autonomic-cooperative/opencase
Archived
0
0
Fork 0
Code Issues 43 Pull Requests Releases Wiki Activity

Case views are now filtered by user involvement

Browse Source 
unless the user has the see all cases permission
This commit is contained in:
naomi 2018-07-09 19:36:47 +02:00
parent 351bdb5afd
commit c729750705
3 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/opencase_entities/opencase_entities.module
View File

@ -6,6 +6,7 @@
*/
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\opencase_entities\CaseInvolvement;
/**
* Implements hook_help().
@ -111,3 +112,20 @@ function opencase_entities_theme_suggestions_oc_activity(array $variables) {
$suggestions[] = 'oc_activity__' . $entity->id() . '__' . $sanitized_view_mode;
return $suggestions;
}
function opencase_views_query_alter(Drupal\views\ViewExecutable $view, $query) {
if ($view->getBaseEntityType()->id() == 'oc_case') {
$query->addTag('oc_case_access');
}
}
function opencase_query_oc_case_access_alter($query) {
if (\Drupal::currentUser()->hasPermission('view published case entities')) {
return;
} elseif (\Drupal::currentUser()->hasPermission('view own cases')) {
$linked_actor_id = CaseInvolvement::getLinkedActorId(\Drupal::currentUser());
$query->addJoin('INNER', 'oc_case__actors_involved', 'access_filter', 'access_filter.entity_id = oc_case_field_data.id');
$query->condition('access_filter.actors_involved_target_id', $linked_actor_id);
return $query;
}
}

8
modules/opencase_entities/src/CaseInvolvement.php
View File

@ -4,12 +4,12 @@ namespace Drupal\opencase_entities;
class CaseInvolvement {
private function getLinkedActorId($userId) {
return \Drupal\user\Entity\User::load($userId)->get('field_linked_opencase_actor')->target_id;
public static function getLinkedActorId($account) {
return \Drupal\user\Entity\User::load($account->id())->get('field_linked_opencase_actor')->target_id;
}
public function userIsInvolved($account, $case) {
$actorId = $this->getLinkedActorId($account->id());
public static function userIsInvolved($account, $case) {
$actorId = self::getLinkedActorId($account);
$involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
return in_array($actorId, $involvedIds);
}

2
modules/opencase_entities/src/OCCaseAccessControlHandler.php
View File

@ -27,7 +27,7 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
}
return AccessResult::allowedIf(
$account->hasPermission('view published case entities')
|| (new CaseInvolvement())->userIsInvolved($account, $entity)
|| CaseInvolvement::userIsInvolved($account, $entity)
);
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit case entities');