From a267e222b8364a2a0c8c9b7724bee467dfe1b07d Mon Sep 17 00:00:00 2001 From: naomi Date: Mon, 9 Jul 2018 20:26:11 +0200 Subject: [PATCH] Removed the "view own cases" permission Now everyone sees cases they are involved in, they don't need a special perm. --- .../config/optional/user.role.caseworker.yml | 2 -- modules/opencase_entities/opencase_entities.module | 10 ++++------ .../opencase_entities.permissions.yml | 8 -------- .../src/OCCaseAccessControlHandler.php | 6 ++++-- 4 files changed, 8 insertions(+), 18 deletions(-) diff --git a/modules/opencase_defaults/config/optional/user.role.caseworker.yml b/modules/opencase_defaults/config/optional/user.role.caseworker.yml index 8acf596..091cbe3 100644 --- a/modules/opencase_defaults/config/optional/user.role.caseworker.yml +++ b/modules/opencase_defaults/config/optional/user.role.caseworker.yml @@ -10,8 +10,6 @@ permissions: - 'add case entities' - 'add client entities' - 'delete activity entities' - - 'view own cases' - - 'edit own cases' - 'delete client entities' - 'edit client entities' - 'view published client entities' diff --git a/modules/opencase_entities/opencase_entities.module b/modules/opencase_entities/opencase_entities.module index 4d44380..cef0ffe 100644 --- a/modules/opencase_entities/opencase_entities.module +++ b/modules/opencase_entities/opencase_entities.module @@ -122,10 +122,8 @@ function opencase_views_query_alter(Drupal\views\ViewExecutable $view, $query) { function opencase_query_oc_case_access_alter($query) { if (\Drupal::currentUser()->hasPermission('view published case entities')) { return; - } elseif (\Drupal::currentUser()->hasPermission('view own cases')) { - $linked_actor_id = CaseInvolvement::getLinkedActorId(\Drupal::currentUser()); - $query->addJoin('INNER', 'oc_case__actors_involved', 'access_filter', 'access_filter.entity_id = oc_case_field_data.id'); - $query->condition('access_filter.actors_involved_target_id', $linked_actor_id); - return $query; - } + } + $linked_actor_id = CaseInvolvement::getLinkedActorId(\Drupal::currentUser()); + $query->addJoin('INNER', 'oc_case__actors_involved', 'access_filter', 'access_filter.entity_id = oc_case_field_data.id'); + $query->condition('access_filter.actors_involved_target_id', $linked_actor_id); } diff --git a/modules/opencase_entities/opencase_entities.permissions.yml b/modules/opencase_entities/opencase_entities.permissions.yml index 101d899..5f47851 100644 --- a/modules/opencase_entities/opencase_entities.permissions.yml +++ b/modules/opencase_entities/opencase_entities.permissions.yml @@ -80,14 +80,6 @@ view published case entities: view unpublished case entities: title: 'View unpublished Case entities' -view own cases: - title: 'View cases they are involved in' - description: "Allow to access cases in which the user's linked actor is an involved party." - -edit own cases: - title: 'Edit cases they are involved in' - description: "Allow to edit cases in which the user's linked actor is an involved party." - view all case revisions: title: 'View all Case revisions' diff --git a/modules/opencase_entities/src/OCCaseAccessControlHandler.php b/modules/opencase_entities/src/OCCaseAccessControlHandler.php index edcacd8..1f523ca 100644 --- a/modules/opencase_entities/src/OCCaseAccessControlHandler.php +++ b/modules/opencase_entities/src/OCCaseAccessControlHandler.php @@ -30,8 +30,10 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler { || CaseInvolvement::userIsInvolved($account, $entity) ); case 'update': - return AccessResult::allowedIfHasPermission($account, 'edit case entities'); - + return AccessResult::allowedIf( + $account->hasPermission('edit published case entities') + || CaseInvolvement::userIsInvolved($account, $entity) + ); case 'delete': return AccessResult::allowedIfHasPermission($account, 'delete case entities'); }