Authenticated user can see cases they are a provider for.
This commit is contained in:
parent
f39f4a331d
commit
7c3b007ff9
|
|
@ -147,14 +147,6 @@ td.views-field {
|
|||
font-weight: bold !important;
|
||||
}
|
||||
|
||||
/* Styling for grouped views */
|
||||
table.views-table.views-view-table caption {
|
||||
text-align: left;
|
||||
margin-bottom: 1em;
|
||||
margin-top: 2em;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
/* remove "details" accordion, see https://drupal.stackexchange.com/questions/294312/why-has-this-details-accordion-appeared-in-this-view */
|
||||
.views-table details {
|
||||
display: none;
|
||||
|
|
|
|||
|
|
@ -59,7 +59,3 @@ revert all case fee revisions:
|
|||
delete all case fee revisions:
|
||||
title: 'Delete all revisions'
|
||||
description: 'Role requires permission to <em>view Case Fee revisions</em> and <em>delete rights</em> for case fee entities in question or <em>administer case fee entities</em>.'
|
||||
|
||||
permission_callbacks:
|
||||
- \Drupal\opencase_cases\OCCaseFeePermissions::generatePermissions
|
||||
- \Drupal\opencase_cases\OCCaseProvisionPermissions::generatePermissions
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ class CaseInvolvement {
|
|||
public static function userIsInvolved($account, $case) {
|
||||
$actorId = self::getLinkedActorId($account);
|
||||
$query = \Drupal::entityQuery('oc_case_provision')
|
||||
->condition('provider', $actorId)
|
||||
->condition('case', $case);
|
||||
->condition('oc_provider', $actorId)
|
||||
->condition('oc_case', $case->id());
|
||||
$results = $query->execute();
|
||||
return !empty($results);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
|
|||
case 'update': // you can edit the case only if a) you can see it and b) you have the permission to edit cases.
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('edit case entities')
|
||||
&& ($account->hasPermission('view published case entities') || CaseInvolvement::userIsInvolved($account, $entity))
|
||||
);
|
||||
case 'delete': // you can delete the case only if a) you can see it and b) you have the permission to delete cases.
|
||||
return AccessResult::allowedIf(
|
||||
|
|
|
|||
|
|
@ -1,8 +1,4 @@
|
|||
|
||||
permission_callbacks:
|
||||
- \Drupal\opencase_entities\OCOrganisationPermissions::generatePermissions
|
||||
- \Drupal\opencase_entities\OCEventPermissions::generatePermissions
|
||||
- Drupal\opencase_entities\OpenCaseEntityPermissions::permissions
|
||||
|
||||
view edit delete all actor entities:
|
||||
title: 'View/Edit/Delete all types of people'
|
||||
|
|
|
|||
|
|
@ -26,12 +26,12 @@ class OCActivityAccessControlHandler extends EntityAccessControlHandler {
|
|||
}
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('view published case entities') // activity permissions are inherited from case
|
||||
|| $entity->owner()->id() == $account->id();
|
||||
|| $entity->getOwner()->id() == $account->id()
|
||||
);
|
||||
case 'update': // allowed only if a) they can see the case the activity is on and b) they can edit activities
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('edit activity entities') // activity permissions are inherited from case
|
||||
|| $entity->owner()->id() == $account->id();
|
||||
|| $entity->getOwner()->id() == $account->id()
|
||||
);
|
||||
case 'delete': // allowed only if a) they can see the case the activity is on and b) they can delete activities
|
||||
return AccessResult::allowedIf(
|
||||
|
|
|
|||
Reference in New Issue