/** * Apply custom ACL checks * * @param QueryBuilder $qb */ public function applyAcl(QueryBuilder $qb) { $user = $this->securityFacade->getLoggedUser(); $organization = $this->getOrganization(); $mailboxIds = $this->mailboxManager->findAvailableMailboxIds($user, $organization); $exprs = [$qb->expr()->eq('eu.owner', ':owner')]; if ($organization) { $exprs[] = $qb->expr()->eq('eu.organization ', ':organization'); $qb->setParameter('organization', $organization->getId()); } $uoCheck = call_user_func_array([$qb->expr(), 'andX'], $exprs); if (!empty($mailboxIds)) { $qb->andWhere($qb->expr()->orX($uoCheck, $qb->expr()->in('eu.mailboxOwner', ':mailboxIds'))); $qb->setParameter('mailboxIds', $mailboxIds); } else { $qb->andWhere($uoCheck); } $qb->setParameter('owner', $user->getId()); }