opencase/modules/opencase_entities/src/OCCaseAccessControlHandler.php

<?php

namespace Drupal\opencase_entities;

use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\opencase_entities\CaseInvolvement;

/**
 * Access controller for the Case entity.
 *
 * @see \Drupal\opencase_entities\Entity\OCCase.
 */
class OCCaseAccessControlHandler extends EntityAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    /** @var \Drupal\opencase_entities\Entity\OCCaseInterface $entity */
    switch ($operation) {
      case 'view':
        if (!$entity->isPublished()) {
          return AccessResult::allowedIfHasPermission($account, 'view unpublished case entities');
        }
        return AccessResult::allowedIf(
            $account->hasPermission('view published case entities')
            || CaseInvolvement::userIsInvolved($account, $entity)
        );
      case 'update':   // you can edit the case only if a) you can see it and b) you have the permission to edit cases.
        return AccessResult::allowedIf(
            $account->hasPermission('edit case entities')
            && ($account->hasPermission('view published case entities') || CaseInvolvement::userIsInvolved($account, $entity))
        );
      case 'delete':
        return AccessResult::allowedIfHasPermission($account, 'delete case entities');
    }

    // Unknown operation, no opinion.
    return AccessResult::neutral();
  }

  /**
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermission($account, 'add case entities');
  }

}
Made Actor, Activity and Case entities 2018-04-29 11:58:46 +00:00			`<?php`

			`namespace Drupal\opencase_entities;`

			`use Drupal\Core\Entity\EntityAccessControlHandler;`
			`use Drupal\Core\Entity\EntityInterface;`
			`use Drupal\Core\Session\AccountInterface;`
			`use Drupal\Core\Access\AccessResult;`
Added "own cases" permission and access check Works for when viewing a single case, not for view yet though. 2018-07-09 11:21:52 +00:00			`use Drupal\opencase_entities\CaseInvolvement;`
Made Actor, Activity and Case entities 2018-04-29 11:58:46 +00:00
			`/**`
			`* Access controller for the Case entity.`
			`*`
			`* @see \Drupal\opencase_entities\Entity\OCCase.`
			`*/`
			`class OCCaseAccessControlHandler extends EntityAccessControlHandler {`

			`/**`
			`* {@inheritdoc}`
			`*/`
			`protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {`
			`/** @var \Drupal\opencase_entities\Entity\OCCaseInterface $entity */`
			`switch ($operation) {`
			`case 'view':`
			`if (!$entity->isPublished()) {`
			`return AccessResult::allowedIfHasPermission($account, 'view unpublished case entities');`
			`}`
Added "own cases" permission and access check Works for when viewing a single case, not for view yet though. 2018-07-09 11:21:52 +00:00			`return AccessResult::allowedIf(`
			`$account->hasPermission('view published case entities')`
Case views are now filtered by user involvement unless the user has the see all cases permission 2018-07-09 17:36:47 +00:00			`\|\| CaseInvolvement::userIsInvolved($account, $entity)`
Added "own cases" permission and access check Works for when viewing a single case, not for view yet though. 2018-07-09 11:21:52 +00:00			`);`
Added access control for viewing activity Can only view activity if involved in the case. 2018-07-19 13:10:02 +00:00			`case 'update': // you can edit the case only if a) you can see it and b) you have the permission to edit cases.`
Removed the "view own cases" permission Now everyone sees cases they are involved in, they don't need a special perm. 2018-07-09 18:26:11 +00:00			`return AccessResult::allowedIf(`
Added access control for viewing activity Can only view activity if involved in the case. 2018-07-19 13:10:02 +00:00			`$account->hasPermission('edit case entities')`
			`&& ($account->hasPermission('view published case entities') \|\| CaseInvolvement::userIsInvolved($account, $entity))`
Removed the "view own cases" permission Now everyone sees cases they are involved in, they don't need a special perm. 2018-07-09 18:26:11 +00:00			`);`
Made Actor, Activity and Case entities 2018-04-29 11:58:46 +00:00			`case 'delete':`
			`return AccessResult::allowedIfHasPermission($account, 'delete case entities');`
			`}`

			`// Unknown operation, no opinion.`
			`return AccessResult::neutral();`
			`}`

			`/**`
			`* {@inheritdoc}`
			`*/`
			`protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {`
			`return AccessResult::allowedIfHasPermission($account, 'add case entities');`
			`}`

			`}`