add remove listener

alchemy-fr · Jul 24, 2023 · 5bc96ea · 5bc96ea
1 parent 22ec117
commit 5bc96ea
Show file tree

Hide file tree

Showing 7 changed files with 362 additions and 7 deletions.
diff --git a/Doctrine/Listener/AclObjectDeleteListener.php b/Doctrine/Listener/AclObjectDeleteListener.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Alchemy\AclBundle\Doctrine\Listener;
+
+use Alchemy\AclBundle\AclObjectInterface;
+use Alchemy\AclBundle\Mapping\ObjectMapping;
+use Alchemy\AclBundle\Repository\PermissionRepositoryInterface;
+use Doctrine\Bundle\DoctrineBundle\EventSubscriber\EventSubscriberInterface;
+use Doctrine\ORM\Event\PostRemoveEventArgs;
+use Doctrine\ORM\Events;
+
+final class AclObjectDeleteListener implements EventSubscriberInterface
+{
+    public function __construct(
+        private readonly ObjectMapping $objectMapping,
+        private readonly PermissionRepositoryInterface $permissionRepository,
+    ) {
+    }
+
+    public function postRemove(PostRemoveEventArgs $args): void
+    {
+        $object = $args->getObject();
+        if (!$object instanceof AclObjectInterface) {
+            return;
+        }
+
+        $this->permissionRepository->deleteAcesByParams([
+            'objectType' => $this->objectMapping->getObjectKey($object),
+            'objectId' => $object->getId(),
+        ]);
+    }
+
+    public function getSubscribedEvents()
+    {
+        return [
+            Events::postRemove,
+        ];
+    }
+}
diff --git a/Entity/AccessControlEntryRepository.php b/Entity/AccessControlEntryRepository.php
@@ -91,16 +91,15 @@ public function getAces(string $userId, array $groupIds, string $objectType, ?st
             ->getResult();
     }
 
-    public function findAcesByParams(array $params = []): array
+    private function applyParams(QueryBuilder $queryBuilder, array $params = []): void
     {
-        $queryBuilder = $this->createBaseQueryBuilder();
-
         foreach ([
             'objectType' => 'ot',
             'userType' => 'ut',
             'objectId' => 'oid',
             'userId' => 'uid',
-                 ] as $col => $alias) {
+            'parentId' => 'pid',
+        ] as $col => $alias) {
             if (isset($params[$col])) {
                 $queryBuilder
                     ->andWhere(sprintf('a.%s = :%s', $col, $alias))
@@ -110,12 +109,25 @@ public function findAcesByParams(array $params = []): array
         foreach ([
             'objectId' => 'oid',
             'userId' => 'uid',
-                 ] as $col => $alias) {
+            'parentId' => 'pid',
+        ] as $col => $alias) {
             if (array_key_exists($col, $params) && null === $params[$col]) {
                 $queryBuilder->andWhere(sprintf('a.%s IS NULL', $col));
             }
         }
 
+        if (isset($params['permission'])) {
+            $queryBuilder
+                ->andWhere('BIT_AND(a.mask, :p) = :p')
+                ->setParameter('p', $params['permission']);
+        }
+    }
+
+    public function findAcesByParams(array $params = []): array
+    {
+        $queryBuilder = $this->createBaseQueryBuilder();
+        $this->applyParams($queryBuilder, $params);
+
         $queryBuilder->addOrderBy('a.parentId', 'ASC');
         $queryBuilder->addOrderBy('a.createdAt', 'ASC');
 
@@ -124,6 +136,18 @@ public function findAcesByParams(array $params = []): array
             ->getResult();
     }
 
+    public function deleteAcesByParams(array $params = []): void
+    {
+        $queryBuilder = $this->createQueryBuilder('a')
+            ->delete();
+
+        $this->applyParams($queryBuilder, $params);
+
+        $queryBuilder
+            ->getQuery()
+            ->execute();
+    }
+
     public function getAllowedUserIds(string $objectType, string $objectId, int $permission): array
     {
         return $this->getAllowedIds(AccessControlEntry::TYPE_USER_VALUE, $objectType, $objectId, $permission);

diff --git a/Repository/DoctrinePermissionRepository.php b/Repository/DoctrinePermissionRepository.php
@@ -36,6 +36,13 @@ public function findAcesByParams(array $params = []): array
             ->findAcesByParams($params);
     }
 
+    public function deleteAcesByParams(array $params = []): void
+    {
+        $this->em
+            ->getRepository(AccessControlEntry::class)
+            ->deleteAcesByParams($params);
+    }
+
     public function getAces(string $userId, array $groupIds, string $objectType, ?string $objectId): array
     {
         return $this->em
@@ -88,7 +95,7 @@ public function findAces(
         ?string $objectId,
     ): array {
         if (null !== $objectId && empty($objectId)) {
-            throw new InvalidArgumentException('Empty objectId');
+            throw new \InvalidArgumentException('Empty objectId');
         }
 
         $userId = AccessControlEntryInterface::USER_WILDCARD === $userId ? null : $userId;

diff --git a/Repository/PermissionRepositoryInterface.php b/Repository/PermissionRepositoryInterface.php
@@ -13,6 +13,8 @@ interface PermissionRepositoryInterface
      */
     public function findAcesByParams(array $params = []): array;
 
+    public function deleteAcesByParams(array $params = []): void;
+
     public function getAces(string $userId, array $groupIds, string $objectType, ?string $objectId): array;
 
     public function getAllowedUserIds(string $objectType, string $objectId, int $permission): array;

diff --git a/Resources/config/services.yaml b/Resources/config/services.yaml
@@ -22,3 +22,5 @@ services:
   Alchemy\AclBundle\Security\Voter\SetPermissionVoter:
     tags:
       - { name: security.voter }
+
+  Alchemy\AclBundle\Doctrine\Listener\AclObjectDeleteListener: ~
diff --git a/composer.json b/composer.json
@@ -36,6 +36,7 @@
     }
   },
   "require-dev": {
+    "doctrine/doctrine-bundle": "^2.10",
     "friendsofphp/php-cs-fixer": "^3",
     "phpunit/phpunit": "^8.4|^10.2.2"
   }