|
|
|
@ -22,19 +22,28 @@ class ReserveReservationAccessControlHandler extends EntityAccessControlHandler
|
|
|
|
|
switch ($operation) { |
|
|
|
|
case 'view': |
|
|
|
|
if (!$entity->isPublished()) { |
|
|
|
|
return AccessResult::allowedIfHasPermission($account, 'view unpublished reservations'); |
|
|
|
|
$access = AccessResult::allowedIfHasPermission($account, 'view unpublished reservations'); |
|
|
|
|
} |
|
|
|
|
return AccessResult::allowedIfHasPermission($account, 'view published reservations'); |
|
|
|
|
$access = AccessResult::allowedIfHasPermission($account, 'view published reservations'); |
|
|
|
|
break; |
|
|
|
|
|
|
|
|
|
case 'update': |
|
|
|
|
return AccessResult::allowedIfHasPermission($account, 'edit reservations'); |
|
|
|
|
$access = AccessResult::allowedIfHasPermission($account, 'edit any reservation'); |
|
|
|
|
if (!$access->isAllowed() && $account->hasPermission('edit own reservation')) { |
|
|
|
|
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity)); |
|
|
|
|
} |
|
|
|
|
break; |
|
|
|
|
|
|
|
|
|
case 'delete': |
|
|
|
|
return AccessResult::allowedIfHasPermission($account, 'delete reservations'); |
|
|
|
|
$access = AccessResult::allowedIfHasPermission($account, 'delete any reservation'); |
|
|
|
|
break; |
|
|
|
|
|
|
|
|
|
// Unknown operation, no opinion. |
|
|
|
|
default: |
|
|
|
|
$access = AccessResult::neutral(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Unknown operation, no opinion. |
|
|
|
|
return AccessResult::neutral(); |
|
|
|
|
return $access; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|