From fbc8340f4a10dae714e62f9562a735a0ea352586 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Burnichon?= <bburnichon@alchemy.fr>
Date: Fri, 6 Nov 2015 18:24:46 +0100
Subject: [PATCH 1/2] Add FeedRepository method to filter Feeds by ACL

---
 lib/Alchemy/Phrasea/Feed/Aggregate.php        |  5 ++-
 .../Model/Repositories/FeedRepository.php     | 40 ++++++++++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/lib/Alchemy/Phrasea/Feed/Aggregate.php b/lib/Alchemy/Phrasea/Feed/Aggregate.php
index 65d8dce21e..cbf5a2abc5 100644
--- a/lib/Alchemy/Phrasea/Feed/Aggregate.php
+++ b/lib/Alchemy/Phrasea/Feed/Aggregate.php
@@ -17,6 +17,7 @@ use Alchemy\Phrasea\Model\Entities\AggregateToken;
 use Alchemy\Phrasea\Model\Entities\Feed;
 use Alchemy\Phrasea\Model\Entities\User;
 use Alchemy\Phrasea\Model\Repositories\FeedEntryRepository;
+use Alchemy\Phrasea\Model\Repositories\FeedRepository;
 use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\EntityManagerInterface;
@@ -78,7 +79,9 @@ class Aggregate implements FeedInterface
      */
     public static function createFromUser(Application $app, User $user, array $restrictions = [])
     {
-        $feeds = $app['repo.feeds']->getAllForUser($app->getAclForUser($user), $restrictions);
+        /** @var FeedRepository $feedRepository */
+        $feedRepository = $app['repo.feeds'];
+        $feeds = $feedRepository->filterUserAccessibleByIds($app->getAclForUser($user), $restrictions);
         $token = $app['repo.aggregate-tokens']->findOneBy(['user' => $user]);
 
         return new static($app['orm.em'], $feeds, $token);
diff --git a/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php b/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
index 2a7ad81cf2..3d39f848ba 100644
--- a/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
+++ b/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
@@ -25,6 +25,9 @@ class FeedRepository extends EntityRepository
     /**
      * Returns all the feeds a user can access.
      *
+     * @param \ACL  $userACL
+     * @param array $restrictions
+     *
      * @return Feed[]
      */
     public function getAllForUser(\ACL $userACL, array $restrictions = [])
@@ -58,7 +61,7 @@ class FeedRepository extends EntityRepository
      * Returns all the feeds from a given array containing their id.
      *
      * @param  array      $feedIds
-     * @return Collection
+     * @return Feed[]
      */
     public function findByIds(array $feedIds)
     {
@@ -72,4 +75,39 @@ class FeedRepository extends EntityRepository
 
         return $qb->getQuery()->getResult();
     }
+
+    /**
+     * Returns all the feeds from a given array containing their id.
+     *
+     * @param \ACL   $userACL
+     * @param  array $feedIds
+     *
+     * @return Feed[]
+     */
+    public function filterUserAccessibleByIds(\ACL $userACL, array $feedIds)
+    {
+        $qb = $this->createQueryBuilder('f');
+
+        // is public feed?
+        $orx = $qb->expr()->orX(
+            $qb->expr()->isNull('f.baseId'),
+            $qb->expr()->eq('f.public', $qb->expr()->literal(true))
+        );
+
+        // is granted base?
+        $grantedBases = array_keys($userACL->get_granted_base());
+        if ($grantedBases) {
+            $orx->add($qb->expr()->in('f.baseId', $grantedBases));
+        }
+
+        if (empty($feedIds)) {
+            throw new \LogicException('At least one feed id should be provided');
+        }
+
+        $qb->where($qb->expr()->in('f.id', $feedIds), $orx);
+
+        $qb->orderBy('f.updatedOn', 'DESC');
+
+        return $qb->getQuery()->getResult();
+    }
 }

From 990513897985e83d85fb21ffd2096019be5a248f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Burnichon?= <bburnichon@alchemy.fr>
Date: Fri, 6 Nov 2015 18:57:51 +0100
Subject: [PATCH 2/2] Add a way to retrieve non id filtered.

---
 .../Phrasea/Model/Repositories/FeedRepository.php      | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php b/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
index 3d39f848ba..87ebb1e104 100644
--- a/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
+++ b/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
@@ -80,11 +80,11 @@ class FeedRepository extends EntityRepository
      * Returns all the feeds from a given array containing their id.
      *
      * @param \ACL   $userACL
-     * @param  array $feedIds
+     * @param  array $feedIds Ids to restrict feeds, all accessible otherwise
      *
      * @return Feed[]
      */
-    public function filterUserAccessibleByIds(\ACL $userACL, array $feedIds)
+    public function filterUserAccessibleByIds(\ACL $userACL, array $feedIds = [])
     {
         $qb = $this->createQueryBuilder('f');
 
@@ -100,12 +100,10 @@ class FeedRepository extends EntityRepository
             $orx->add($qb->expr()->in('f.baseId', $grantedBases));
         }
 
-        if (empty($feedIds)) {
-            throw new \LogicException('At least one feed id should be provided');
+        if ($feedIds) {
+            $qb->where($qb->expr()->in('f.id', $feedIds), $orx);
         }
 
-        $qb->where($qb->expr()->in('f.id', $feedIds), $orx);
-
         $qb->orderBy('f.updatedOn', 'DESC');
 
         return $qb->getQuery()->getResult();