Skip to content
Snippets Groups Projects
Commit a740de63 authored by xiaohua guan's avatar xiaohua guan Committed by dii
Browse files

Issue #3009415 by Xiaohua Guan: Add permission "XXX own YYY" in order to...

Issue #3009415 by Xiaohua Guan: Add permission "XXX own YYY" in order to operate cloud config entities of self
parent 64e7b279
No related branches found
No related tags found
No related merge requests found
......@@ -17,15 +17,27 @@ administer cloud config entities:
delete cloud config entities:
title: 'Delete Cloud config entities'
delete own cloud config entities:
title: 'Delete own Cloud config entities'
edit cloud config entities:
title: 'Edit Cloud config entities'
edit own cloud config entities:
title: 'Edit own Cloud config entities'
view published cloud config entities:
title: 'View published Cloud config entities'
view own published cloud config entities:
title: 'View own published Cloud config entities'
view unpublished cloud config entities:
title: 'View unpublished Cloud config entities'
view own unpublished cloud config entities:
title: 'View own unpublished Cloud config entities'
view all cloud config revisions:
title: 'View all Cloud config revisions'
......
......@@ -22,15 +22,36 @@ class CloudConfigAccessControlHandler extends EntityAccessControlHandler {
switch ($operation) {
case 'view':
if (!$entity->isPublished()) {
return AccessResult::allowedIfHasPermissions($account, ['view unpublished cloud config entities', 'view ' . $entity->cloud_context()]);
if ($account->id() == $entity->getOwnerId()) {
$permissions = ['view own unpublished cloud config entities'];
} else {
$permissions = ['view unpublished cloud config entities', 'view ' . $entity->cloud_context()];
}
return AccessResult::allowedIfHasPermissions($account, $permissions);
}
return AccessResult::allowedIfHasPermissions($account, ['view published cloud config entities', 'view ' . $entity->cloud_context()]);
if ($account->id() == $entity->getOwnerId()) {
$permissions = ['view own published cloud config entities'];
} else {
$permissions = ['view published cloud config entities', 'view ' . $entity->cloud_context()];
}
return AccessResult::allowedIfHasPermissions($account, $permissions);
case 'update':
return AccessResult::allowedIfHasPermissions($account, ['edit cloud config entities', 'view ' . $entity->cloud_context()]);
if ($account->id() == $entity->getOwnerId()) {
$permissions = ['edit own cloud config entities'];
} else {
$permissions = ['edit cloud config entities', 'view ' . $entity->cloud_context()];
}
return AccessResult::allowedIfHasPermissions($account, $permissions);
case 'delete':
return AccessResult::allowedIfHasPermissions($account, ['delete cloud config entities', 'view ' . $entity->cloud_context()]);
if ($account->id() == $entity->getOwnerId()) {
$permissions = ['delete own cloud config entities'];
} else {
$permissions = ['delete cloud config entities', 'view ' . $entity->cloud_context()];
}
return AccessResult::allowedIfHasPermissions($account, $permissions);
}
// Unknown operation, no opinion.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment