Merge pull request #5694 from christianbeeznest/courses-access-url

Course: Filter courses by access URL if multiple URLs enabled

Author: christianbeeznest

public/main/admin/course_edit.php

@@ -310,7 +310,7 @@
     $visibility = $course['visibility'];
 
     if (isset($course['duration'])) {
-        $course['duration'] = $course['duration'] * 60;
+        $course['duration'] = (int) $course['duration'] * 60;
     }
 
     // @todo should be check in the CidReqListener

src/CoreBundle/DataProvider/Extension/CourseRelUserExtension.php

@@ -9,18 +9,19 @@
 use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;
 use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;
 use ApiPlatform\Metadata\Operation;
+use Chamilo\CoreBundle\Entity\AccessUrlRelCourse;
 use Chamilo\CoreBundle\Entity\CourseRelUser;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
 use Doctrine\ORM\QueryBuilder;
 use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
-// use ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\QueryItemExtensionInterface;
-
-final class CourseRelUserExtension implements QueryCollectionExtensionInterface // , QueryItemExtensionInterface
+final class CourseRelUserExtension implements QueryCollectionExtensionInterface
 {
     public function __construct(
-        private readonly Security $security
+        private readonly Security $security,
+        private readonly AccessUrlHelper $accessUrlHelper
     ) {}
 
     public function applyToCollection(
@@ -30,13 +31,34 @@ public function applyToCollection(
         ?Operation $operation = null,
         array $context = []
     ): void {
+        if ($this->accessUrlHelper->isMultiple()) {
+            $accessUrl = $this->accessUrlHelper->getCurrent();
+            $rootAlias = $queryBuilder->getRootAliases()[0];
+            if (isset($context['filters']['sticky']) && $context['filters']['sticky']) {
+                $queryBuilder
+                    ->innerJoin(
+                        AccessUrlRelCourse::class,
+                        'url_rel',
+                        'WITH',
+                        'url_rel.course = ' . $rootAlias
+                    )
+                    ->andWhere('url_rel.url = :access_url_id')
+                    ->setParameter('access_url_id', $accessUrl->getId());
+            } else {
+                $queryBuilder
+                    ->innerJoin("$rootAlias.course", 'c')
+                    ->innerJoin('c.urls', 'url_rel')
+                    ->andWhere('url_rel.url = :access_url_id')
+                    ->setParameter('access_url_id', $accessUrl->getId());
+            }
+        }
+
         if ($this->security->isGranted('ROLE_ADMIN')) {
             return;
         }
 
         if (CourseRelUser::class === $resourceClass) {
-            // Blocks a ROLE_USER to access CourseRelUsers from another User.
-            if ('collection_query' === $operation->getName()) {
+            if ('collection_query' === $operation?->getName()) {
                 /** @var User|null $user */
                 if (null === $user = $this->security->getUser()) {
                     throw new AccessDeniedException('Access Denied.');
@@ -51,12 +73,6 @@ public function applyToCollection(
         $this->addWhere($queryBuilder, $resourceClass);
     }
 
-    /*public function applyToItem(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, array $identifiers, string $operationName = null, array $context = []): void
-    {
-        error_log('applyToItem');
-        $this->addWhere($queryBuilder, $resourceClass);
-    }*/
-
     private function addWhere(QueryBuilder $queryBuilder, string $resourceClass): void
     {
         if (CourseRelUser::class !== $resourceClass) {