Added 'view label' access bypass to actors

Was therefore able to get rid of the "view volunteer involvement in cases" stuff which was complicated
This commit is contained in:
naomi 2018-07-09 20:15:16 +02:00
parent c729750705
commit 910350699d
2 changed files with 6 additions and 10 deletions

View File

@ -33,10 +33,6 @@ delete all client revisions:
title: 'Delete all Client revisions' title: 'Delete all Client revisions'
description: 'Role requires permission to <em>view Client revisions</em> and <em>delete rights</em> for client entities in question or <em>administer client entities</em>.' description: 'Role requires permission to <em>view Client revisions</em> and <em>delete rights</em> for client entities in question or <em>administer client entities</em>.'
view volunteer involvement in cases:
title: 'View names of Volunteers involved in Cases'
description: "When viewing a case record, they can see the names of the volunteers involved, but cannot click through to volunteer's details."
add volunteer entities: add volunteer entities:
title: 'Create new Volunteer entities' title: 'Create new Volunteer entities'

View File

@ -14,6 +14,9 @@ use Drupal\Core\Access\AccessResult;
*/ */
class OCActorAccessControlHandler extends EntityAccessControlHandler { class OCActorAccessControlHandler extends EntityAccessControlHandler {
protected $viewLabelOperation = TRUE;
/** /**
* {@inheritdoc} * {@inheritdoc}
* Permissions are assigned by bundle. * Permissions are assigned by bundle.
@ -22,21 +25,18 @@ class OCActorAccessControlHandler extends EntityAccessControlHandler {
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\opencase_entities\Entity\OCActorInterface $entity */ /** @var \Drupal\opencase_entities\Entity\OCActorInterface $entity */
$bundle = $entity->bundle(); $bundle = $entity->bundle();
$route_name = \Drupal::routeMatch()->getRouteName();
$case_routes = ['entity.oc_case.canonical', 'entity.oc_case.edit_form', 'view.cases.page_1', 'entity.oc_case.add_form'];
$is_case_context = in_array($route_name, $case_routes);
switch ($operation) { switch ($operation) {
case 'view label':
return AccessResult::allowed();
case 'view': case 'view':
if (!$entity->isPublished()) { if (!$entity->isPublished()) {
return AccessResult::allowedIf( return AccessResult::allowedIf(
$account->hasPermission("view unpublished $bundle entities") $account->hasPermission("view unpublished $bundle entities")
or ($is_case_context && $account->hasPermission("view unpublished $bundle entities"))
); );
} }
return AccessResult::allowedIf( return AccessResult::allowedIf(
$account->hasPermission("view published $bundle entities") $account->hasPermission("view published $bundle entities")
or ($is_case_context && $account->hasPermission("view $bundle involvement in cases"))
); );
case "update": case "update":