public function load()
{
$this->evalClass($this->classmetadata);
$builder = new ProxyBuilder();
$builder->setNamespace($this->classmetadata->getNamespace());
$builder->setClassName($this->originalClassName);
$builder->setParentClass("\\" . $this->classmetadata->getNamespace() . "\\" . $this->classmetadata->getName());
foreach ($this->classmetadata->getMethods() as $method) {
$builder->addMethod($method);
}
$builder->loadProxy();
}
/**
* Gets the SQL query part to add to a query.
*
* @param ClassMetaData $targetEntity Metadata object for the target entity to be filtered
* @param string $targetTableAlias The target table alias used in the current query
* @return string The constraint SQL if there is available, empty string otherwise
*/
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
$this->initializeDependencies();
/*
* TODO: Instead of checking for class account we could introduce some interface for white listing entities from entity security checks
* Problem with checking the Account is, that this filter calls getRoles() on the security context while accounts are not
* yet fully initialized. By this we get a half built account object that will end up in access denied exception,
* as it has no roles (and other properties) set
*/
if ($this->securityContext->areAuthorizationChecksDisabled() || $targetEntity->getName() === \TYPO3\Flow\Security\Account::class) {
return '';
}
if (!$this->securityContext->isInitialized()) {
if (!$this->securityContext->canBeInitialized()) {
return '';
}
$this->securityContext->initialize();
}
// This is needed to include the current context of roles into query cache identifier
$this->setParameter('__contextHash', $this->securityContext->getContextHash(), 'string');
$sqlConstraints = array();
$grantedConstraints = array();
$deniedConstraints = array();
foreach ($this->securityContext->getRoles() as $role) {
$entityPrivileges = $role->getPrivilegesByType(\TYPO3\Flow\Security\Authorization\Privilege\Entity\EntityPrivilegeInterface::class);
/** @var EntityPrivilegeInterface $privilege */
foreach ($entityPrivileges as $privilege) {
if (!$privilege->matchesEntityType($targetEntity->getName())) {
continue;
}
$sqlConstraint = $privilege->getSqlConstraint($targetEntity, $targetTableAlias);
if ($sqlConstraint === null) {
continue;
}
$sqlConstraints[] = ' NOT (' . $sqlConstraint . ')';
if ($privilege->isGranted()) {
$grantedConstraints[] = ' NOT (' . $sqlConstraint . ')';
} elseif ($privilege->isDenied()) {
$deniedConstraints[] = ' NOT (' . $sqlConstraint . ')';
}
}
}
$grantedConstraints = array_diff($grantedConstraints, $deniedConstraints);
$effectiveConstraints = array_diff($sqlConstraints, $grantedConstraints);
if (count($effectiveConstraints) > 0) {
return ' (' . implode(') AND (', $effectiveConstraints) . ') ';
}
return '';
}
/**
* @param ClassMetadata $metadata
*/
public function addClassMetadata(ClassMetadata $metadata)
{
$this->name = $metadata->getName();
$this->properties = array_merge($this->properties, $metadata->getProperties());
$this->fileResources = array_merge($this->fileResources, $metadata->getFileResources());
if ($metadata->getCreatedAt() < $this->createdAt) {
$this->createdAt = $metadata->getCreatedAt();
}
}
/**
* @param ClassMetaData $targetEntity
* @param string $targetTableAlias
*
* @return string
*/
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
$annotationReader = $this->getListener()->getAnnotationReader();
if (!$annotationReader->isDraft($targetEntity->getName())) {
return "";
}
// Check if the entity implements the DraftInterface interface
if (!$targetEntity->reflClass->implementsInterface('Opifer\\Revisions\\DraftInterface')) {
return "";
}
return "{$targetTableAlias}.created_at IS NOT NULL";
}
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
if (array_key_exists($targetEntity->getName(), $this->disabled)) {
return '';
}
$config = $this->getListener()->getConfiguration($this->getEntityManager(), $targetEntity->name);
if (!isset($config['softDeleteable']) || !$config['softDeleteable']) {
return '';
}
$column = $targetEntity->columnNames[$config['fieldName']];
return $targetTableAlias . '.' . $column . ' IS NULL';
}
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
$mappings = $targetEntity->getAssociationMappings();
if (!array_key_exists('journal', $mappings) || $mappings['journal']['targetEntity'] !== 'Ojs\\JournalBundle\\Entity\\Journal') {
return '';
}
//return if journal filter disabled globally for current entity
if (isset($GLOBALS[$targetEntity->getName() . '#journalFilter']) && $GLOBALS[$targetEntity->getName() . '#journalFilter'] == false) {
return '';
}
try {
$selectedJournal = $this->journalService->getSelectedJournal();
} catch (\Exception $e) {
return '';
}
if (!$selectedJournal) {
return '';
}
$journalJoinColumn = $mappings['journal']['joinColumns'][0]['name'];
$addCondSql = $targetTableAlias . '.' . $journalJoinColumn . ' = ' . $selectedJournal->getId();
return $addCondSql;
}
/**
* Gets the criteria part to add to a query.
