Code
/
reserve
7
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518

8.x-1.x
Peter Lindstrom 6 years ago
parent
9675d1c530
commit
1a611e7d4c
2 changed files with 25 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      reserve.permissions.yml
  2. 21
      src/ReserveReservationAccessControlHandler.php

14
reserve.permissions.yml
Unescape View File

@ -16,11 +16,17 @@ add reservations:
add reservations extended: add reservations extended:
title: 'Create new Reservations (extended)' title: 'Create new Reservations (extended)'
edit reservations: edit any reservation:
title: 'Edit Reservations' title: 'Edit Any Reservation'
delete reservations: edit own reservation:
title: 'Delete Reservations' title: 'Edit Own Reservation'
delete any reservation:
title: 'Delete Any Reservation'
delete own reservation:
title: 'Delete Own Reservation'
view published reservations: view published reservations:
title: 'View published Reservations' title: 'View published Reservations'

21
src/ReserveReservationAccessControlHandler.php
Unescape View File

@ -22,19 +22,28 @@ class ReserveReservationAccessControlHandler extends EntityAccessControlHandler
switch ($operation) { switch ($operation) {
case 'view': case 'view':
if (!$entity->isPublished()) { if (!$entity->isPublished()) {
return AccessResult::allowedIfHasPermission($account, 'view unpublished reservations'); $access = AccessResult::allowedIfHasPermission($account, 'view unpublished reservations');
} }
return AccessResult::allowedIfHasPermission($account, 'view published reservations'); $access = AccessResult::allowedIfHasPermission($account, 'view published reservations');
break;
case 'update': case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit reservations'); $access = AccessResult::allowedIfHasPermission($account, 'edit any reservation');
if (!$access->isAllowed() && $account->hasPermission('edit own reservation')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity));
}
break;
case 'delete': case 'delete':
return AccessResult::allowedIfHasPermission($account, 'delete reservations'); $access = AccessResult::allowedIfHasPermission($account, 'delete any reservation');
} break;
// Unknown operation, no opinion. // Unknown operation, no opinion.
return AccessResult::neutral(); default:
$access = AccessResult::neutral();
}
return $access;
} }
/** /**

Write Preview
Loading…
Cancel
Save