src/CoreBundle/DataProvider/Extension/TrackEExerciseExtension.php
<?php
/* For licensing terms, see /license.txt */
declare(strict_types=1);
namespace Chamilo\CoreBundle\DataProvider\Extension;
use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;
use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;
use ApiPlatform\Metadata\Operation;
use Chamilo\CoreBundle\Entity\TrackEExercise;
use Chamilo\CoreBundle\Entity\User;
use Doctrine\ORM\QueryBuilder;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
final class TrackEExerciseExtension implements QueryCollectionExtensionInterface
{
public function __construct(
private readonly Security $security
) {}
public function applyToCollection(
QueryBuilder $queryBuilder,
QueryNameGeneratorInterface $queryNameGenerator,
string $resourceClass,
?Operation $operation = null,
array $context = []
): void {
if (TrackEExercise::class !== $resourceClass) {
return;
}
if ('get' !== $operation->getName()) {
return;
}
if ($this->security->isGranted('ROLE_ADMIN')) {
return;
}
$alias = $queryBuilder->getRootAliases()[0];
/** @var User|null $user */
$user = $this->security->getUser();
if (!$user) {
throw new AccessDeniedException();
}
if ($user->hasRole('ROLE_STUDENT')) {
$queryBuilder->andWhere(
$queryBuilder->expr()->eq("$alias.user", ':user')
);
$queryBuilder->setParameter('user', $user->getId());
}
}
}