Added permissions for client and volunteers

Plus permission to see just their involvement in cases
2018-05-08 15:41:02 +02:00 · 2018-05-08 15:41:02 +02:00 · 7dba72ef66
parent 1eb54e69e5
commit 7dba72ef66
2 changed files with 73 additions and 26 deletions
--- a/modules/opencase_entities/opencase_entities.permissions.yml
+++ b/modules/opencase_entities/opencase_entities.permissions.yml
@ -1,33 +1,66 @@
-add actor entities:
-  title: 'Create new Actor entities'
-
 administer actor entities:
  title: 'Administer Actor entities'
  description: 'Allow to access the administration form to configure Actor entities.'
  restrict access: true

-delete actor entities:
-  title: 'Delete Actor entities'
+view client involvement in cases:
+  title: 'View Client Involvement in Cases (see their name, but nothing else)'

-edit actor entities:
-  title: 'Edit Actor entities'
+add client entities:
+  title: 'Create new Client entities'

-view published actor entities:
-  title: 'View published Actor entities'
+delete client entities:
+  title: 'Delete Client entities'

-view unpublished actor entities:
-  title: 'View unpublished Actor entities'
+edit client entities:
+  title: 'Edit Client entities'

-view all actor revisions:
-  title: 'View all Actor revisions'
+view published client entities:
+  title: 'View published Client entities'

-revert all actor revisions:
-  title: 'Revert all Actor revisions'
-  description: 'Role requires permission <em>view Actor revisions</em> and <em>edit rights</em> for actor entities in question or <em>administer actor entities</em>.'
+view unpublished client entities:
+  title: 'View unpublished Client entities'
+
+view all client revisions:
+  title: 'View all Client revisions'
+
+revert all client revisions:
+  title: 'Revert all Client revisions'
+  description: 'Role requires permission <em>view Client revisions</em> and <em>edit rights</em> for client entities in question or <em>administer client entities</em>.'
+
+delete all client revisions:
+  title: 'Delete all Client revisions'
+  description: 'Role requires permission to <em>view Client revisions</em> and <em>delete rights</em> for client entities in question or <em>administer client entities</em>.'
+
+view volunteer involvement in cases:
+  title: 'View Volunteer Involvement in Cases (see their name, but nothing else)'
+
+add volunteer entities:
+  title: 'Create new Volunteer entities'
+
+delete volunteer entities:
+  title: 'Delete Volunteer entities'
+
+edit volunteer entities:
+  title: 'Edit Volunteer entities'
+
+view published volunteer entities:
+  title: 'View published Volunteer entities'
+
+view unpublished volunteer entities:
+  title: 'View unpublished Volunteer entities'
+
+view all volunteer revisions:
+  title: 'View all Volunteer revisions'
+
+revert all volunteer revisions:
+  title: 'Revert all Volunteer revisions'
+  description: 'Role requires permission <em>view Volunteer revisions</em> and <em>edit rights</em> for volunteer entities in question or <em>administer volunteer entities</em>.'
+
+delete all volunteer revisions:
+  title: 'Delete all Volunteer revisions'
+  description: 'Role requires permission to <em>view Volunteer revisions</em> and <em>delete rights</em> for volunteer entities in question or <em>administer volunteer entities</em>.'

-delete all actor revisions:
-  title: 'Delete all revisions'
-  description: 'Role requires permission to <em>view Actor revisions</em> and <em>delete rights</em> for actor entities in question or <em>administer actor entities</em>.'
 add case entities:
  title: 'Create new Case entities'

--- a/modules/opencase_entities/src/OCActorAccessControlHandler.php
+++ b/modules/opencase_entities/src/OCActorAccessControlHandler.php
@ -16,21 +16,34 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {

  /**
   * {@inheritdoc}
+   * Permissions are assigned by bundle.
+   * 
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    /** @var \Drupal\opencase_entities\Entity\OCActorInterface $entity */
+    $bundle = $entity->bundle();
+    $route_name = \Drupal::routeMatch()->getRouteName();
+    $case_routes = ['entity.oc_case.canonical', 'entity.oc_case.edit_form', 'view.cases.page_1'];
+    $is_case_context = in_array($route_name, $case_routes);
+
    switch ($operation) {
      case 'view':
        if (!$entity->isPublished()) {
-          return AccessResult::allowedIfHasPermission($account, 'view unpublished actor entities');
+          return AccessResult::allowedIfallowedIf(
+            $account->hasPermission("view unpublished $bundle entities")
+            or ($is_case_context && $account->hasPermission("view unpublished $bundle entities"))
+          );
        }
-        return AccessResult::allowedIfHasPermission($account, 'view published actor entities');
+        return AccessResult::allowedIf(
+          $account->hasPermission("view published $bundle entities")
+          or ($is_case_context && $account->hasPermission("view $bundle involvement in cases"))
+        );

-      case 'update':
-        return AccessResult::allowedIfHasPermission($account, 'edit actor entities');
+      case "update":
+        return AccessResult::allowedIfHasPermission($account, "edit $bundle entities");

-      case 'delete':
-        return AccessResult::allowedIfHasPermission($account, 'delete actor entities');
+      case "delete":
+        return AccessResult::allowedIfHasPermission($account, "delete $bundle entities");
    }

    // Unknown operation, no opinion.
@ -41,7 +54,8 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
-    return AccessResult::allowedIfHasPermission($account, 'add actor entities');
+    $bundle = $entity->bundle();
+    return AccessResult::allowedIfHasPermission($account, "add $bundle entities");
  }

 }