Filter away person-related data in public camps

Author: carlobeltrame

api/migrations/schema/Version20250821113132.php

@@ -15,9 +15,45 @@ public function getDescription(): string {
     public function up(Schema $schema): void {
         $this->addSql('ALTER TABLE camp ADD isShared BOOLEAN DEFAULT FALSE NOT NULL');
         $this->addSql('CREATE INDEX IDX_C1944230D2E4FE61 ON camp (isShared)');
+        $this->addSql(
+            <<<'EOF'
+                    CREATE OR REPLACE VIEW public.view_user_camps
+                    AS
+                    select	cc.id::TEXT, cc.userid, cc.campid
+                    from	camp_collaboration cc
+                    where 	cc.status = 'established'
+                EOF
+        );
+        $this->addSql(
+            <<<'EOF'
+                    CREATE OR REPLACE VIEW public.view_user_camps_with_public
+                    AS
+                    SELECT CONCAT(u.id, c.id) id, u.id userid, c.id campid
+                    from camp c, "user" u
+                    where c.isprototype = TRUE or c.isshared = TRUE
+                    union all
+                    select	cc.id, cc.userid, cc.campid
+                    from	camp_collaboration cc
+                    where 	cc.status = 'established'
+                EOF
+        );
     }
 
     public function down(Schema $schema): void {
+        $this->addSql('DROP VIEW IF EXISTS public.view_user_camps_with_public');
+        $this->addSql(
+            <<<'EOF'
+                    CREATE OR REPLACE VIEW public.view_user_camps
+                    AS
+                    SELECT CONCAT(u.id, c.id) id, u.id userid,  c.id campid
+                    from camp c, "user" u
+                    where c.isprototype = TRUE
+                    union all
+                    select	cc.id, cc.userid, cc.campid
+                    from	camp_collaboration cc
+                    where 	cc.status = 'established'
+                EOF
+        );
         $this->addSql('DROP INDEX IDX_C1944230D2E4FE61');
         $this->addSql('ALTER TABLE camp DROP isShared');
     }

api/src/Entity/Activity.php

@@ -274,7 +274,17 @@ public function removeScheduleEntry(ScheduleEntry $scheduleEntry): self {
     /**
      * @return ActivityResponsible[]
      */
-    #[ApiProperty(readableLink: true)]
+    #[ApiProperty(readableLink: true, security: '!is_granted("CAMP_COLLABORATOR", object)')]
+    #[SerializedName('activityResponsibles')]
+    #[Groups(['Activity:ActivityResponsibles'])]
+    public function getRedactedEmbeddedActivityResponsibles(): array {
+        return [];
+    }
+
+    /**
+     * @return ActivityResponsible[]
+     */
+    #[ApiProperty(readableLink: true, security: 'is_granted("CAMP_COLLABORATOR", object)')]
     #[SerializedName('activityResponsibles')]
     #[Groups(['Activity:ActivityResponsibles'])]
     public function getEmbeddedActivityResponsibles(): array {

api/src/Entity/Camp.php

@@ -79,12 +79,21 @@ class Camp extends BaseEntity implements BelongsToCampInterface, CopyFromPrototy
     public Collection $collaborations;
 
     /**
-     * UserCamp Collections
-     * Based von view_user_camps; lists all user who can see this camp.
+     * UserCamp Collection
+     * Based von view_user_camps; lists all user who can see this camp through campCollaborations.
      */
     #[ORM\OneToMany(targetEntity: UserCamp::class, mappedBy: 'camp')]
     public Collection $userCamps;
 
+    /**
+     * UserCampWithPublic Collection
+     * Based von view_user_camps_with_public; lists all user who can see this camp, through
+     * campCollaborations or because the camps are prototypes or shared.
+     */
+    #[ORM\OneToMany(targetEntity: UserCampWithPublic::class, mappedBy: 'camp')]
+    #[Assert\DisableAutoMapping]
+    public Collection $userCampsWithPublic;
+
     /**
      * The time periods of the camp, there must be at least one. Periods in a camp may not overlap.
      * When creating a camp, the initial periods may be specified as nested payload, but updating,
@@ -462,13 +471,20 @@ public function getCampCollaborations(): array {
         return [];
     }
 
