Added "own cases" permission and access check

Works for when viewing a single case, not for view yet though.
2018-07-09 13:21:52 +02:00 · 2018-07-09 13:21:52 +02:00 · 351bdb5afd
parent 2a31b1c8ce
commit 351bdb5afd
4 changed files with 33 additions and 4 deletions
--- a/modules/opencase_defaults/config/optional/user.role.caseworker.yml
+++ b/modules/opencase_defaults/config/optional/user.role.caseworker.yml
@ -10,7 +10,8 @@ permissions:
  - 'add case entities'
  - 'add client entities'
  - 'delete activity entities'
-  - 'delete case entities'
+  - 'view own cases'
+  - 'edit own cases'
  - 'delete client entities'
  - 'edit client entities'
  - 'view published client entities'
--- a/modules/opencase_entities/opencase_entities.permissions.yml
+++ b/modules/opencase_entities/opencase_entities.permissions.yml
@ -78,11 +78,20 @@ edit case entities:
  title: 'Edit Case entities'

 view published case entities:
-  title: 'View published Case entities'
+  title: 'View all cases'
+  description: 'Even those which they user is not involved in.'

 view unpublished case entities:
  title: 'View unpublished Case entities'

+view own cases:
+  title: 'View cases they are involved in'
+  description: "Allow to access cases in which the user's linked actor is an involved party."
+
+edit own cases:
+  title: 'Edit cases they are involved in'
+  description: "Allow to edit cases in which the user's linked actor is an involved party."
+
 view all case revisions:
  title: 'View all Case revisions'

--- a/modules/opencase_entities/src/CaseInvolvement.php
+++ b/modules/opencase_entities/src/CaseInvolvement.php
@ -0,0 +1,16 @@
+<?php
+
+namespace Drupal\opencase_entities;
+
+class CaseInvolvement {
+
+  private function getLinkedActorId($userId) {
+    return \Drupal\user\Entity\User::load($userId)->get('field_linked_opencase_actor')->target_id;
+  }
+
+  public function userIsInvolved($account, $case) {
+    $actorId = $this->getLinkedActorId($account->id());        
+    $involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
+    return in_array($actorId, $involvedIds);
+  }
+}
--- a/modules/opencase_entities/src/OCCaseAccessControlHandler.php
+++ b/modules/opencase_entities/src/OCCaseAccessControlHandler.php
@ -6,6 +6,7 @@ use Drupal\Core\Entity\EntityAccessControlHandler;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Access\AccessResult;
+use Drupal\opencase_entities\CaseInvolvement;

 /**
 * Access controller for the Case entity.
@ -24,8 +25,10 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
        if (!$entity->isPublished()) {
          return AccessResult::allowedIfHasPermission($account, 'view unpublished case entities');
        }
-        return AccessResult::allowedIfHasPermission($account, 'view published case entities');
-
+        return AccessResult::allowedIf(
+            $account->hasPermission('view published case entities')
+            || (new CaseInvolvement())->userIsInvolved($account, $entity)
+        );
      case 'update':
        return AccessResult::allowedIfHasPermission($account, 'edit case entities');