changed activity access controller to allow users to view and edit ones they own

modules/opencase_entities/src/OCActivityAccessControlHandler.php

@@ -26,27 +26,18 @@ class OCActivityAccessControlHandler extends EntityAccessControlHandler {
         }
         return AccessResult::allowedIf(
             $account->hasPermission('view published case entities')  // activity permissions are inherited from case
-            || CaseInvolvement::userIsInvolved_activity($account, $entity)
+            || $entity->owner()->id() == $account->id(); 
         );
       case 'update':  // allowed only if a) they can see the case the activity is on and b) they can edit activities
-        if (!$account->hasPermission('edit activity entities')) {
-            return AccessResult::forbidden();
-        } else {
         return AccessResult::allowedIf(
-              $account->hasPermission('view published case entities') 
+            $account->hasPermission('edit activity entities')  // activity permissions are inherited from case
-              || CaseInvolvement::userIsInvolved_activity($account, $entity)
+            || $entity->owner()->id() == $account->id(); 
         );
-        }
       case 'delete':  // allowed only if a) they can see the case the activity is on and b) they can delete activities
-        if (!$account->hasPermission('delete activity entities')) {
-            return AccessResult::forbidden();
-        } else {
         return AccessResult::allowedIf(
-              $account->hasPermission('view published case entities') 
+          $account->hasPermission('delete case entities') 
-              || CaseInvolvement::userIsInvolved_activity($account, $entity)
         );
     }
-    }
 
     // Unknown operation, no opinion.
     return AccessResult::neutral();