|
// - either the user is the referrer of the course
|
|
// - or the accompanying course is one of the reachable scopes
|
|
// - and the parcours is not confidential OR the user is the referrer OR the user can see the confidential course
|
|
|
|
$orOnScope = $qb->expr()->orX(
|
|
$qb->expr()->isMemberOf(':scope_' . $key, 'ap.scopes'),
|
|
$qb->expr()->eq('ap.user', ':user')
|
|
);
|
|
|
|
if (in_array($scope, $scopesCanSeeConfidential, true)) {
|
|
$orx->add($orOnScope);
|
|
} else {
|
|
// we must add a condition: the course is not confidential or the user is the referrer
|
|
$andXOnScope = $qb->expr()->andX(
|
|
$orOnScope,
|
|
$qb->expr()->orX(
|
|
'ap.confidential = FALSE',
|
|
$qb->expr()->eq('ap.user', ':user')
|
|
)
|
|
);
|
|
$orx->add($andXOnScope);
|
|
}
|
|
$qb->setParameter('scope_' . $key, $scope);
|
|
}
|
|
$qb->andWhere($orx);
|
|
|
|
return $qb;
|
|
}
|
|
|
|
public function buildCenterOnScope(): array
|
|
{
|
|
$centerOnScopes = [];
|
|
foreach ($this->authorizationHelper->getReachableCenters(AccompanyingPeriodVoter::SEE) as $center) {
|
|
$centerOnScopes[] = [
|
|
'center' => $center,
|
|
'scopeOnRole' => $this->authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE, $center),
|
|
'scopeCanSeeConfidential' => $this->authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL, $center),
|
|
];
|
|
}
|
|
|
|
return $centerOnScopes;
|
|
}
|
|
|
|
public function findByUnDispatched(array $jobs, array $services, array $administrativeAdministrativeLocations, ?array $orderBy = null, ?int $limit = null, ?int $offset = null): array
|
|
{
|
|
$qb = $this->buildQueryUnDispatched($jobs, $services, $administrativeAdministrativeLocations);
|
|
$qb->select('ap');
|
|
|
|
$qb = $this->addACLByUnDispatched($qb, $this->buildCenterOnScope(), false);
|
|
$qb = $this->addOrderLimitClauses($qb, $orderBy, $limit, $offset);
|
|
|
|
return $qb->getQuery()->getResult();
|
|
}
|
|
|
|
public function findByUserAndPostalCodesOpenedAccompanyingPeriod(?User $user, array $postalCodes, array $orderBy = [], int $limit = 0, int $offset = 50): array
|
|
{
|
|
if (null === $user) {
|
|
return [];
|
|
}
|
|
|
|
$qb = $this->buildQueryOpenedAccompanyingCourseByUser($user);
|
|
|
|
$qb->setFirstResult($offset)
|
|
->setMaxResults($limit);
|
|
|
|
foreach ($orderBy as $field => $direction) {
|
|
$qb->addOrderBy('ap.' . $field, $direction);
|
|
}
|
|
|
|
return $qb->getQuery()->getResult();
|
|
}
|
|
|
|
public function findByUserOpenedAccompanyingPeriod(?User $user, array $orderBy = [], int $limit = 0, int $offset = 50): array
|
|
{
|
|
if (null === $user) {
|
|
return [];
|
|
}
|
|
|
|
$qb = $this->buildQueryOpenedAccompanyingCourseByUser($user);
|
|
|
|
$qb->setFirstResult($offset)
|
|
->setMaxResults($limit);
|
|
|
|
foreach ($orderBy as $field => $direction) {
|
|
$qb->addOrderBy('ap.' . $field, $direction);
|
|
}
|
|
|
|
return $qb->getQuery()->getResult();
|
|
}
|
|
|
|
/**
|
|
* @param QueryBuilder $qb
|
|
* @param list<array{center: Center, scopeOnRole: list<Scope>, scopeCanSeeConfidential: list<Scope>}> $centerScopes
|
|
* @param bool $allowNoCenter if true, will allow to see the periods linked to person which does not have any center. Very few edge case when some Person are not associated to a center.
