Filtering queries

Filtering queries is pretty straightforward thanks to the simple architecture behind all this: there is a single ACL_Authorization table mapped to the Authorization Doctrine entity.

Filtering in a SQL query would then look like this:

SELECT article.* FROM Blog_Article article
INNER JOIN ACL_Authorization authorization
    ON authorization.entity_id =
    AND authorization.entity_class = 'Blog\\Article'
WHERE authorization.securityIdentity_id = :userId
    AND actions_edit = true

Doctrine queries

Of course what is really interesting is to filter in our Doctrine queries, and for this the ACLQueryHelper makes it very simple:

$qb = $entityManager->createQueryBuilder();

   ->from('Blog\Article', 'article');

ACLQueryHelper::joinACL($qb, $user, Actions::EDIT);

// This query will return only the articles the user can edit
$articles = $qb->getQuery()->getResult();

This will generate the following DQL query:

SELECT article FROM Blog\Article article
INNER JOIN MyCLabs\ACL\Model\Authorization authorization
    WITH authorization.entityId =
WHERE authorization.entityClass = 'Blog\\Article'
    AND authorization.securityIdentity = :user
    AND authorization.actions.edit = true

You can of course combine ACLQueryHelper::joinACL() with additional filtering on the query builder. Unless you are writing some weird queries, the filtering should work as expected since it's a simple JOIN and WHERE.