Skip to content
Snippets Groups Projects
Commit 054f753d authored by Jay Beaton's avatar Jay Beaton Committed by Owen Bush
Browse files

Issue #3261193 by jrb, owenbush: Users with the "edit eventseries entity"...

Issue #3261193 by jrb, owenbush: Users with the "edit eventseries entity" permission can't edit their own events unless they also have the "edit own eventinstance entity" permission
parent 9f7406a9
No related branches found
No related tags found
No related merge requests found
......@@ -73,13 +73,19 @@ class RegistrantAccessControlHandler extends EntityAccessControlHandler implemen
if ($account->id() !== $entity->getOwnerId()) {
return AccessResult::allowedIfHasPermission($account, 'edit registrant entities');
}
return AccessResult::allowedIfHasPermission($account, 'edit own registrant entities');
return AccessResult::allowedIfHasPermissions($account, [
'edit registrant entities',
'edit own registrant entities',
], 'OR');
case 'delete':
if ($account->id() !== $entity->getOwnerId()) {
return AccessResult::allowedIfHasPermission($account, 'delete registrant entities');
}
return AccessResult::allowedIfHasPermission($account, 'delete own registrant entities');
return AccessResult::allowedIfHasPermissions($account, [
'delete registrant entities',
'delete own registrant entities',
], 'OR');
case 'resend':
return AccessResult::allowedIfHasPermission($account, 'resend registrant emails');
......
......@@ -33,13 +33,19 @@ class EventInstanceAccessControlHandler extends EntityAccessControlHandler {
if ($account->id() !== $entity->getOwnerId()) {
return AccessResult::allowedIfHasPermission($account, 'edit eventinstance entity');
}
return AccessResult::allowedIfHasPermission($account, 'edit own eventinstance entity');
return AccessResult::allowedIfHasPermissions($account, [
'edit eventinstance entity',
'edit own eventinstance entity',
], 'OR');
case 'delete':
if ($account->id() !== $entity->getOwnerId()) {
return AccessResult::allowedIfHasPermission($account, 'delete eventinstance entity');
}
return AccessResult::allowedIfHasPermission($account, 'delete own eventinstance entity');
return AccessResult::allowedIfHasPermissions($account, [
'delete eventinstance entity',
'delete own eventinstance entity',
], 'OR');
case 'clone':
return AccessResult::allowedIfHasPermission($account, 'clone eventinstance entity');
......
......@@ -33,13 +33,19 @@ class EventSeriesAccessControlHandler extends EntityAccessControlHandler {
if ($account->id() !== $entity->getOwnerId()) {
return AccessResult::allowedIfHasPermission($account, 'edit eventseries entity');
}
return AccessResult::allowedIfHasPermission($account, 'edit own eventseries entity');
return AccessResult::allowedIfHasPermissions($account, [
'edit eventseries entity',
'edit own eventseries entity',
], 'OR');
case 'delete':
if ($account->id() !== $entity->getOwnerId()) {
return AccessResult::allowedIfHasPermission($account, 'delete eventseries entity');
}
return AccessResult::allowedIfHasPermission($account, 'delete own eventseries entity');
return AccessResult::allowedIfHasPermissions($account, [
'delete eventseries entity',
'delete own eventseries entity',
], 'OR');
case 'clone':
return AccessResult::allowedIfHasPermission($account, 'clone eventseries entity');
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment