Browse Source

fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518

8.x-1.x
Peter Lindstrom 6 years ago
parent
commit
1a611e7d4c
  1. 14
      reserve.permissions.yml
  2. 21
      src/ReserveReservationAccessControlHandler.php

14
reserve.permissions.yml

@ -16,11 +16,17 @@ add reservations:
add reservations extended:
title: 'Create new Reservations (extended)'
edit reservations:
title: 'Edit Reservations'
edit any reservation:
title: 'Edit Any Reservation'
delete reservations:
title: 'Delete Reservations'
edit own reservation:
title: 'Edit Own Reservation'
delete any reservation:
title: 'Delete Any Reservation'
delete own reservation:
title: 'Delete Own Reservation'
view published reservations:
title: 'View published Reservations'

21
src/ReserveReservationAccessControlHandler.php

@ -22,19 +22,28 @@ class ReserveReservationAccessControlHandler extends EntityAccessControlHandler
switch ($operation) {
case 'view':
if (!$entity->isPublished()) {
return AccessResult::allowedIfHasPermission($account, 'view unpublished reservations');
$access = AccessResult::allowedIfHasPermission($account, 'view unpublished reservations');
}
return AccessResult::allowedIfHasPermission($account, 'view published reservations');
$access = AccessResult::allowedIfHasPermission($account, 'view published reservations');
break;
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit reservations');
$access = AccessResult::allowedIfHasPermission($account, 'edit any reservation');
if (!$access->isAllowed() && $account->hasPermission('edit own reservation')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity));
}
break;
case 'delete':
return AccessResult::allowedIfHasPermission($account, 'delete reservations');
$access = AccessResult::allowedIfHasPermission($account, 'delete any reservation');
break;
// Unknown operation, no opinion.
default:
$access = AccessResult::neutral();
}
// Unknown operation, no opinion.
return AccessResult::neutral();
return $access;
}
/**

Loading…
Cancel
Save