Compare commits
3 Commits
240a55f54f
...
7c3b007ff9
Author | SHA1 | Date |
---|---|---|
naomi | 7c3b007ff9 | |
naomi | f39f4a331d | |
naomi | 6069ac0901 |
|
@ -147,14 +147,6 @@ td.views-field {
|
|||
font-weight: bold !important;
|
||||
}
|
||||
|
||||
/* Styling for grouped views */
|
||||
table.views-table.views-view-table caption {
|
||||
text-align: left;
|
||||
margin-bottom: 1em;
|
||||
margin-top: 2em;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
/* remove "details" accordion, see https://drupal.stackexchange.com/questions/294312/why-has-this-details-accordion-appeared-in-this-view */
|
||||
.views-table details {
|
||||
display: none;
|
||||
|
|
|
@ -59,7 +59,3 @@ revert all case fee revisions:
|
|||
delete all case fee revisions:
|
||||
title: 'Delete all revisions'
|
||||
description: 'Role requires permission to <em>view Case Fee revisions</em> and <em>delete rights</em> for case fee entities in question or <em>administer case fee entities</em>.'
|
||||
|
||||
permission_callbacks:
|
||||
- \Drupal\opencase_cases\OCCaseFeePermissions::generatePermissions
|
||||
- \Drupal\opencase_cases\OCCaseProvisionPermissions::generatePermissions
|
||||
|
|
|
@ -10,8 +10,11 @@ class CaseInvolvement {
|
|||
|
||||
public static function userIsInvolved($account, $case) {
|
||||
$actorId = self::getLinkedActorId($account);
|
||||
$involvedIds = array_column($case->actors_involved->getValue(), 'target_id');
|
||||
return in_array($actorId, $involvedIds);
|
||||
$query = \Drupal::entityQuery('oc_case_provision')
|
||||
->condition('oc_provider', $actorId)
|
||||
->condition('oc_case', $case->id());
|
||||
$results = $query->execute();
|
||||
return !empty($results);
|
||||
}
|
||||
|
||||
public static function userIsInvolved_activity($account, $activity) {
|
||||
|
|
|
@ -32,7 +32,6 @@ class OCCaseAccessControlHandler extends EntityAccessControlHandler {
|
|||
case 'update': // you can edit the case only if a) you can see it and b) you have the permission to edit cases.
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('edit case entities')
|
||||
&& ($account->hasPermission('view published case entities') || CaseInvolvement::userIsInvolved($account, $entity))
|
||||
);
|
||||
case 'delete': // you can delete the case only if a) you can see it and b) you have the permission to delete cases.
|
||||
return AccessResult::allowedIf(
|
||||
|
|
|
@ -1,8 +1,4 @@
|
|||
|
||||
permission_callbacks:
|
||||
- \Drupal\opencase_entities\OCOrganisationPermissions::generatePermissions
|
||||
- \Drupal\opencase_entities\OCEventPermissions::generatePermissions
|
||||
- Drupal\opencase_entities\OpenCaseEntityPermissions::permissions
|
||||
|
||||
view edit delete all actor entities:
|
||||
title: 'View/Edit/Delete all types of people'
|
||||
|
|
|
@ -26,27 +26,18 @@ class OCActivityAccessControlHandler extends EntityAccessControlHandler {
|
|||
}
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('view published case entities') // activity permissions are inherited from case
|
||||
|| CaseInvolvement::userIsInvolved_activity($account, $entity)
|
||||
|| $entity->getOwner()->id() == $account->id()
|
||||
);
|
||||
case 'update': // allowed only if a) they can see the case the activity is on and b) they can edit activities
|
||||
if (!$account->hasPermission('edit activity entities')) {
|
||||
return AccessResult::forbidden();
|
||||
} else {
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('view published case entities')
|
||||
|| CaseInvolvement::userIsInvolved_activity($account, $entity)
|
||||
$account->hasPermission('edit activity entities') // activity permissions are inherited from case
|
||||
|| $entity->getOwner()->id() == $account->id()
|
||||
);
|
||||
}
|
||||
case 'delete': // allowed only if a) they can see the case the activity is on and b) they can delete activities
|
||||
if (!$account->hasPermission('delete activity entities')) {
|
||||
return AccessResult::forbidden();
|
||||
} else {
|
||||
return AccessResult::allowedIf(
|
||||
$account->hasPermission('view published case entities')
|
||||
|| CaseInvolvement::userIsInvolved_activity($account, $entity)
|
||||
$account->hasPermission('delete case entities')
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Unknown operation, no opinion.
|
||||
return AccessResult::neutral();
|
||||
|
|
Reference in New Issue