Added "own cases" permission and access check
Works for when viewing a single case, not for view yet though.
This commit is contained in:
parent
2a31b1c8ce
commit
351bdb5afd
@ -10,7 +10,8 @@ permissions:
|
|||||||
- 'add case entities'
|
- 'add case entities'
|
||||||
- 'add client entities'
|
- 'add client entities'
|
||||||
- 'delete activity entities'
|
- 'delete activity entities'
|
||||||
- 'delete case entities'
|
- 'view own cases'
|
||||||
|
- 'edit own cases'
|
||||||
- 'delete client entities'
|
- 'delete client entities'
|
||||||
- 'edit client entities'
|
- 'edit client entities'
|
||||||
- 'view published client entities'
|
- 'view published client entities'
|
||||||
|
@ -78,11 +78,20 @@ edit case entities:
|
|||||||
title: 'Edit Case entities'
|
title: 'Edit Case entities'
|
||||||
|
|
||||||
view published case entities:
|
view published case entities:
|
||||||
title: 'View published Case entities'
|
title: 'View all cases'
|
||||||
|
description: 'Even those which they user is not involved in.'
|
||||||
|
|
||||||
view unpublished case entities:
|
view unpublished case entities:
|
||||||
title: 'View unpublished Case entities'
|
title: 'View unpublished Case entities'
|
||||||
|
|
||||||
|
view own cases:
|
||||||
|
title: 'View cases they are involved in'
|
||||||
|
description: "Allow to access cases in which the user's linked actor is an involved party."
|
||||||
|
|
||||||
|
edit own cases:
|
||||||
|
title: 'Edit cases they are involved in'
|
||||||
|
description: "Allow to edit cases in which the user's linked actor is an involved party."
|
||||||
|
|
||||||
view all case revisions:
|
view all case revisions:
|
||||||
title: 'View all Case revisions'
|
title: 'View all Case revisions'
|
||||||
|
|
||||||
|
16
modules/opencase_entities/src/CaseInvolvement.php
Normal file
16
modules/opencase_entities/src/CaseInvolvement.php
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Drupal\opencase_entities;
|
||||||
|
|
||||||
|
class CaseInvolvement {
|
||||||
|
|
||||||
|
private function getLinkedActorId($userId) {
|
||||||
|
return \Drupal\user\Entity\User::load($userId)->get('field_linked_opencase_actor')->target_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function userIsInvolved($account, $case) {
|
||||||
|
$actorId = $this->getLinkedActorId($account->id());
|
||||||
|
$involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
|
||||||
|
return in_array($actorId, $involvedIds);
|
||||||
|
}
|
||||||
|
}
|
@ -6,6 +6,7 @@ use Drupal\Core\Entity\EntityAccessControlHandler;
|
|||||||
use Drupal\Core\Entity\EntityInterface;
|
use Drupal\Core\Entity\EntityInterface;
|
||||||
use Drupal\Core\Session\AccountInterface;
|
use Drupal\Core\Session\AccountInterface;
|
||||||
use Drupal\Core\Access\AccessResult;
|
use Drupal\Core\Access\AccessResult;
|
||||||
|
use Drupal\opencase_entities\CaseInvolvement;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Access controller for the Case entity.
|
* Access controller for the Case entity.
|
||||||
@ -24,8 +25,10 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
|
|||||||
if (!$entity->isPublished()) {
|
if (!$entity->isPublished()) {
|
||||||
return AccessResult::allowedIfHasPermission($account, 'view unpublished case entities');
|
return AccessResult::allowedIfHasPermission($account, 'view unpublished case entities');
|
||||||
}
|
}
|
||||||
return AccessResult::allowedIfHasPermission($account, 'view published case entities');
|
return AccessResult::allowedIf(
|
||||||
|
$account->hasPermission('view published case entities')
|
||||||
|
|| (new CaseInvolvement())->userIsInvolved($account, $entity)
|
||||||
|
);
|
||||||
case 'update':
|
case 'update':
|
||||||
return AccessResult::allowedIfHasPermission($account, 'edit case entities');
|
return AccessResult::allowedIfHasPermission($account, 'edit case entities');
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user