Removed the "view own cases" permission
Now everyone sees cases they are involved in, they don't need a special perm.
This commit is contained in:
parent
910350699d
commit
a267e222b8
@ -10,8 +10,6 @@ permissions:
|
||||
- 'add case entities'
|
||||
- 'add client entities'
|
||||
- 'delete activity entities'
|
||||
- 'view own cases'
|
||||
- 'edit own cases'
|
||||
- 'delete client entities'
|
||||
- 'edit client entities'
|
||||
- 'view published client entities'
|
||||
|
@ -122,10 +122,8 @@ function opencase_views_query_alter(Drupal\views\ViewExecutable $view, $query) {
|
||||
function opencase_query_oc_case_access_alter($query) {
|
||||
if (\Drupal::currentUser()->hasPermission('view published case entities')) {
|
||||
return;
|
||||
} elseif (\Drupal::currentUser()->hasPermission('view own cases')) {
|
||||
$linked_actor_id = CaseInvolvement::getLinkedActorId(\Drupal::currentUser());
|
||||
$query->addJoin('INNER', 'oc_case__actors_involved', 'access_filter', 'access_filter.entity_id = oc_case_field_data.id');
|
||||
$query->condition('access_filter.actors_involved_target_id', $linked_actor_id);
|
||||
return $query;
|
||||
}
|
||||
}
|
||||
$linked_actor_id = CaseInvolvement::getLinkedActorId(\Drupal::currentUser());
|
||||
$query->addJoin('INNER', 'oc_case__actors_involved', 'access_filter', 'access_filter.entity_id = oc_case_field_data.id');
|
||||
$query->condition('access_filter.actors_involved_target_id', $linked_actor_id);
|
||||
}
|
||||
|
@ -80,14 +80,6 @@ view published case entities:
|
||||
view unpublished case entities:
|
||||
title: 'View unpublished Case entities'
|
||||
|
||||
view own cases:
|
||||
title: 'View cases they are involved in'
|
||||
description: "Allow to access cases in which the user's linked actor is an involved party."
|
||||
|
||||
edit own cases:
|
||||
title: 'Edit cases they are involved in'
|
||||
description: "Allow to edit cases in which the user's linked actor is an involved party."
|
||||
|
||||
view all case revisions:
|
||||
title: 'View all Case revisions'
|
||||
|
||||
|
@ -30,8 +30,10 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
|
||||
|| CaseInvolvement::userIsInvolved($account, $entity)
|
||||
);
|
||||
case 'update':
|
||||
return AccessResult::allowedIfHasPermission($account, 'edit case entities');
|
||||
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('edit published case entities')
|
||||
|| CaseInvolvement::userIsInvolved($account, $entity)
|
||||
);
|
||||
case 'delete':
|
||||
return AccessResult::allowedIfHasPermission($account, 'delete case entities');
|
||||
}
|
||||
|
Reference in New Issue
Block a user