/**
* Apply ACL filter
*
* @param QueryBuilder | Query $query
* @param array $permissions
* @param string | UserInterface $identity
* @param string $alias
* @param array|Query|QueryBuilder $extraCriteria
*
* @return Query
*/
public function apply($query, array $permissions = array('VIEW'), $identity = null, $alias = null, $extraCriteria = false)
{
if (null === $identity) {
$token = $this->securityContext->getToken();
$identity = $token->getUser();
}
$query->setHint(static::HINT_ACL_EXTRA_CRITERIA, $this->getExtraCriteria($extraCriteria));
if ($query instanceof QueryBuilder) {
$query = $this->cloneQuery($query->getQuery());
} elseif ($query instanceof Query) {
$query = $this->cloneQuery($query);
} else {
throw new \Exception();
}
$maskBuilder = new MaskBuilder();
foreach ($permissions as $permission) {
$mask = constant(get_class($maskBuilder) . '::MASK_' . strtoupper($permission));
$maskBuilder->add($mask);
}
$entity = $this->getEntityFromAlias($query, $alias);
$metadata = $entity['metadata'];
$alias = $entity['alias'];
$table = $metadata->getQuotedTableName($this->em->getConnection()->getDatabasePlatform());
$aclQuery = $this->getExtraQuery($this->getClasses($metadata), $this->getIdentifiers($identity), $maskBuilder->get());
$hintAclMetadata = false !== $query->getHint('acl.metadata') ? $query->getHint('acl.metadata') : array();
$hintAclMetadata[] = array('query' => $aclQuery, 'table' => $table, 'alias' => $alias);
$query->setHint('acl.metadata', $hintAclMetadata);
$query->setHint(Query::HINT_CUSTOM_OUTPUT_WALKER, $this->aclWalker);
return $query;
}