Browse Source

fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518

8.x-1.x
Peter Lindstrom 6 years ago
parent
commit
1a611e7d4c
  1. 14
      reserve.permissions.yml
  2. 21
      src/ReserveReservationAccessControlHandler.php

14
reserve.permissions.yml

@ -16,11 +16,17 @@ add reservations:
add reservations extended: add reservations extended:
title: 'Create new Reservations (extended)' title: 'Create new Reservations (extended)'
edit reservations: edit any reservation:
title: 'Edit Reservations' title: 'Edit Any Reservation'
delete reservations: edit own reservation:
title: 'Delete Reservations' title: 'Edit Own Reservation'
delete any reservation:
title: 'Delete Any Reservation'
delete own reservation:
title: 'Delete Own Reservation'
view published reservations: view published reservations:
title: 'View published Reservations' title: 'View published Reservations'

21
src/ReserveReservationAccessControlHandler.php

@ -22,19 +22,28 @@ class ReserveReservationAccessControlHandler extends EntityAccessControlHandler
switch ($operation) { switch ($operation) {
case 'view': case 'view':
if (!$entity->isPublished()) { if (!$entity->isPublished()) {
return AccessResult::allowedIfHasPermission($account, 'view unpublished reservations'); $access = AccessResult::allowedIfHasPermission($account, 'view unpublished reservations');
} }
return AccessResult::allowedIfHasPermission($account, 'view published reservations'); $access = AccessResult::allowedIfHasPermission($account, 'view published reservations');
break;
case 'update': case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit reservations'); $access = AccessResult::allowedIfHasPermission($account, 'edit any reservation');
if (!$access->isAllowed() && $account->hasPermission('edit own reservation')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity));
}
break;
case 'delete': case 'delete':
return AccessResult::allowedIfHasPermission($account, 'delete reservations'); $access = AccessResult::allowedIfHasPermission($account, 'delete any reservation');
break;
// Unknown operation, no opinion.
default:
$access = AccessResult::neutral();
} }
// Unknown operation, no opinion. return $access;
return AccessResult::neutral();
} }
/** /**

Loading…
Cancel
Save