autonomic-cooperative/opencase
Archived
0
0
Fork 0
Code Issues 43 Pull Requests Releases Wiki Activity

Added 'view label' access bypass to actors

Browse Source 
Was therefore able to get rid of the "view volunteer involvement in cases" stuff which was complicated
This commit is contained in:
naomi
2018-07-09 20:15:16 +02:00
parent c729750705
commit 910350699d
2 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/opencase_entities/opencase_entities.permissions.yml
View File

@ -33,10 +33,6 @@ delete all client revisions:
title: 'Delete all Client revisions'
description: 'Role requires permission to <em>view Client revisions</em> and <em>delete rights</em> for client entities in question or <em>administer client entities</em>.'
view volunteer involvement in cases:
title: 'View names of Volunteers involved in Cases'
description: "When viewing a case record, they can see the names of the volunteers involved, but cannot click through to volunteer's details."
add volunteer entities:
title: 'Create new Volunteer entities'

12
modules/opencase_entities/src/OCActorAccessControlHandler.php
View File

@ -14,6 +14,9 @@ use Drupal\Core\Access\AccessResult;
*/
class OCActorAccessControlHandler extends EntityAccessControlHandler {
protected $viewLabelOperation = TRUE;
/**
* {@inheritdoc}
* Permissions are assigned by bundle.
@ -22,21 +25,18 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\opencase_entities\Entity\OCActorInterface $entity */
$bundle = $entity->bundle();
$route_name = \Drupal::routeMatch()->getRouteName();
$case_routes = ['entity.oc_case.canonical', 'entity.oc_case.edit_form', 'view.cases.page_1', 'entity.oc_case.add_form'];
$is_case_context = in_array($route_name, $case_routes);
switch ($operation) {
case 'view label':
return AccessResult::allowed();
case 'view':
if (!$entity->isPublished()) {
return AccessResult::allowedIf(
$account->hasPermission("view unpublished $bundle entities")
or ($is_case_context && $account->hasPermission("view unpublished $bundle entities"))
);
}
return AccessResult::allowedIf(
$account->hasPermission("view published $bundle entities")
or ($is_case_context && $account->hasPermission("view $bundle involvement in cases"))
);
case "update":