Added permissions for client and volunteers

Plus permission to see just their involvement in cases
2018-05-08 15:41:02 +02:00 · 2018-05-08 15:41:02 +02:00 · 7dba72ef66
parent 1eb54e69e5
commit 7dba72ef66
2 changed files with 73 additions and 26 deletions
--- a/modules/opencase_entities/opencase_entities.permissions.yml
+++ b/modules/opencase_entities/opencase_entities.permissions.yml
@ -1,33 +1,66 @@
 add actor entities:
  title: 'Create new Actor entities'
 administer actor entities:
  title: 'Administer Actor entities'
  description: 'Allow to access the administration form to configure Actor entities.'
  restrict access: true
-delete actor entities:
+view client involvement in cases:
-  title: 'Delete Actor entities'
+  title: 'View Client Involvement in Cases (see their name, but nothing else)'
-edit actor entities:
+add client entities:
-  title: 'Edit Actor entities'
+  title: 'Create new Client entities'
-view published actor entities:
+delete client entities:
-  title: 'View published Actor entities'
+  title: 'Delete Client entities'
-view unpublished actor entities:
+edit client entities:
-  title: 'View unpublished Actor entities'
+  title: 'Edit Client entities'
-view all actor revisions:
+view published client entities:
-  title: 'View all Actor revisions'
+  title: 'View published Client entities'
-revert all actor revisions:
+view unpublished client entities:
-  title: 'Revert all Actor revisions'
+  title: 'View unpublished Client entities'
-  description: 'Role requires permission <em>view Actor revisions</em> and <em>edit rights</em> for actor entities in question or <em>administer actor entities</em>.'
+
 view all client revisions:
  title: 'View all Client revisions'
 revert all client revisions:
  title: 'Revert all Client revisions'
  description: 'Role requires permission <em>view Client revisions</em> and <em>edit rights</em> for client entities in question or <em>administer client entities</em>.'
 delete all client revisions:
  title: 'Delete all Client revisions'
  description: 'Role requires permission to <em>view Client revisions</em> and <em>delete rights</em> for client entities in question or <em>administer client entities</em>.'
 view volunteer involvement in cases:
  title: 'View Volunteer Involvement in Cases (see their name, but nothing else)'
 add volunteer entities:
  title: 'Create new Volunteer entities'
 delete volunteer entities:
  title: 'Delete Volunteer entities'
 edit volunteer entities:
  title: 'Edit Volunteer entities'
 view published volunteer entities:
  title: 'View published Volunteer entities'
 view unpublished volunteer entities:
  title: 'View unpublished Volunteer entities'
 view all volunteer revisions:
  title: 'View all Volunteer revisions'
 revert all volunteer revisions:
  title: 'Revert all Volunteer revisions'
  description: 'Role requires permission <em>view Volunteer revisions</em> and <em>edit rights</em> for volunteer entities in question or <em>administer volunteer entities</em>.'
 delete all volunteer revisions:
  title: 'Delete all Volunteer revisions'
  description: 'Role requires permission to <em>view Volunteer revisions</em> and <em>delete rights</em> for volunteer entities in question or <em>administer volunteer entities</em>.'
 delete all actor revisions:
  title: 'Delete all revisions'
  description: 'Role requires permission to <em>view Actor revisions</em> and <em>delete rights</em> for actor entities in question or <em>administer actor entities</em>.'
 add case entities:
  title: 'Create new Case entities'
--- a/modules/opencase_entities/src/OCActorAccessControlHandler.php
+++ b/modules/opencase_entities/src/OCActorAccessControlHandler.php
@ -16,21 +16,34 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {
  /**
   * {@inheritdoc}
   * Permissions are assigned by bundle.
   * 
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    /** @var \Drupal\opencase_entities\Entity\OCActorInterface $entity */
    $bundle = $entity->bundle();
    $route_name = \Drupal::routeMatch()->getRouteName();
    $case_routes = ['entity.oc_case.canonical', 'entity.oc_case.edit_form', 'view.cases.page_1'];
    $is_case_context = in_array($route_name, $case_routes);
    switch ($operation) {
      case 'view':
        if (!$entity->isPublished()) {
-          return AccessResult::allowedIfHasPermission($account, 'view unpublished actor entities');
+          return AccessResult::allowedIfallowedIf(
            $account->hasPermission("view unpublished $bundle entities")
            or ($is_case_context && $account->hasPermission("view unpublished $bundle entities"))
          );
        }
-        return AccessResult::allowedIfHasPermission($account, 'view published actor entities');
+        return AccessResult::allowedIf(
          $account->hasPermission("view published $bundle entities")
          or ($is_case_context && $account->hasPermission("view $bundle involvement in cases"))
        );
-      case 'update':
+      case "update":
-        return AccessResult::allowedIfHasPermission($account, 'edit actor entities');
+        return AccessResult::allowedIfHasPermission($account, "edit $bundle entities");
-      case 'delete':
+      case "delete":
-        return AccessResult::allowedIfHasPermission($account, 'delete actor entities');
+        return AccessResult::allowedIfHasPermission($account, "delete $bundle entities");
    }
    // Unknown operation, no opinion.
@ -41,7 +54,8 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
-    return AccessResult::allowedIfHasPermission($account, 'add actor entities');
+    $bundle = $entity->bundle();
    return AccessResult::allowedIfHasPermission($account, "add $bundle entities");
  }
 }