/** * Apply ACL filter * * @param QueryBuilder | Query $query * @param array $permissions * @param string | UserInterface $identity * @param string $alias * @param array|Query|QueryBuilder $extraCriteria * * @return Query */ public function apply($query, array $permissions = array('VIEW'), $identity = null, $alias = null, $extraCriteria = false) { if (null === $identity) { $token = $this->securityContext->getToken(); $identity = $token->getUser(); } $query->setHint(static::HINT_ACL_EXTRA_CRITERIA, $this->getExtraCriteria($extraCriteria)); if ($query instanceof QueryBuilder) { $query = $this->cloneQuery($query->getQuery()); } elseif ($query instanceof Query) { $query = $this->cloneQuery($query); } else { throw new \Exception(); } $maskBuilder = new MaskBuilder(); foreach ($permissions as $permission) { $mask = constant(get_class($maskBuilder) . '::MASK_' . strtoupper($permission)); $maskBuilder->add($mask); } $entity = $this->getEntityFromAlias($query, $alias); $metadata = $entity['metadata']; $alias = $entity['alias']; $table = $metadata->getQuotedTableName($this->em->getConnection()->getDatabasePlatform()); $aclQuery = $this->getExtraQuery($this->getClasses($metadata), $this->getIdentifiers($identity), $maskBuilder->get()); $hintAclMetadata = false !== $query->getHint('acl.metadata') ? $query->getHint('acl.metadata') : array(); $hintAclMetadata[] = array('query' => $aclQuery, 'table' => $table, 'alias' => $alias); $query->setHint('acl.metadata', $hintAclMetadata); $query->setHint(Query::HINT_CUSTOM_OUTPUT_WALKER, $this->aclWalker); return $query; }