Case views are now filtered by user involvement
unless the user has the see all cases permission
This commit is contained in:
parent
351bdb5afd
commit
c729750705
@ -6,6 +6,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
use Drupal\Core\Routing\RouteMatchInterface;
|
use Drupal\Core\Routing\RouteMatchInterface;
|
||||||
|
use Drupal\opencase_entities\CaseInvolvement;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements hook_help().
|
* Implements hook_help().
|
||||||
@ -111,3 +112,20 @@ function opencase_entities_theme_suggestions_oc_activity(array $variables) {
|
|||||||
$suggestions[] = 'oc_activity__' . $entity->id() . '__' . $sanitized_view_mode;
|
$suggestions[] = 'oc_activity__' . $entity->id() . '__' . $sanitized_view_mode;
|
||||||
return $suggestions;
|
return $suggestions;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function opencase_views_query_alter(Drupal\views\ViewExecutable $view, $query) {
|
||||||
|
if ($view->getBaseEntityType()->id() == 'oc_case') {
|
||||||
|
$query->addTag('oc_case_access');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function opencase_query_oc_case_access_alter($query) {
|
||||||
|
if (\Drupal::currentUser()->hasPermission('view published case entities')) {
|
||||||
|
return;
|
||||||
|
} elseif (\Drupal::currentUser()->hasPermission('view own cases')) {
|
||||||
|
$linked_actor_id = CaseInvolvement::getLinkedActorId(\Drupal::currentUser());
|
||||||
|
$query->addJoin('INNER', 'oc_case__actors_involved', 'access_filter', 'access_filter.entity_id = oc_case_field_data.id');
|
||||||
|
$query->condition('access_filter.actors_involved_target_id', $linked_actor_id);
|
||||||
|
return $query;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -4,12 +4,12 @@ namespace Drupal\opencase_entities;
|
|||||||
|
|
||||||
class CaseInvolvement {
|
class CaseInvolvement {
|
||||||
|
|
||||||
private function getLinkedActorId($userId) {
|
public static function getLinkedActorId($account) {
|
||||||
return \Drupal\user\Entity\User::load($userId)->get('field_linked_opencase_actor')->target_id;
|
return \Drupal\user\Entity\User::load($account->id())->get('field_linked_opencase_actor')->target_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function userIsInvolved($account, $case) {
|
public static function userIsInvolved($account, $case) {
|
||||||
$actorId = $this->getLinkedActorId($account->id());
|
$actorId = self::getLinkedActorId($account);
|
||||||
$involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
|
$involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
|
||||||
return in_array($actorId, $involvedIds);
|
return in_array($actorId, $involvedIds);
|
||||||
}
|
}
|
||||||
|
@ -27,7 +27,7 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
|
|||||||
}
|
}
|
||||||
return AccessResult::allowedIf(
|
return AccessResult::allowedIf(
|
||||||
$account->hasPermission('view published case entities')
|
$account->hasPermission('view published case entities')
|
||||||
|| (new CaseInvolvement())->userIsInvolved($account, $entity)
|
|| CaseInvolvement::userIsInvolved($account, $entity)
|
||||||
);
|
);
|
||||||
case 'update':
|
case 'update':
|
||||||
return AccessResult::allowedIfHasPermission($account, 'edit case entities');
|
return AccessResult::allowedIfHasPermission($account, 'edit case entities');
|
||||||
|
Reference in New Issue
Block a user