From 71835489ccc1a358e398833bec925d57540eb211 Mon Sep 17 00:00:00 2001
From: Aske Ertmann <aske@ertmann.co>
Date: Wed, 12 Jul 2017 14:54:33 -0400
Subject: [PATCH 1/2] TASK: Support expressions in isTagged & isInCollection
 conditions

---
 .../Doctrine/AssetAssetCollectionConditionGenerator.php      | 5 ++++-
 .../Privilege/Doctrine/AssetConditionGenerator.php           | 2 +-
 .../Privilege/Doctrine/AssetTagConditionGenerator.php        | 5 ++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetAssetCollectionConditionGenerator.php b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetAssetCollectionConditionGenerator.php
index f2c420e..50b4c5d 100644
--- a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetAssetCollectionConditionGenerator.php
+++ b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetAssetCollectionConditionGenerator.php
@@ -5,6 +5,7 @@
 use Doctrine\Common\Persistence\ObjectManager;
 use Doctrine\ORM\Query\Filter\SQLFilter as DoctrineSqlFilter;
 use TYPO3\Flow\Annotations as Flow;
+use TYPO3\Flow\Security\Authorization\Privilege\Entity\Doctrine\PropertyConditionGenerator;
 use TYPO3\Flow\Security\Authorization\Privilege\Entity\Doctrine\SqlGeneratorInterface;
 
 /**
@@ -40,7 +41,9 @@ public function __construct($collectionTitle)
      */
     public function getSql(DoctrineSqlFilter $sqlFilter, ClassMetadata $targetEntity, $targetTableAlias)
     {
-        $quotedCollectionTitle = $this->entityManager->getConnection()->quote($this->collectionTitle);
+        $propertyConditionGenerator = new PropertyConditionGenerator('');
+        $collectionTitle = $propertyConditionGenerator->getValueForOperand($this->collectionTitle);
+        $quotedCollectionTitle = $this->entityManager->getConnection()->quote($collectionTitle);
         return $targetTableAlias . '.persistence_object_identifier IN (
             SELECT ' . $targetTableAlias . '_a.persistence_object_identifier
             FROM typo3_media_domain_model_asset AS ' . $targetTableAlias . '_a
diff --git a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php
index dcae005..f708e44 100644
--- a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php
+++ b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php
@@ -59,7 +59,7 @@ public function isTagged($tagLabel)
 
     /**
      * @param string $collectionTitle
-     * @return AssetTagConditionGenerator
+     * @return AssetAssetCollectionConditionGenerator
      */
     public function isInCollection($collectionTitle)
     {
diff --git a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetTagConditionGenerator.php b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetTagConditionGenerator.php
index 09205b2..02f23d0 100644
--- a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetTagConditionGenerator.php
+++ b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetTagConditionGenerator.php
@@ -5,6 +5,7 @@
 use Doctrine\Common\Persistence\ObjectManager;
 use Doctrine\ORM\Query\Filter\SQLFilter as DoctrineSqlFilter;
 use TYPO3\Flow\Annotations as Flow;
+use TYPO3\Flow\Security\Authorization\Privilege\Entity\Doctrine\PropertyConditionGenerator;
 use TYPO3\Flow\Security\Authorization\Privilege\Entity\Doctrine\SqlGeneratorInterface;
 
 /**
@@ -40,7 +41,9 @@ public function __construct($tagLabel)
      */
     public function getSql(DoctrineSqlFilter $sqlFilter, ClassMetadata $targetEntity, $targetTableAlias)
     {
-        $quotedTagLabel = $this->entityManager->getConnection()->quote($this->tagLabel);
+        $propertyConditionGenerator = new PropertyConditionGenerator('');
+        $tagLabel = $propertyConditionGenerator->getValueForOperand($this->tagLabel);
+        $quotedTagLabel = $this->entityManager->getConnection()->quote($tagLabel);
         return $targetTableAlias . '.persistence_object_identifier IN (
             SELECT ' . $targetTableAlias . '_a.persistence_object_identifier
             FROM typo3_media_domain_model_asset AS ' . $targetTableAlias . '_a

From 1097d59b880775de10cfcd821ceaa1ff57358c9c Mon Sep 17 00:00:00 2001
From: Aske Ertmann <aske@ertmann.co>
Date: Wed, 12 Jul 2017 14:55:24 -0400
Subject: [PATCH 2/2] FEATURE: Add isWithoutCollection condition to
 AssetCondition

---
 .../Doctrine/AssetConditionGenerator.php      |  8 ++++
 ...thoutAssetCollectionConditionGenerator.php | 37 +++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetWithoutAssetCollectionConditionGenerator.php

diff --git a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php
index f708e44..9e7c6a4 100644
--- a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php
+++ b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetConditionGenerator.php
@@ -66,4 +66,12 @@ public function isInCollection($collectionTitle)
         return new AssetAssetCollectionConditionGenerator($collectionTitle);
     }
 
+    /**
+     * @return AssetWithoutAssetCollectionConditionGenerator
+     */
+    public function isWithoutCollection()
+    {
+        return new AssetWithoutAssetCollectionConditionGenerator();
+    }
+
 }
\ No newline at end of file
diff --git a/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetWithoutAssetCollectionConditionGenerator.php b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetWithoutAssetCollectionConditionGenerator.php
new file mode 100644
index 0000000..1007a35
--- /dev/null
+++ b/Classes/Wwwision/AssetConstraints/Security/Authorization/Privilege/Doctrine/AssetWithoutAssetCollectionConditionGenerator.php
@@ -0,0 +1,37 @@
+<?php
+namespace Wwwision\AssetConstraints\Security\Authorization\Privilege\Doctrine;
+
+use Doctrine\Common\Persistence\Mapping\ClassMetadata;
+use Doctrine\Common\Persistence\ObjectManager;
+use Doctrine\ORM\Query\Filter\SQLFilter as DoctrineSqlFilter;
+use TYPO3\Flow\Annotations as Flow;
+use TYPO3\Flow\Security\Authorization\Privilege\Entity\Doctrine\SqlGeneratorInterface;
+
+/**
+ * Condition generator covering Asset >-< AssetCollection relations (M:M relations are not supported by the Flow PropertyConditionGenerator yet)
+ */
+class AssetWithoutAssetCollectionConditionGenerator implements SqlGeneratorInterface
+{
+
+    /**
+     * @Flow\Inject
+     * @var ObjectManager
+     */
+    protected $entityManager;
+
+    /**
+     * @param DoctrineSqlFilter $sqlFilter
+     * @param ClassMetadata $targetEntity Metadata object for the target entity to create the constraint for
+     * @param string $targetTableAlias The target table alias used in the current query
+     * @return string
+     */
+    public function getSql(DoctrineSqlFilter $sqlFilter, ClassMetadata $targetEntity, $targetTableAlias)
+    {
+        $sql = $targetTableAlias . '.persistence_object_identifier IN (
+            SELECT ' . $targetTableAlias . '_a.persistence_object_identifier
+            FROM typo3_media_domain_model_asset AS ' . $targetTableAlias . '_a
+            LEFT JOIN typo3_media_domain_model_assetcollection_assets_join ' . $targetTableAlias . '_acj ON ' . $targetTableAlias . '_a.persistence_object_identifier = ' . $targetTableAlias . '_acj.media_asset
+            WHERE ' . $targetTableAlias . '_acj.media_asset IS NULL)';
+        return $sql;
+    }
+}
\ No newline at end of file