autonomic-cooperative/opencase
Archived
0
0
Fork 0
Code Issues 43 Pull Requests Releases Wiki Activity

Authenticated user can see cases they are a provider for.

Browse Source
This commit is contained in:
naomi
2022-01-20 14:48:53 +00:00
parent f39f4a331d
commit 7c3b007ff9
6 changed files with 4 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/opencase_entities/src/OCActivityAccessControlHandler.php
View File

@ -26,12 +26,12 @@ class OCActivityAccessControlHandler extends EntityAccessControlHandler {
}
return AccessResult::allowedIf(
$account->hasPermission('view published case entities') // activity permissions are inherited from case
|| $entity->owner()->id() == $account->id();
|| $entity->getOwner()->id() == $account->id()
);
case 'update': // allowed only if a) they can see the case the activity is on and b) they can edit activities
return AccessResult::allowedIf(
$account->hasPermission('edit activity entities') // activity permissions are inherited from case
|| $entity->owner()->id() == $account->id();
|| $entity->getOwner()->id() == $account->id()
);
case 'delete': // allowed only if a) they can see the case the activity is on and b) they can delete activities
return AccessResult::allowedIf(