Working on anonymous edit and deletion of registrants

modules/recurring_events_registration/config/install/recurring_events_registration.registrant.config.yml

@@ -3,23 +3,24 @@ limit: 10
 date_format: 'F jS, Y h:iA'
 email_notifications: true
 registration_notification_enabled: true
+registration_notification_enabled: true
 registration_notification_subject: 'You''ve Successfully Registered'
-registration_notification_body: 'Your registration for the [eventinstance:title] [eventinstance:reg_type] was successful.'
+registration_notification_body: "Your registration for the [eventinstance:title] [eventinstance:reg_type] was successful.\r\n\r\nModify your registration: [registrant:edit_url]\r\nDelete your registration: [registrant:delete_url]"
 waitlist_notification_enabled: true
 waitlist_notification_subject: 'You''ve Been Added To The Waitlist'
-waitlist_notification_body: 'You have been added to the waitlist for the [eventinstance:title] [eventinstance:reg_type].'
+waitlist_notification_body: "You have been added to the waitlist for the [eventinstance:title] [eventinstance:reg_type].\r\n\r\nModify your registration: [registrant:edit_url]\r\nDelete your registration: [registrant:delete_url]"
 promotion_notification_enabled: true
 promotion_notification_subject: 'You''ve Been Added To The Registration List'
-promotion_notification_body: 'You have been promoted from the waitlist to the registration list for the [eventinstance:title] [eventinstance:reg_type].'
+promotion_notification_body: "You have been promoted from the waitlist to the registration list for the [eventinstance:title] [eventinstance:reg_type].\r\n\r\nModify your registration: [registrant:edit_url]\r\nDelete your registration: [registrant:delete_url]"
 instance_deletion_notification_enabled: true
 instance_deletion_notification_subject: 'An Event Has Been Deleted'
-instance_deletion_notification_body: 'Unfortunately, the [eventinstance:title] [eventinstance:reg_type] has been deleted.'
+instance_deletion_notification_body: 'Unfortunately, the [eventinstance:title] [eventinstance:reg_type] has been deleted. Your registration has been deleted.'
 series_deletion_notification_enabled: true
 series_deletion_notification_subject: 'An Event Series Has Been Deleted'
-series_deletion_notification_body: 'Unfortunately, the [eventinstance:title] [eventinstance:reg_type] has been deleted.'
+series_deletion_notification_body: 'Unfortunately, the [eventinstance:title] [eventinstance:reg_type] has been deleted. Your registration has been deleted.'
 instance_modification_notification_enabled: true
 instance_modification_notification_subject: 'An Event Has Been Modified'
-instance_modification_notification_body: 'The [eventinstance:title] [eventinstance:reg_type] has been modified, please check back for details.'
+instance_modification_notification_body: "The [eventinstance:title] [eventinstance:reg_type] has been modified, please check back for details.\r\n\r\nModify your registration: [registrant:edit_url]\r\nDelete your registration: [registrant:delete_url]"
 series_modification_notification_enabled: true
 series_modification_notification_subject: 'An Event Series Has Been Modified'
-series_modification_notification_body: 'The [eventinstance:title] [eventinstance:reg_type] has been modified, and all instances have been removed.'
+series_modification_notification_body: 'The [eventinstance:title] [eventinstance:reg_type] has been modified, and all instances have been removed, and your registration has been deleted.'
\ No newline at end of file

modules/recurring_events_registration/recurring_events_registration.permissions.yml

+# Registrant Entities.
 add registrant entities:
-  title: 'Create new Registrant entities'
-
-administer registrant entities:
-  title: 'Administer Registrant entities'
-  description: 'Allow to access the administration form to configure Registrant entities.'
-  restrict access: true
-
-delete registrant entities:
-  title: 'Delete Registrant entities'
-
+  title: 'Create new registrant entities'
+  description: 'Create new registrant entities'
 edit registrant entities:
-  title: 'Edit Registrant entities'
+  title: 'Edit registrant entities'
+  description: 'Edit registrant entities'
+delete registrant entities:
+  title: 'Delete registrant entities'
+  description: 'Delete registrant entities'
+edit registrant entities anonymously:
+  title: 'Edit registrant entities anonymously'
+  description: 'Modify a registrant using the UUID path'
+delete registrant entities anonymously:
+  title: 'Delete registrant entities anonymously'
+  description: 'Delete a registrant using the UUID path'
+administer registrant entities:
+  title: 'Administer registrant entities'
+  description: 'Allow to access the administration form to configure registrant entities.'
+  restrict access: true
\ No newline at end of file

modules/recurring_events_registration/recurring_events_registration.routing.yml

@@ -80,33 +80,37 @@ entity.registrant.delete_form:
 