*
* @return array The criteria array, if there is available, empty array otherwise
*/
public function addFilterCriteria(ClassMetadata $targetEntity)
{
$class = $targetEntity->getName();
if (array_key_exists($class, $this->disabled) && $this->disabled[$class] === true) {
return array();
} elseif (array_key_exists($targetEntity->rootDocumentName, $this->disabled) && $this->disabled[$targetEntity->rootDocumentName] === true) {
return array();
}
$config = $this->getListener()->getConfiguration($this->getDocumentManager(), $targetEntity->name);
if (!isset($config['softDeleteable']) || !$config['softDeleteable']) {
return array();
}
$column = $targetEntity->fieldMappings[$config['fieldName']];
if (isset($config['timeAware']) && $config['timeAware']) {
return array('$or' => array(array($column['fieldName'] => NULL), array($column['fieldName'] => array('$gt' => new \DateTime('now')))));
}
return array($column['fieldName'] => NULL);
}
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
$class = $targetEntity->getName();
if (array_key_exists($class, $this->disabled) && $this->disabled[$class] === true) {
return '';
} elseif (array_key_exists($targetEntity->rootEntityName, $this->disabled) && $this->disabled[$targetEntity->rootEntityName] === true) {
return '';
}
$config = $this->getListener()->getConfiguration($this->getEntityManager(), $targetEntity->name);
if (!isset($config['clientAware']) || !$config['clientAware']) {
return '';
}
/**
* TODO: This is a hard dependency on client_id and should be done a little cleaner
*/
$this->populateClientId();
$addCondSql = $targetTableAlias . '.client_id = ' . $this->getParameter('client_id');
return $addCondSql;
}
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
if ('Omeka\\Entity\\Resource' !== $targetEntity->getName()) {
return '';
}
$acl = $this->getServiceLocator()->get('Omeka\\Acl');
if ($acl->userIsAllowed('Omeka\\Entity\\Resource', 'view-all')) {
return '';
}
// Users can view public resources they do not own.
$constraints = ["{$targetTableAlias}.is_public = 1"];
$identity = $this->getServiceLocator()->get('Omeka\\AuthenticationService')->getIdentity();
if ($identity) {
// Users can view all resources they own.
$connection = $this->getServiceLocator()->get('Omeka\\Connection');
$constraints[] = 'OR';
$constraints[] = sprintf("{$targetTableAlias}.owner_id = %s", $connection->quote($identity->getId(), Type::INTEGER));
}
return implode(' ', $constraints);
}
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
$class = $targetEntity->getName();
if (array_key_exists($class, $this->disabled) && $this->disabled[$class] === true) {
return '';
} elseif (array_key_exists($targetEntity->rootEntityName, $this->disabled) && $this->disabled[$targetEntity->rootEntityName] === true) {
return '';
}
$config = $this->getListener()->getConfiguration($this->getEntityManager(), $targetEntity->name);
if (!isset($config['softDeleteable']) || !$config['softDeleteable']) {
return '';
}
$conn = $this->getEntityManager()->getConnection();
$platform = $conn->getDatabasePlatform();
$column = $targetEntity->getQuotedColumnName($config['fieldName'], $platform);
$addCondSql = $platform->getIsNullExpression($targetTableAlias . '.' . $column);
if (isset($config['timeAware']) && $config['timeAware']) {
$now = $conn->quote(date($platform->getDateTimeFormatString()));
// should use UTC in database and PHP
$addCondSql = "({$addCondSql} OR {$targetTableAlias}.{$column} > {$now})";
}
return $addCondSql;
}
/**
* Validates the identifier mapping.
*
* @param ClassMetadata $class
*
* @throws MappingException When mapping does not have identifier
*/
protected function validateIdentifier(ClassMetadata $class)
{
if (!$class->hasIdentifier()) {
throw MappingException::identifierRequired($class->getName());
}
}
/**
* @param ClassMetadata $class
* @return string
*/
private function getFullQualifiedClassName(ClassMetadata $class)
{
return '\\' . $class->getNamespace() . '\\' . $class->getName();
}
