/**
* Applies ACL conditions to the search query
*
* @param Query $query
* @param string $permission
*
* @return Query
*/
public function apply(Query $query, $permission = 'VIEW')
{
$querySearchAliases = $this->getSearchAliases($query);
$allowedAliases = [];
$ownerExpressions = [];
$expr = $query->getCriteria()->expr();
if (count($querySearchAliases) !== 0) {
foreach ($querySearchAliases as $entityAlias) {
$className = $this->mappingProvider->getEntityClass($entityAlias);
if ($className) {
$ownerField = sprintf('%s_owner', $entityAlias);
$condition = $this->ownershipDataBuilder->getAclConditionData($className, $permission);
if (count($condition) === 0 || !($condition[0] === null && $condition[3] === null)) {
$allowedAliases[] = $entityAlias;
// in case if we should not limit data for entity
if (count($condition) === 0 || $condition[1] === null) {
$ownerExpressions[] = $expr->gte('integer.' . $ownerField, SearchListener::EMPTY_OWNER_ID);
continue;
}
$owners = !empty($condition[1]) ? $condition[1] : SearchListener::EMPTY_OWNER_ID;
$ownerExpressions[] = !is_array($owners) || count($owners) === 1 ? $expr->eq('integer.' . $ownerField, $owners) : $expr->in('integer.' . $ownerField, $owners);
}
}
}
}
if (count($ownerExpressions) !== 0) {
$query->getCriteria()->andWhere(new CompositeExpression(CompositeExpression::TYPE_OR, $ownerExpressions));
}
$query->from($allowedAliases);
$this->addOrganizationLimits($query, $expr);
return $query;
}
