Check permission on paginated overview per entity

Question

I'm using voters to check if a user has the correct permissions to perform a certain action on a entity.

CRUD actions are easy to check. But how do I check the permissions on result sets or overviews. The overviews use pagination with PagerFanta to paginate the results. Checking the results beforehand won't be possible because of performance issues. Only checking the results which have been return in pagination could lead to empty or half empty pages.

I'm thinking of putting the same validation in my repository so they only return results the users is allowed to see. But this creates code duplication because the same validation is now duplicated, once in a voter and once in a repository.

Is there a better solution to this or aren't voters the best solution for this?

Answer 1

Ah, same old "pagination with conditions" problem, now for the new age :)

(I don't think that even google have solved it, btw. Sometimes you see more pages in their pagination output, then you actually get).

Now, of course, the problem in your case is that Voter will not help you in any way, because it's not for your issue - it's used to check access on the object level, but you need to perform it on the sql/dql/query level. And the biggest difference is that, instead of returning abstain, denied or granted, your method will need to return dql conditions. So the task is separate.

What you can do, though, is to add function that will return those conditions into your voter class, and inject it into your repository. At least this way - your access logic for the same object will be in the same class.