Merge pull request #1563 from bburnichon/PHRAS-800

Filter feeds by id and user ACLs
2025-10-16 14:33:14 +00:00 · 2015-11-06 19:11:04 +01:00
parent 350eb7af53 9905138979
commit cb0a805cb8
2 changed files with 41 additions and 2 deletions
--- a/lib/Alchemy/Phrasea/Feed/Aggregate.php
+++ b/lib/Alchemy/Phrasea/Feed/Aggregate.php
@@ -17,6 +17,7 @@ use Alchemy\Phrasea\Model\Entities\AggregateToken;
 use Alchemy\Phrasea\Model\Entities\Feed;
 use Alchemy\Phrasea\Model\Entities\User;
 use Alchemy\Phrasea\Model\Repositories\FeedEntryRepository;
+use Alchemy\Phrasea\Model\Repositories\FeedRepository;
 use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\EntityManagerInterface;
@@ -78,7 +79,9 @@ class Aggregate implements FeedInterface
     */
    public static function createFromUser(Application $app, User $user, array $restrictions = [])
    {
-        $feeds = $app['repo.feeds']->getAllForUser($app->getAclForUser($user), $restrictions);
+        /** @var FeedRepository $feedRepository */
+        $feedRepository = $app['repo.feeds'];
+        $feeds = $feedRepository->filterUserAccessibleByIds($app->getAclForUser($user), $restrictions);
        $token = $app['repo.aggregate-tokens']->findOneBy(['user' => $user]);

        return new static($app['orm.em'], $feeds, $token);
--- a/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
+++ b/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
@@ -25,6 +25,9 @@ class FeedRepository extends EntityRepository
    /**
     * Returns all the feeds a user can access.
     *
+     * @param \ACL  $userACL
+     * @param array $restrictions
+     *
     * @return Feed[]
     */
    public function getAllForUser(\ACL $userACL, array $restrictions = [])
@@ -58,7 +61,7 @@ class FeedRepository extends EntityRepository
     * Returns all the feeds from a given array containing their id.
     *
     * @param  array      $feedIds
-     * @return Collection
+     * @return Feed[]
     */
    public function findByIds(array $feedIds)
    {
@@ -72,4 +75,37 @@ class FeedRepository extends EntityRepository

        return $qb->getQuery()->getResult();
    }
+
+    /**
+     * Returns all the feeds from a given array containing their id.
+     *
+     * @param \ACL   $userACL
+     * @param  array $feedIds Ids to restrict feeds, all accessible otherwise
+     *
+     * @return Feed[]
+     */
+    public function filterUserAccessibleByIds(\ACL $userACL, array $feedIds = [])
+    {
+        $qb = $this->createQueryBuilder('f');
+
+        // is public feed?
+        $orx = $qb->expr()->orX(
+            $qb->expr()->isNull('f.baseId'),
+            $qb->expr()->eq('f.public', $qb->expr()->literal(true))
+        );
+
+        // is granted base?
+        $grantedBases = array_keys($userACL->get_granted_base());
+        if ($grantedBases) {
+            $orx->add($qb->expr()->in('f.baseId', $grantedBases));
+        }
+
+        if ($feedIds) {
+            $qb->where($qb->expr()->in('f.id', $feedIds), $orx);
+        }
+
+        $qb->orderBy('f.updatedOn', 'DESC');
+
+        return $qb->getQuery()->getResult();
+    }
 }