 # Registrant anonymous edit route.
 entity.registrant.anon_edit_form:
-  path: '/events/{eventinstance}/registrant/{registrant}/{uuid}/edit'
+  path: '/events/{eventinstance}/registration/{registrant}/{uuid}/edit'
   defaults:
   # Calls the form.edit controller, defined in the Registrant entity.
     _entity_form: registrant.edit
   requirements:
-    _access: 'TRUE'
+    _entity_access: 'registrant.anon-update'
     uuid: '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}'
   options:
     parameters:
       eventinstance:
         type: entity:eventinstance
+      registrant:
+        type: entity:registrant
       uuid:
         type: string
 
 # Registrant anonymous delete route.
 entity.registrant.anon_delete_form:
-  path: '/events/{eventinstance}/registrant/{registrant}/{uuid}/delete'
+  path: '/events/{eventinstance}/registration/{registrant}/{uuid}/delete'
   defaults:
   # Calls the form.delete controller, defined in the Registrant entity.
     _entity_form: registrant.delete
   requirements:
-    _access: 'TRUE'
+    _entity_access: 'registrant.anon-delete'
     uuid: '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}'
   options:
     parameters:
       eventinstance:
         type: entity:eventinstance
+      registrant:
+        type: entity:registrant
       uuid:
         type: string
 

modules/recurring_events_registration/recurring_events_registration.tokens.inc

@@ -12,9 +12,9 @@ use Drupal\Core\Render\BubbleableMetadata;
  */
 function recurring_events_registration_token_info() {
   $eventinstance = [];
-  $type = [
+  $eventinstance_type = [
     'name' => t('Event Instance Registration'),
-    'description' => t('Tokens from the Recurring Events Registration module.'),
+    'description' => t('Event Instance tokens from the Recurring Events Registration module.'),
     'needs-data' => 'eventinstance',
   ];
 
@@ -28,12 +28,31 @@ function recurring_events_registration_token_info() {
     'description' => t('The registration type of the event instance.'),
   ];
 
+  $registrant = [];
+  $registrant_type = [
+    'name' => t('Registrant'),
+    'description' => t('Registrant tokens from the Recurring Events Registration module.'),
+    'needs-data' => 'registrant',
+  ];
+
+  $registrant['edit_url'] = [
+    'name' => t('Edit Registrant URL'),
+    'description' => t('The URL to edit a registrant.'),
+  ];
+
+  $registrant['delete_url'] = [
+    'name' => t('Delete Registrant URL'),
+    'description' => t('The URL to delete a registrant.'),
+  ];
+
   return [
     'types' => [
-      'eventinstance' => $type,
+      'eventinstance' => $eventinstance_type,
+      'registrant' => $registrant_type,
     ],
     'tokens' => [
       'eventinstance' => $eventinstance,
+      'registrant' => $registrant,
     ],
   ];
 
@@ -52,7 +71,7 @@ function recurring_events_registration_tokens($type, $tokens, array $data, array
     foreach ($tokens as $name => $original) {
       switch ($name) {
         case 'reg_url':
-          $replacements[$original] = $event_instance->toUrl('canonical') . '/registration/add';
+          $replacements[$original] = $event_instance->toUrl('canonical')->setAbsolute(TRUE)->toString() . '/registration/add';
           break;
 
         case 'reg_type':
@@ -61,5 +80,28 @@ function recurring_events_registration_tokens($type, $tokens, array $data, array
       }
     }
   }
+
+  if ($type == 'registrant' && !empty($data['registrant'])) {
+    $registrant = $data['registrant'];
+    foreach ($tokens as $name => $original) {
+      switch ($name) {
+        case 'edit_url':
+          $url = $registrant->toUrl('edit-form')->setAbsolute(TRUE)->toString();
+          if ($registrant->user_id->target_id === '0') {
+            $url = $registrant->toUrl('anon-edit-form')->setAbsolute(TRUE)->toString();
+          }
+          $replacements[$original] = $url;
+          break;
+
+        case 'delete_url':
+          $url = $registrant->toUrl('delete-form')->setAbsolute(TRUE)->toString();
+          if ($registrant->user_id->target_id === '0') {
+            $url = $registrant->toUrl('anon-delete-form')->setAbsolute(TRUE)->toString();
+          }
+          $replacements[$original] = $url;
+          break;
+      }
+    }
+  }
   return $replacements;
 }

modules/recurring_events_registration/src/Entity/Registrant.php

@@ -29,7 +29,7 @@ use Drupal\recurring_events\Entity\EventSeries;
  *       "add" = "Drupal\recurring_events_registration\Form\RegistrantForm",
  *       "edit" = "Drupal\recurring_events_registration\Form\RegistrantForm",
  *       "delete" = "Drupal\recurring_events_registration\Form\RegistrantDeleteForm",
- *        "anon-edit" = "Drupal\recurring_events_registration\Form\RegistrantForm",
+ *       "anon-edit" = "Drupal\recurring_events_registration\Form\RegistrantForm",
  *       "anon-delete" = "Drupal\recurring_events_registration\Form\RegistrantDeleteForm",
  *     },
  *     "access" = "Drupal\recurring_events_registration\RegistrantAccessControlHandler",

modules/recurring_events_registration/src/RegistrantAccessControlHandler.php

@@ -6,6 +6,7 @@ use Drupal\Core\Entity\EntityAccessControlHandler;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Access\AccessResult;
+use Drupal\Component\Uuid\Uuid;
 
