/** * Applies ACL conditions to the search query * * @param Query $query * @param string $permission * * @return Query */ public function apply(Query $query, $permission = 'VIEW') { $querySearchAliases = $this->getSearchAliases($query); $allowedAliases = []; $ownerExpressions = []; $expr = $query->getCriteria()->expr(); if (count($querySearchAliases) !== 0) { foreach ($querySearchAliases as $entityAlias) { $className = $this->mappingProvider->getEntityClass($entityAlias); if ($className) { $ownerField = sprintf('%s_owner', $entityAlias); $condition = $this->ownershipDataBuilder->getAclConditionData($className, $permission); if (count($condition) === 0 || !($condition[0] === null && $condition[3] === null)) { $allowedAliases[] = $entityAlias; // in case if we should not limit data for entity if (count($condition) === 0 || $condition[1] === null) { $ownerExpressions[] = $expr->gte('integer.' . $ownerField, SearchListener::EMPTY_OWNER_ID); continue; } $owners = !empty($condition[1]) ? $condition[1] : SearchListener::EMPTY_OWNER_ID; $ownerExpressions[] = !is_array($owners) || count($owners) === 1 ? $expr->eq('integer.' . $ownerField, $owners) : $expr->in('integer.' . $ownerField, $owners); } } } } if (count($ownerExpressions) !== 0) { $query->getCriteria()->andWhere(new CompositeExpression(CompositeExpression::TYPE_OR, $ownerExpressions)); } $query->from($allowedAliases); $this->addOrganizationLimits($query, $expr); return $query; }