Michaël Perrin has written an article about using annotation and filters improve security.
With a more complex model, for example an order that contains products, you want also to filter on the associations of the filtered entity. In this case the products that the orders contain.
You can solve this by adding a user property to the product entity, but this risks compromising you're database integrity. Better is to make the ManyToOne assiciation from product to order also UserAware
Insprered by Steve's stackoverflow question, I've created a filter that recursively adds subqueries to the where clause until (an assiciation with) a user is found.
The magic happens in the UserFilter
class.
The magic happens in the UserFilter class.
More specifically the buildQuery
method.
This method recursively transverses the UserAware properties,
until the the UserAware property is of type User
,
or is a reference to the User
class.
With each function call a sub query is padded to the basic query.
The configuration is almost the same as in Michaël Perrin's piece.
The only difference is an extra line is added in the Configurator.php
to inject an ObjectManager
into the UserFilter
class.
$filter->setObjectManager($this->em);
When all in configurated the usage is very simple.
Just add the UserAware
annotation to the class.
See the Product
class for an example.
In the UserAware
class, I've also added the annotation userPropertyName
.
Since in the UserFilter
class
userPropertyName
is now also needed next to userFieldName
,
It doesn't make sence to prefere to use the latter.
In fact it's more convinient to use the first one userPropertyName
,
this way the impelmentator of the entitie classes doesn't have to know
about the mapping of property names to field names.
Thanks you so much!
But have you any solution with ManyToMany relation?