 /**
  * Access controller for the Registrant entity.
@@ -28,6 +29,10 @@ class RegistrantAccessControlHandler extends EntityAccessControlHandler {
 
       case 'delete':
         return AccessResult::allowedIfHasPermission($account, 'delete registrant entities');
+
+      case 'anon-update':
+      case 'anon-delete':
+        return $this->checkAnonymousAccess($entity, $operation, $account);
     }
 
     // Unknown operation, no opinion.
@@ -50,4 +55,54 @@ class RegistrantAccessControlHandler extends EntityAccessControlHandler {
     return AccessResult::neutral();
   }
 
+  /**
+   * Check if the user can edit or delete this registrant anonymously.
+   *
+   * @param Drupal\Core\Entity\EntityInterface $registrant
+   *   The registrant to be edited.
+   * @param string $operation
+   *   The operation being attempted.
+   * @param Drupal\Core\Session\AccountInterface $account
+   *   The user attempting to gain access.
+   *
+   * @return \Drupal\Core\Access\AccessResultInterface
+   *   The access result.
+   */
+  protected function checkAnonymousAccess(EntityInterface $registrant, $operation, AccountInterface $account) {
+    $params = \Drupal::request()->attributes->all();
+    if (!empty($params['uuid'])) {
+      $uuid = $params['uuid'];
+      // We should not be allowed to edit anonymously if the registrant belongs
+      // to a user.
+      if ($registrant->user_id->target_id !== '0') {
+        return AccessResult::forbidden('This registrant cannot be edited using a UUID.');
+      }
+
+      // If UUID was not passed in, then this is an invalid request.
+      if (empty($uuid)) {
+        return AccessResult::forbidden('No UUID was specified.');
+      }
+
+      // If this is not a valid UUID, then this is an invalid request.
+      if (!Uuid::isValid($uuid)) {
+        return AccessResult::forbidden('The provided UUID is invalid.');
+      }
+
+      // If the UUID specified is not for the registrant being edited.
+      if ($uuid !== $registrant->uuid->value) {
+        return AccessResult::forbidden('The provided UUID is not valid for this registrant');
+      }
+
+      switch ($operation) {
+        case 'anon-update':
+          return AccessResult::allowedIfHasPermission($account, 'edit registrant entities anonymously');
+
+        case 'anon-delete':
+          return AccessResult::allowedIfHasPermission($account, 'delete registrant entities anonymously');
+      }
+
+    }
+    return AccessResult::forbidden();
+  }
+
 }

recurring_events.api.php

@@ -174,7 +174,7 @@ function hook_recurring_events_pre_delete_instances(EventSeries $event_series) {
  * in that this hook fires after deleting instances by deleting the series
  * rather than as a result of changing series date configuration.
  */
-function hook_recurring_events_post_delete_instance(EventSeries $event_series) {
+function hook_recurring_events_post_delete_instances(EventSeries $event_series) {
 }
 
 /**

recurring_events.permissions.yml

@@ -5,6 +5,9 @@ add eventseries entity:
 view eventseries entity:
   title: 'View eventseries entity'
   description: 'View existing event series entities'
+view unpublished eventseries entity:
+  title: 'View unpublished eventseries entity'
+  description: 'View exisiting unpublished event series entities'
 edit eventseries entity:
   title: 'Edit eventseries entity'
   description: 'Modify existing event series entities'

recurring_events.tokens.inc

@@ -91,7 +91,7 @@ function recurring_events_tokens($type, $tokens, array $data, array $options, Bu
           break;
 
         case 'url':
-          $replacements[$original] = $event_instance->toUrl('canonical');
+          $replacements[$original] = $event_instance->toUrl('canonical')->setAbsolute(TRUE)->toString();
           break;
       }
     }

src/EventSeriesAccessControlHandler.php

@@ -23,6 +23,10 @@ class EventSeriesAccessControlHandler extends EntityAccessControlHandler {
   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
     switch ($operation) {
       case 'view':
+        $status = $entity->isPublished();
+        if (!$status) {
+          return AccessResult::allowedIfHasPermission($account, 'view unpublished eventseries entity');
+        }
         return AccessResult::allowedIfHasPermission($account, 'view eventseries entity');
 
       case 'edit':