fix(Api): Added AttributeValueQueryExtension and `NodesTagsQueryExt…

…ension` to restrict tags and attributes linked to any published node.

lib/RoadizCoreBundle/config/services.yaml

@@ -114,6 +114,21 @@ services:
         # Extension must be called after all filtering BUT before default pagination extension
         tags: [ { name: 'api_platform.doctrine.orm.query_extension.collection', priority: -40 } ]
 
+    #
+    # These API doctrine extension must be called last before pagination
+    # to perform on existing JOIN with node entities (found after filtering)
+    #
+    RZ\Roadiz\CoreBundle\Api\Extension\AttributeValueQueryExtension:
+        tags: [
+            { name: 'api_platform.doctrine.orm.query_extension.collection', priority: -40 },
+            { name: 'api_platform.doctrine.orm.query_extension.item', priority: -40 },
+        ]
+    RZ\Roadiz\CoreBundle\Api\Extension\NodesTagsQueryExtension:
+        tags: [
+            { name: 'api_platform.doctrine.orm.query_extension.collection', priority: -40 },
+            { name: 'api_platform.doctrine.orm.query_extension.item', priority: -40 },
+        ]
+
     RZ\Roadiz\CoreBundle\Bag\:
         resource: '../src/Bag/'
         autowire: true

lib/RoadizCoreBundle/src/Api/Extension/AttributeValueQueryExtension.php

@@ -0,0 +1,81 @@
+<?php
+
+declare(strict_types=1);
+
+namespace RZ\Roadiz\CoreBundle\Api\Extension;
+
+use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;
+use ApiPlatform\Doctrine\Orm\Extension\QueryItemExtensionInterface;
+use ApiPlatform\Doctrine\Orm\Util\QueryBuilderHelper;
+use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;
+use ApiPlatform\Metadata\Operation;
+use Doctrine\ORM\QueryBuilder;
+use RZ\Roadiz\CoreBundle\Entity\AttributeValue;
+use RZ\Roadiz\CoreBundle\Entity\Node;
+use RZ\Roadiz\CoreBundle\Preview\PreviewResolverInterface;
+
+final class AttributeValueQueryExtension implements QueryItemExtensionInterface, QueryCollectionExtensionInterface
+{
+    private PreviewResolverInterface $previewResolver;
+
+    public function __construct(
+        PreviewResolverInterface $previewResolver
+    ) {
+        $this->previewResolver = $previewResolver;
+    }
+
+    public function applyToItem(
+        QueryBuilder $queryBuilder,
+        QueryNameGeneratorInterface $queryNameGenerator,
+        string $resourceClass,
+        array $identifiers,
+        ?Operation $operation = null,
+        array $context = []
+    ): void {
+        $this->apply($queryBuilder, $resourceClass);
+    }
+
+    public function applyToCollection(
+        QueryBuilder $queryBuilder,
+        QueryNameGeneratorInterface $queryNameGenerator,
+        string $resourceClass,
+        ?Operation $operation = null,
+        array $context = []
+    ): void {
+        $this->apply($queryBuilder, $resourceClass);
+    }
+
+    private function apply(
+        QueryBuilder $queryBuilder,
+        string $resourceClass
+    ): void {
+        if (
+            $resourceClass !== AttributeValue::class
+        ) {
+            return;
+        }
+
+        $parts = $queryBuilder->getDQLPart('join');
+        $rootAlias = $queryBuilder->getRootAliases()[0];
+        if (!\is_array($parts) || !isset($parts[$rootAlias])) {
+            return;
+        }
+
+        $existingNodeJoin = QueryBuilderHelper::getExistingJoin($queryBuilder, 'o', 'node');
+        if (null === $existingNodeJoin || !$existingNodeJoin->getAlias()) {
+            return;
+        }
+
+        if ($this->previewResolver->isPreview()) {
+            $queryBuilder
+                ->andWhere($queryBuilder->expr()->lte($existingNodeJoin->getAlias() . '.status', ':status'))
+                ->setParameter(':status', Node::PUBLISHED);
+            return;
+        }
+
+        $queryBuilder
+            ->andWhere($queryBuilder->expr()->eq($existingNodeJoin->getAlias() . '.status', ':status'))
+            ->setParameter(':status', Node::PUBLISHED);
+        return;
+    }
+}

lib/RoadizCoreBundle/src/Api/Extension/NodesTagsQueryExtension.php

@@ -0,0 +1,89 @@
+<?php
+
+declare(strict_types=1);
+
+namespace RZ\Roadiz\CoreBundle\Api\Extension;
+
+use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;
+use ApiPlatform\Doctrine\Orm\Extension\QueryItemExtensionInterface;
+use ApiPlatform\Doctrine\Orm\Util\QueryBuilderHelper;
+use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;
+use ApiPlatform\Metadata\Operation;
+use Doctrine\ORM\QueryBuilder;
+use RZ\Roadiz\CoreBundle\Entity\Node;
+use RZ\Roadiz\CoreBundle\Entity\Tag;
+use RZ\Roadiz\CoreBundle\Preview\PreviewResolverInterface;
+
+final class NodesTagsQueryExtension implements QueryItemExtensionInterface, QueryCollectionExtensionInterface
+{
+    private PreviewResolverInterface $previewResolver;
+
+    public function __construct(
+        PreviewResolverInterface $previewResolver
+    ) {
+        $this->previewResolver = $previewResolver;
+    }
+
+    public function applyToItem(
+        QueryBuilder $queryBuilder,
+        QueryNameGeneratorInterface $queryNameGenerator,
+        string $resourceClass,
+        array $identifiers,
+        ?Operation $operation = null,
+        array $context = []
+    ): void {
+        $this->apply($queryBuilder, $resourceClass);
+    }
+
+    public function applyToCollection(
+        QueryBuilder $queryBuilder,
+        QueryNameGeneratorInterface $queryNameGenerator,
+        string $resourceClass,
+        ?Operation $operation = null,
+        array $context = []
+    ): void {
+        $this->apply($queryBuilder, $resourceClass);
+    }
+
+    private function apply(
+        QueryBuilder $queryBuilder,
+        string $resourceClass
+    ): void {
+        if (
+            $resourceClass !== Tag::class
+        ) {
+            return;
+        }
+
+        $parts = $queryBuilder->getDQLPart('join');
+        $rootAlias = $queryBuilder->getRootAliases()[0];
+        if (!\is_array($parts) || !isset($parts[$rootAlias])) {
+            return;
+        }
+
+        $existingJoin = QueryBuilderHelper::getExistingJoin($queryBuilder, 'o', 'nodesTags');
+        if (null === $existingJoin || !$existingJoin->getAlias()) {
+            return;
+        }
+        $existingNodeJoin = QueryBuilderHelper::getExistingJoin(
+            $queryBuilder,
+            $existingJoin->getAlias(),
+            'node'
+        );
+        if (null === $existingNodeJoin || !$existingNodeJoin->getAlias()) {
+            return;
+        }
+
+        if ($this->previewResolver->isPreview()) {
+            $queryBuilder
+                ->andWhere($queryBuilder->expr()->lte($existingNodeJoin->getAlias() . '.status', ':status'))
+                ->setParameter(':status', Node::PUBLISHED);
+            return;
+        }
+
+        $queryBuilder
+            ->andWhere($queryBuilder->expr()->eq($existingNodeJoin->getAlias() . '.status', ':status'))
+            ->setParameter(':status', Node::PUBLISHED);
+        return;
+    }
+}