Added "own cases" permission and access check

Works for when viewing a single case, not for view yet though.
This commit is contained in:
naomi 2018-07-09 13:21:52 +02:00
parent 2a31b1c8ce
commit 351bdb5afd
4 changed files with 33 additions and 4 deletions

View File

@ -10,7 +10,8 @@ permissions:
- 'add case entities'
- 'add client entities'
- 'delete activity entities'
- 'delete case entities'
- 'view own cases'
- 'edit own cases'
- 'delete client entities'
- 'edit client entities'
- 'view published client entities'

View File

@ -78,11 +78,20 @@ edit case entities:
title: 'Edit Case entities'
view published case entities:
title: 'View published Case entities'
title: 'View all cases'
description: 'Even those which they user is not involved in.'
view unpublished case entities:
title: 'View unpublished Case entities'
view own cases:
title: 'View cases they are involved in'
description: "Allow to access cases in which the user's linked actor is an involved party."
edit own cases:
title: 'Edit cases they are involved in'
description: "Allow to edit cases in which the user's linked actor is an involved party."
view all case revisions:
title: 'View all Case revisions'

View File

@ -0,0 +1,16 @@
<?php
namespace Drupal\opencase_entities;
class CaseInvolvement {
private function getLinkedActorId($userId) {
return \Drupal\user\Entity\User::load($userId)->get('field_linked_opencase_actor')->target_id;
}
public function userIsInvolved($account, $case) {
$actorId = $this->getLinkedActorId($account->id());
$involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
return in_array($actorId, $involvedIds);
}
}

View File

@ -6,6 +6,7 @@ use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\opencase_entities\CaseInvolvement;
/**
* Access controller for the Case entity.
@ -24,8 +25,10 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
if (!$entity->isPublished()) {
return AccessResult::allowedIfHasPermission($account, 'view unpublished case entities');
}
return AccessResult::allowedIfHasPermission($account, 'view published case entities');
return AccessResult::allowedIf(
$account->hasPermission('view published case entities')
|| (new CaseInvolvement())->userIsInvolved($account, $entity)
);
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit case entities');