From b6cfe9d7d4ae8bf346d544d6a04dba6db0d63026 Mon Sep 17 00:00:00 2001
From: matthieu <matthieu@yuno.malio.fr>
Date: Sun, 15 Mar 2026 19:27:24 +0100
Subject: [PATCH] feat : add ClientTicketProvider with filtering

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/State/ClientTicketProvider.php | 70 ++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 src/State/ClientTicketProvider.php

diff --git a/src/State/ClientTicketProvider.php b/src/State/ClientTicketProvider.php
new file mode 100644
index 0000000..ee1dcbd
--- /dev/null
+++ b/src/State/ClientTicketProvider.php
@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\State;
+
+use ApiPlatform\Metadata\Operation;
+use ApiPlatform\State\ProviderInterface;
+use App\Entity\ClientTicket;
+use App\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bundle\SecurityBundle\Security;
+
+/**
+ * @implements ProviderInterface<ClientTicket>
+ */
+final readonly class ClientTicketProvider implements ProviderInterface
+{
+    public function __construct(
+        private EntityManagerInterface $entityManager,
+        private Security $security,
+    ) {}
+
+    public function provide(Operation $operation, array $uriVariables = [], array $context = []): array|ClientTicket|null
+    {
+        $user = $this->security->getUser();
+        assert($user instanceof User);
+
+        $repo = $this->entityManager->getRepository(ClientTicket::class);
+
+        // Single item
+        if (isset($uriVariables['id'])) {
+            $ticket = $repo->find($uriVariables['id']);
+            if (null === $ticket) {
+                return null;
+            }
+            if (!$this->security->isGranted('ROLE_ADMIN') && $ticket->getSubmittedBy() !== $user) {
+                return null;
+            }
+
+            return $ticket;
+        }
+
+        // Collection with manual filtering
+        $qb = $repo->createQueryBuilder('ct')
+            ->orderBy('ct.createdAt', 'DESC')
+        ;
+
+        // ROLE_CLIENT: only own tickets
+        if (!$this->security->isGranted('ROLE_ADMIN')) {
+            $qb->andWhere('ct.submittedBy = :user')->setParameter('user', $user);
+        }
+
+        // Apply filters from query parameters
+        $filters = $context['filters'] ?? [];
+        if (isset($filters['project'])) {
+            $projectId = is_numeric($filters['project']) ? (int) $filters['project'] : (int) basename($filters['project']);
+            $qb->andWhere('ct.project = :project')->setParameter('project', $projectId);
+        }
+        if (isset($filters['status'])) {
+            $qb->andWhere('ct.status = :status')->setParameter('status', $filters['status']);
+        }
+        if (isset($filters['submittedBy']) && $this->security->isGranted('ROLE_ADMIN')) {
+            $submittedById = is_numeric($filters['submittedBy']) ? (int) $filters['submittedBy'] : (int) basename($filters['submittedBy']);
+            $qb->andWhere('ct.submittedBy = :submittedBy')->setParameter('submittedBy', $submittedById);
+        }
+
+        return $qb->getQuery()->getResult();
+    }
+}