Commit e2bc6f2c authored by François Agneray's avatar François Agneray
Browse files

WIP => list private datasets if user authenticated

parent fccc53dc
......@@ -44,12 +44,33 @@ final class DatasetListByInstanceAction extends AbstractAction
}
if ($request->getMethod() === GET) {
$token = $request->getAttribute('token');
$qb = $this->em->createQueryBuilder();
$qb->select('d')
->from('App\Entity\Dataset', 'd')
->join('d.datasetFamily', 'f')
->where($qb->expr()->eq('IDENTITY(f.instance)', ':instanceName'))
->setParameter('instanceName', $instance->getName());
->where($qb->expr()->eq('IDENTITY(f.instance)', ':instanceName'));
if (!$token) {
// If user is not connected return public datasets
$qb->andWhere($qb->expr()->eq('d.public', 'true'));
} else {
$roles = $token->getClaim('realm_access')->roles;
if (!in_array('anis_admin', $roles)) {
// If user is not an admin return public datasets
$qb->andWhere($qb->expr()->eq('d.public', 'true'));
// TODO: And returns datasets from user's groups
$qb2 = $this->em->createQueryBuilder();
$qb2->select('d.name')
->from('App\Entity\Group', 'g')
->join('g.datasets', 'd')
->where($qb2->expr()->in('g.label', $roles));
$qb->andWhere($qb->expr()->in('d.name', $qb2));
}
}
$qb->setParameter('instanceName', $instance->getName());
$datasets = $qb->getQuery()->getResult();
$payload = json_encode($datasets);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment