diff --git a/public/main/admin/course_edit.php b/public/main/admin/course_edit.php index 0ec8c7aede8..7d583e2951f 100644 --- a/public/main/admin/course_edit.php +++ b/public/main/admin/course_edit.php @@ -310,7 +310,7 @@ $visibility = $course['visibility']; if (isset($course['duration'])) { - $course['duration'] = $course['duration'] * 60; + $course['duration'] = (int) $course['duration'] * 60; } // @todo should be check in the CidReqListener diff --git a/src/CoreBundle/DataProvider/Extension/CourseRelUserExtension.php b/src/CoreBundle/DataProvider/Extension/CourseRelUserExtension.php index c2918e7cb46..f7031b59202 100644 --- a/src/CoreBundle/DataProvider/Extension/CourseRelUserExtension.php +++ b/src/CoreBundle/DataProvider/Extension/CourseRelUserExtension.php @@ -9,18 +9,19 @@ use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface; use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface; use ApiPlatform\Metadata\Operation; +use Chamilo\CoreBundle\Entity\AccessUrlRelCourse; use Chamilo\CoreBundle\Entity\CourseRelUser; use Chamilo\CoreBundle\Entity\User; +use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper; use Doctrine\ORM\QueryBuilder; use Symfony\Bundle\SecurityBundle\Security; use Symfony\Component\Security\Core\Exception\AccessDeniedException; -// use ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\QueryItemExtensionInterface; - -final class CourseRelUserExtension implements QueryCollectionExtensionInterface // , QueryItemExtensionInterface +final class CourseRelUserExtension implements QueryCollectionExtensionInterface { public function __construct( - private readonly Security $security + private readonly Security $security, + private readonly AccessUrlHelper $accessUrlHelper ) {} public function applyToCollection( @@ -30,13 +31,34 @@ public function applyToCollection( ?Operation $operation = null, array $context = [] ): void { + if ($this->accessUrlHelper->isMultiple()) { + $accessUrl = $this->accessUrlHelper->getCurrent(); + $rootAlias = $queryBuilder->getRootAliases()[0]; + if (isset($context['filters']['sticky']) && $context['filters']['sticky']) { + $queryBuilder + ->innerJoin( + AccessUrlRelCourse::class, + 'url_rel', + 'WITH', + 'url_rel.course = ' . $rootAlias + ) + ->andWhere('url_rel.url = :access_url_id') + ->setParameter('access_url_id', $accessUrl->getId()); + } else { + $queryBuilder + ->innerJoin("$rootAlias.course", 'c') + ->innerJoin('c.urls', 'url_rel') + ->andWhere('url_rel.url = :access_url_id') + ->setParameter('access_url_id', $accessUrl->getId()); + } + } + if ($this->security->isGranted('ROLE_ADMIN')) { return; } if (CourseRelUser::class === $resourceClass) { - // Blocks a ROLE_USER to access CourseRelUsers from another User. - if ('collection_query' === $operation->getName()) { + if ('collection_query' === $operation?->getName()) { /** @var User|null $user */ if (null === $user = $this->security->getUser()) { throw new AccessDeniedException('Access Denied.'); @@ -51,12 +73,6 @@ public function applyToCollection( $this->addWhere($queryBuilder, $resourceClass); } - /*public function applyToItem(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, array $identifiers, string $operationName = null, array $context = []): void - { - error_log('applyToItem'); - $this->addWhere($queryBuilder, $resourceClass); - }*/ - private function addWhere(QueryBuilder $queryBuilder, string $resourceClass): void { if (CourseRelUser::class !== $resourceClass) {