+    #[ApiProperty(writable: false, readableLink: true, security: '!is_granted("CAMP_COLLABORATOR", object)')]
+    #[SerializedName('campCollaborations')]
+    #[Groups('Camp:CampCollaborations')]
+    public function getRedactedEmbeddedCampCollaborations(): array {
+        return [];
+    }
+
     /**
      * The people working on planning and carrying out the camp. Only collaborators have access
      * to the camp's contents.
      *
      * @return CampCollaboration[]
      */
-    #[ApiProperty(writable: false, readableLink: true)]
+    #[ApiProperty(writable: false, readableLink: true, security: 'is_granted("CAMP_COLLABORATOR", object)')]
     #[SerializedName('campCollaborations')]
     #[Groups('Camp:CampCollaborations')]
     public function getEmbeddedCampCollaborations(): array {

api/src/Entity/Day.php

@@ -180,16 +180,26 @@ public function getEnd(): ?\DateTime {
         }
     }
 
-    /**
-     * DayResponsible.
-     */
+    #[ApiProperty(
+        readableLink: true,
+        uriTemplate: DayResponsible::DAY_SUBRESOURCE_URI_TEMPLATE,
+        security: '!is_granted("CAMP_COLLABORATOR", object)'
+    )]
+    #[SerializedName('dayResponsibles')]
+    #[Groups(['Day:DayResponsibles'])]
+    public function getRedactedEmbeddedDayResponsibles(): array {
+        return [];
+    }
 
     /**
+     * People who have a special responsibility on this day.
+     *
      * @return DayResponsible[]
      */
     #[ApiProperty(
         readableLink: true,
         uriTemplate: DayResponsible::DAY_SUBRESOURCE_URI_TEMPLATE,
+        security: 'is_granted("CAMP_COLLABORATOR", object)'
     )]
     #[SerializedName('dayResponsibles')]
     #[Groups(['Day:DayResponsibles'])]

api/src/Entity/DayResponsible.php

@@ -42,9 +42,6 @@
                                is_granted("CAMP_IS_SHARED", day) or
                                is_granted("CAMP_IS_PROTOTYPE", day)'
                 ),
-            ],
-            extraProperties: [
-                'filter_by_current_user' => false,
             ]
         ),
         new Post(

api/src/Entity/User.php

@@ -88,12 +88,20 @@ class User extends BaseEntity implements UserInterface, PasswordAuthenticatedUse
     public Collection $collaborations;
 
     /**
-     * UserCamp Collections
-     * Based von view_user_camps; lists all camps a user can see.
+     * UserCamp Collection
+     * Based von view_user_camps; lists all camps a user can see through their campCollaborations.
      */
     #[ORM\OneToMany(targetEntity: UserCamp::class, mappedBy: 'user')]
     public Collection $userCamps;
 
+    /**
+     * UserCampWithPublic Collection
+     * Based von view_user_camps_with_public; lists all camps a user can see, through their
+     * campCollaborations or because the camp is a prototype or shared.
+     */
+    #[ORM\OneToMany(targetEntity: UserCampWithPublic::class, mappedBy: 'user')]
+    public Collection $userCampsWithPublic;
+
     /**
      * The state of this user.
      */

api/src/Entity/UserCamp.php

@@ -6,7 +6,7 @@
 
 /**
  * view_user_camps
- * List all visible camps for each user.
+ * List all visible camps for each user through their camp collaborations.
  */
 #[ORM\Entity(readOnly: true)]
 #[ORM\Table(name: 'view_user_camps')]

api/src/Entity/UserCampWithPublic.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Entity;
+
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * view_user_camps_with_public
+ * List all visible camps for each user, through camp collaborations or because
+ * they are prototype or shared camps.
+ */
+#[ORM\Entity(readOnly: true)]
+#[ORM\Table(name: 'view_user_camps_with_public')]
+class UserCampWithPublic {
+    #[ORM\Id]
+    #[ORM\Column(type: 'string', length: 32, nullable: false)]
+    public string $id;
+
+    #[ORM\ManyToOne(targetEntity: User::class, inversedBy: 'userCampsWithPublic')]
+    public User $user;
+
+    #[ORM\ManyToOne(targetEntity: Camp::class, inversedBy: 'userCampsWithPublic')]
+    public Camp $camp;
+}

api/src/Repository/ActivityProgressLabelRepository.php

@@ -30,6 +30,6 @@ public function __construct(EntityManagerInterface $em, string $entityClass = Ac
 
     public function filterByUser(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, User $user): void {
         $rootAlias = $queryBuilder->getRootAliases()[0];
-        $this->filterByCampCollaboration($queryBuilder, $user, "{$rootAlias}.camp");
+        $this->filterByCampCollaborationOrPublic($queryBuilder, $user, "{$rootAlias}.camp");
     }
 }

api/src/Repository/ActivityRepository.php

@@ -24,6 +24,6 @@ public function __construct(ManagerRegistry $registry) {
 
     public function filterByUser(QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, User $user): void {
         $rootAlias = $queryBuilder->getRootAliases()[0];
-        $this->filterByCampCollaboration($queryBuilder, $user, "{$rootAlias}.camp");
+        $this->filterByCampCollaborationOrPublic($queryBuilder, $user, "{$rootAlias}.camp");
     }
 }