Lesstime/src/State/TaskDocumentProvider.php

<?php

declare(strict_types=1);

namespace App\State;

use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProviderInterface;
use App\Entity\TaskDocument;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\SecurityBundle\Security;

/**
 * @implements ProviderInterface<TaskDocument>
 */
final readonly class TaskDocumentProvider implements ProviderInterface
{
    public function __construct(
        private EntityManagerInterface $entityManager,
        private Security $security,
    ) {}

    public function provide(Operation $operation, array $uriVariables = [], array $context = []): array|TaskDocument|null
    {
        $user = $this->security->getUser();
        assert($user instanceof User);

        $repo     = $this->entityManager->getRepository(TaskDocument::class);
        $isClient = $this->security->isGranted('ROLE_CLIENT') && !$this->security->isGranted('ROLE_ADMIN');

        // Single item
        if (isset($uriVariables['id'])) {
            $document = $repo->find($uriVariables['id']);
            if (null === $document) {
                return null;
            }

            if ($isClient) {
                $ticket = $document->getClientTicket();
                if (null === $ticket || $ticket->getSubmittedBy() !== $user) {
                    return null;
                }
            }

            return $document;
        }

        // Collection
        $qb = $repo->createQueryBuilder('d')
            ->orderBy('d.id', 'DESC')
        ;

        if ($isClient) {
            $qb->innerJoin('d.clientTicket', 'ct')
                ->andWhere('ct.submittedBy = :user')
                ->setParameter('user', $user)
            ;
        }

        // Apply filters from query parameters
        $filters = $context['filters'] ?? [];
        if (isset($filters['task'])) {
            $qb->andWhere('d.task = :task')
                ->setParameter('task', self::extractId($filters['task']))
            ;
        }
        if (isset($filters['clientTicket'])) {
            $qb->andWhere('d.clientTicket = :clientTicket')
                ->setParameter('clientTicket', self::extractId($filters['clientTicket']))
            ;
        }

        return $qb->getQuery()->getResult();
    }

    private static function extractId(string $value): int
    {
        return is_numeric($value) ? (int) $value : (int) basename($value);
    }
}