feat : wip

src/Doctrine/WorkHourCollectionExtension.php

@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Doctrine;
+
+use ApiPlatform\Doctrine\Orm\Extension\QueryCollectionExtensionInterface;
+use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;
+use ApiPlatform\Metadata\Operation;
+use App\Entity\User;
+use App\Entity\WorkHour;
+use App\Security\EmployeeScopeService;
+use Doctrine\ORM\QueryBuilder;
+use Symfony\Bundle\SecurityBundle\Security;
+
+final readonly class WorkHourCollectionExtension implements QueryCollectionExtensionInterface
+{
+    public function __construct(
+        private Security $security,
+        private EmployeeScopeService $employeeScopeService,
+    ) {}
+
+    public function applyToCollection(
+        QueryBuilder $queryBuilder,
+        QueryNameGeneratorInterface $queryNameGenerator,
+        string $resourceClass,
+        ?Operation $operation = null,
+        array $context = []
+    ): void {
+        // N'applique le filtrage qu'à la ressource WorkHour.
+        if (WorkHour::class !== $resourceClass) {
+            return;
+        }
+
+        $user = $this->security->getUser();
+        if (!$user instanceof User) {
+            // Pas d'utilisateur => aucune ligne renvoyée.
+            $queryBuilder->andWhere('1 = 0');
+
+            return;
+        }
+
+        $rootAlias     = $queryBuilder->getRootAliases()[0];
+        $employeeAlias = 'employee_scope';
+
+        $queryBuilder->leftJoin(sprintf('%s.employee', $rootAlias), $employeeAlias)
+            ->addSelect($employeeAlias)
+        ;
+
+        // Filtrage SQL par scope (admin/self/site) avant retour API.
+        $this->employeeScopeService->applyEmployeeScope($queryBuilder, $employeeAlias, 'work_hour_scope', $user);
+    }
+}