|
|
* @return QueryBuilder
|
|
*/
|
|
public function addACLByUnDispatched(QueryBuilder $qb, array $centerScopes, bool $allowNoCenter = false): QueryBuilder
|
|
{
|
|
$user = $this->security->getUser();
|
|
|
|
if (0 === count($centerScopes) || !$user instanceof User) {
|
|
return $qb->andWhere("'FALSE' = 'TRUE'");
|
|
}
|
|
|
|
$orX = $qb->expr()->orX();
|
|
|
|
$idx = 0;
|
|
foreach ($centerScopes as ['center' => $center, 'scopeOnRole' => $scopes, 'scopeCanSeeConfidential' => $scopesCanSeeConfidential]) {
|
|
$and = $qb->expr()->andX(
|
|
$qb->expr()->exists(
|
|
'SELECT 1 FROM ' . AccompanyingPeriodParticipation::class . " part_{$idx} " .
|
|
"JOIN part_{$idx}.person p{$idx} LEFT JOIN p{$idx}.centerCurrent centerCurrent_{$idx} " .
|
|
"WHERE part_{$idx}.accompanyingPeriod = ap.id AND (centerCurrent_{$idx}.center = :center_{$idx}"
|
|
. ($allowNoCenter ? " OR centerCurrent_{$idx}.id IS NULL)" : ")")
|
|
)
|
|
);
|
|
$qb->setParameter('center_' . $idx, $center);
|
|
|
|
$orScopeInsideCenter = $qb->expr()->orX(
|
|
// even if the scope is not in one authorized, the user can see the course if it is in DRAFT state
|
|
$qb->expr()->eq('ap.step', ':draft')
|
|
);
|
|
|
|
$idx++;
|
|
foreach ($scopes as $scope) {
|
|
// for each scope:
|
|
// - either the user is the referrer of the course
|
|
// - or the accompanying course is one of the reachable scopes
|
|
// - and the parcours is not confidential OR the user is the referrer OR the user can see the confidential course
|
|
$orOnScope = $qb->expr()->orX(
|
|
$qb->expr()->isMemberOf(':scope_' . $idx, 'ap.scopes'),
|
|
$qb->expr()->eq('ap.user', ':user')
|
|
);
|
|
$qb->setParameter('user', $user);
|
|
|
|
if (in_array($scope, $scopesCanSeeConfidential, true)) {
|
|
$orScopeInsideCenter->add($orOnScope);
|
|
} else {
|
|
// we must add a condition: the course is not confidential or the user is the referrer
|
|
$andXOnScope = $qb->expr()->andX(
|
|
$orOnScope,
|
|
$qb->expr()->orX(
|
|
'ap.confidential = FALSE',
|
|
$qb->expr()->eq('ap.user', ':user')
|
|
)
|
|
);
|
|
$orScopeInsideCenter->add($andXOnScope);
|
|
}
|
|
$qb->setParameter('scope_' . $idx, $scope);
|
|
|
|
$idx++;
|
|
}
|
|
|
|
$and->add($orScopeInsideCenter);
|
|
$orX->add($and);
|
|
|
|
$idx++;
|
|
}
|
|
|
|
return $qb->andWhere($orX);
|
|
}
|
|
|
|
/**
|
|
* @param array|UserJob[] $jobs
|
|
* @param array|Scope[] $services
|
|
* @param array|Location[] $locations
|
|
*/
|
|
public function buildQueryUnDispatched(array $jobs, array $services, array $locations): QueryBuilder
|
|
{
|
|
$qb = $this->accompanyingPeriodRepository->createQueryBuilder('ap');
|
|
|
|
$qb->where(
|
|
$qb->expr()->andX(
|
|
$qb->expr()->isNull('ap.user'),
|
|
$qb->expr()->neq('ap.step', ':draft'),
|
|
$qb->expr()->neq('ap.step', ':closed')
|
|
)
|
|
)
|
|
->setParameter('draft', AccompanyingPeriod::STEP_DRAFT)
|
|
->setParameter('closed', AccompanyingPeriod::STEP_CLOSED);
|
|
|
|
if (0 < count($jobs)) {
|
|
$qb->andWhere($qb->expr()->in('ap.job', ':jobs'))
|
|
->setParameter('jobs', $jobs);
|
|
}
|
|
|
|
if (0 < count($locations)) {
|
|
$qb->andWhere($qb->expr()->in('ap.administrativeLocation', ':locations'))
|
|
->setParameter('locations', $locations);
|
|
}
|
|
|
|
if (0 < count($services)) {
|
|
$or = $qb->expr()->orX();
|
|
|
|
foreach ($services as $key => $service) {
|
|
$or->add($qb->expr()->isMemberOf(':scopef_' . $key, 'ap.scopes'));
|
|
$qb->setParameter('scopef_' . $key, $service);
|
|
}
|
|
$qb->andWhere($or);
|
|
}
|
|
|
|
return $qb;
|
|
}
|
|
}
|