Simplify handling for case checking. #13372
Conversation
We already check if the contact has generic case permissions in the component checking section. We can remove that check from the case check & also early return from there since a NO at that point can't be overriden
|
(Standard links)
|
|
@seamuslee001 @colemanw this is a minor follow on for things you have reviewed |
| @@ -2768,25 +2766,14 @@ public static function checkPermission($activityId, $action) { | |||
| * @return bool | |||
| */ | |||
| protected static function isContactPermittedAccessToCaseActivity($activityId, $action, $activityTypeID) { | |||
| $allow = FALSE; | |||
| foreach (['access my cases and activities', 'access all cases and activities'] as $per) { | |||
There was a problem hiding this comment.
@eileenmcnaughton is this taken care of in the hasPermissionForActivityType?
There was a problem hiding this comment.
@seamuslee001 yep - it retrieves a list of permissable components & then checks types are associated with them
There was a problem hiding this comment.
You can see it looks for components
$components = self::activityComponents(FALSE);
which filters with
if ($compObj->info['name'] == 'CiviCase') {
if (CRM_Case_BAO_Case::accessCiviCase()) {
$components[$compObj->componentID] = $compObj->info['name'];
}
}
which calls
/**
* Since we drop 'access CiviCase', allow access
* if user has 'access my cases and activities'
* or 'access all cases and activities'
*/
public static function accessCiviCase() {
if (!self::enabled()) {
return FALSE;
}
if (CRM_Core_Permission::check('access my cases and activities') ||
CRM_Core_Permission::check('access all cases and activities')
) {
return TRUE;
}
return FALSE;
}
There was a problem hiding this comment.
@seamuslee001 somewhat ironically I have a follow up that will make this kinda redundant for api calls but this allow() function is still called from a bunch of places. I added testGetActivityCheckPermissionsByCaseComponent as part of this refactoring effort - but it got added in advance of some of these changes so the link isn't obvious
|
Looks fine to me and with the clarification i'm happy to merge this |
Overview
Minor code simplification
Before
Slightly more expensive method used for civicase checking
After
The hasPermissionForActivityType check is run before the civicase check and an early return is done if the contact does not have permission to 'access my cases and activities', or 'access all cases and activities'
Technical Details
We already check if the contact has generic case permissions in the component checking section, we can do that first & remove it from the case check.
Comments
Test coverage in testGetActivityCheckPermissionsByCaseComponent