autonomic-cooperative/opencase
Archived
0
0
Fork 0
Code Issues 43 Pull Requests Releases Wiki Activity

Added permissions for client and volunteers

Browse Source 
Plus permission to see just their involvement in cases
This commit is contained in:
naomi
2018-05-08 15:41:02 +02:00
parent 1eb54e69e5
commit 7dba72ef66
2 changed files with 73 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
modules/opencase_entities/src/OCActorAccessControlHandler.php
View File

@ -16,21 +16,34 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {
/**
* {@inheritdoc}
* Permissions are assigned by bundle.
*
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\opencase_entities\Entity\OCActorInterface $entity */
$bundle = $entity->bundle();
$route_name = \Drupal::routeMatch()->getRouteName();
$case_routes = ['entity.oc_case.canonical', 'entity.oc_case.edit_form', 'view.cases.page_1'];
$is_case_context = in_array($route_name, $case_routes);
switch ($operation) {
case 'view':
if (!$entity->isPublished()) {
return AccessResult::allowedIfHasPermission($account, 'view unpublished actor entities');
return AccessResult::allowedIfallowedIf(
$account->hasPermission("view unpublished $bundle entities")
or ($is_case_context && $account->hasPermission("view unpublished $bundle entities"))
);
}
return AccessResult::allowedIfHasPermission($account, 'view published actor entities');
return AccessResult::allowedIf(
$account->hasPermission("view published $bundle entities")
or ($is_case_context && $account->hasPermission("view $bundle involvement in cases"))
);
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit actor entities');
case "update":
return AccessResult::allowedIfHasPermission($account, "edit $bundle entities");
case 'delete':
return AccessResult::allowedIfHasPermission($account, 'delete actor entities');
case "delete":
return AccessResult::allowedIfHasPermission($account, "delete $bundle entities");
}
// Unknown operation, no opinion.
@ -41,7 +54,8 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermission($account, 'add actor entities');
$bundle = $entity->bundle();
return AccessResult::allowedIfHasPermission($account, "add $bundle entities");
}
}