/** * Modify sql query to limit access by only allowable farms * * @param string $query * @param array $args * @param string $prefix optional Prefix for table farms in sql query * @param string $perm optional * @return array */ public function prepareFarmSqlQuery($query, $args, $prefix = '', $perm = null) { $prefix = $prefix ? "{$prefix}." : ''; if (!$this->isAllowed(Acl::RESOURCE_FARMS, $perm)) { $q = []; if ($this->isAllowed(Acl::RESOURCE_TEAM_FARMS, $perm)) { $t = array_map(function ($t) { return $t['id']; }, $this->user->getTeams()); if (count($t)) { $q[] = "{$prefix}team_id IN(" . join(',', $t) . ")"; } } if ($this->isAllowed(Acl::RESOURCE_OWN_FARMS, $perm)) { $q[] = "{$prefix}created_by_id = ?"; $args[] = $this->user->getId(); } if (count($q)) { $query .= ' AND (' . join(' OR ', $q) . ')'; } else { $query .= ' AND false'; // no permissions } } return [$query, $args]; }