autonomic-cooperative
/
opencase
Archived
0
0
Fork 0
Code Issues 43 Pull Requests Releases Wiki Activity

Case views are now filtered by user involvement 

unless the user has the see all cases permission
This commit is contained in:
naomi 2018-07-09 19:36:47 +02:00
parent 351bdb5afd
commit c729750705
3 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/opencase_entities/opencase_entities.module
View File

@ -6,6 +6,7 @@
*/
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\opencase_entities\CaseInvolvement;
/**
* Implements hook_help().
@ -111,3 +112,20 @@ function opencase_entities_theme_suggestions_oc_activity(array $variables) {
$suggestions[] = 'oc_activity__' . $entity->id() . '__' . $sanitized_view_mode;
return $suggestions;
}
function opencase_views_query_alter(Drupal\views\ViewExecutable $view, $query) {
if ($view->getBaseEntityType()->id() == 'oc_case') {
$query->addTag('oc_case_access');
}
}
function opencase_query_oc_case_access_alter($query) {
if (\Drupal::currentUser()->hasPermission('view published case entities')) {
return;
} elseif (\Drupal::currentUser()->hasPermission('view own cases')) {
$linked_actor_id = CaseInvolvement::getLinkedActorId(\Drupal::currentUser());
$query->addJoin('INNER', 'oc_case__actors_involved', 'access_filter', 'access_filter.entity_id = oc_case_field_data.id');
$query->condition('access_filter.actors_involved_target_id', $linked_actor_id);
return $query;
}
}

8
modules/opencase_entities/src/CaseInvolvement.php
View File

@ -4,12 +4,12 @@ namespace Drupal\opencase_entities;
class CaseInvolvement {
private function getLinkedActorId($userId) {
return \Drupal\user\Entity\User::load($userId)->get('field_linked_opencase_actor')->target_id;
public static function getLinkedActorId($account) {
return \Drupal\user\Entity\User::load($account->id())->get('field_linked_opencase_actor')->target_id;
}
public function userIsInvolved($account, $case) {
$actorId = $this->getLinkedActorId($account->id());
public static function userIsInvolved($account, $case) {
$actorId = self::getLinkedActorId($account);
$involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
return in_array($actorId, $involvedIds);
}

2
modules/opencase_entities/src/OCCaseAccessControlHandler.php
View File

@ -27,7 +27,7 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
}
return AccessResult::allowedIf(
$account->hasPermission('view published case entities')
|| (new CaseInvolvement())->userIsInvolved($account, $entity)
|| CaseInvolvement::userIsInvolved($account, $entity)
);
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit case entities');