From 825a330c26d2aa251b0a6926f8fef85cdd70efad Mon Sep 17 00:00:00 2001 From: Jitendra Purohit Date: Tue, 22 Dec 2020 17:46:58 +0530 Subject: [PATCH 1/2] Fix entity permission for related contact --- src/CivicrmEntityAccessHandler.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/CivicrmEntityAccessHandler.php b/src/CivicrmEntityAccessHandler.php index a278465f..c4f36f3e 100644 --- a/src/CivicrmEntityAccessHandler.php +++ b/src/CivicrmEntityAccessHandler.php @@ -72,6 +72,13 @@ protected function checkEntityPermissions(EntityInterface $entity, $operation, A if (!empty($this->civicrmEntityInfo[$this->entityTypeId]['permissions'][$operation])) { $permissions = $this->civicrmEntityInfo[$this->entityTypeId]['permissions'][$operation]; } + if ($this->entityTypeId == 'civicrm_contact' && in_array($operation, ['view', 'edit'])) { + \Drupal::service('civicrm')->initialize(); + $op = $operation == 'view' ? \CRM_Core_Permission::VIEW : \CRM_Core_Permission::EDIT; + if (\CRM_Contact_BAO_Contact_Permission::allow($entity->id(), $op)) { + return AccessResult::allowed(); + } + } return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR'); } From 55760cbd1aa4b89466029f199bea10995b803e13 Mon Sep 17 00:00:00 2001 From: Jitendra Purohit Date: Mon, 11 Jan 2021 10:41:18 +0530 Subject: [PATCH 2/2] Fix access to view membership of the related contact --- src/CivicrmEntityAccessHandler.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/CivicrmEntityAccessHandler.php b/src/CivicrmEntityAccessHandler.php index c4f36f3e..4685b769 100644 --- a/src/CivicrmEntityAccessHandler.php +++ b/src/CivicrmEntityAccessHandler.php @@ -7,6 +7,7 @@ use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Entity\EntityTypeInterface; use Drupal\Core\Session\AccountInterface; +use Drupal\civicrm_entity\CiviCrmApiInterface; /** * Entity access handler for CiviCRM entities. @@ -72,10 +73,22 @@ protected function checkEntityPermissions(EntityInterface $entity, $operation, A if (!empty($this->civicrmEntityInfo[$this->entityTypeId]['permissions'][$operation])) { $permissions = $this->civicrmEntityInfo[$this->entityTypeId]['permissions'][$operation]; } - if ($this->entityTypeId == 'civicrm_contact' && in_array($operation, ['view', 'edit'])) { + if (in_array($operation, ['view', 'edit'])) { \Drupal::service('civicrm')->initialize(); + $contactID = NULL; + if ($this->entityTypeId == 'civicrm_contact') { + $contactID = $entity->id(); + } + elseif ($this->entityTypeId == 'civicrm_membership') { + $membership = \Drupal::service('civicrm_entity.api')->get('Membership', ['id' => $entity->id()]); + $contactID = $membership[$entity->id()]['contact_id'] ?? NULL; + } + + if (empty($contactID)) { + return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR'); + } $op = $operation == 'view' ? \CRM_Core_Permission::VIEW : \CRM_Core_Permission::EDIT; - if (\CRM_Contact_BAO_Contact_Permission::allow($entity->id(), $op)) { + if (\CRM_Contact_BAO_Contact_Permission::allow($contactID, $op)) { return AccessResult::allowed(); } }