Browse Source

added case for user to only delete their own reservations

d9
ppound 3 years ago
parent
commit
49b4387626
  1. 3
      src/ReserveReservationAccessControlHandler.php

3
src/ReserveReservationAccessControlHandler.php

@ -36,6 +36,9 @@ class ReserveReservationAccessControlHandler extends EntityAccessControlHandler
case 'delete':
$access = AccessResult::allowedIfHasPermission($account, 'delete any reservation');
if (!$access->isAllowed() && $account->hasPermission('delete own reservation')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity));
}
break;
// Unknown operation, no opinion.

Loading…
Cancel
Save