diff --git a/modules/apigee_edge_teams/src/Entity/Storage/TeamMemberRoleStorageSchema.php b/modules/apigee_edge_teams/src/Entity/Storage/TeamMemberRoleStorageSchema.php new file mode 100644 index 00000000..618e7386 --- /dev/null +++ b/modules/apigee_edge_teams/src/Entity/Storage/TeamMemberRoleStorageSchema.php @@ -0,0 +1,50 @@ + $value) { + $schema['team_member_role']['fields']['uuid'][$key] = is_array($value) ? $value[0] : $value; + } + // Fix to remove duplicate UUID field in primary key. + if (!empty($schema['team_member_role']['unique keys']['team_member_role_field__uuid__value'][1]) && $schema['team_member_role']['unique keys']['team_member_role_field__uuid__value'][1] == 'uuid') { + unset($schema['team_member_role']['unique keys']['team_member_role_field__uuid__value'][1]); + } + } + return $schema; + } + +} diff --git a/modules/apigee_edge_teams/src/Entity/TeamMemberRole.php b/modules/apigee_edge_teams/src/Entity/TeamMemberRole.php index b4009701..b19eddfb 100644 --- a/modules/apigee_edge_teams/src/Entity/TeamMemberRole.php +++ b/modules/apigee_edge_teams/src/Entity/TeamMemberRole.php @@ -20,11 +20,14 @@ namespace Drupal\apigee_edge_teams\Entity; +use Drupal\Core\Access\AccessResult; +use Drupal\Core\Access\AccessResultAllowed; use Drupal\Core\Entity\ContentEntityBase; use Drupal\Core\Entity\EntityChangedTrait; use Drupal\Core\Entity\EntityTypeInterface; use Drupal\Core\Field\BaseFieldDefinition; use Drupal\Core\Field\FieldStorageDefinitionInterface; +use Drupal\Core\Session\AccountInterface; use Drupal\user\UserInterface; /** @@ -41,9 +44,11 @@ * data_table = "team_member_role_data", * handlers = { * "storage" = "Drupal\apigee_edge_teams\Entity\Storage\TeamMemberRoleStorage", + * "storage_schema" = "Drupal\apigee_edge_teams\Entity\Storage\TeamMemberRoleStorageSchema", * }, * entity_keys = { * "id" = "uuid", + * "uuid" = "uuid", * }, * ) * @@ -56,6 +61,31 @@ final class TeamMemberRole extends ContentEntityBase implements TeamMemberRoleIn use EntityChangedTrait; + /** + * {@inheritdoc} + */ + public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) { + if (!$account) { + // If we have hit this without an account return forbidden. + return AccessResult::forbidden(); + } + + $result = AccessResult::allowedIfHasPermissions($account, [ + 'administer team', + 'manage team members', + ], 'OR'); + + if ($result->isNeutral()) { + $team = $this->getTeam(); + $team_permission_handler = \Drupal::service('apigee_edge_teams.team_permissions'); + $result = AccessResultAllowed::allowedIf(in_array('team_manage_members', $team_permission_handler->getDeveloperPermissionsByTeam($team, $account))) + ->addCacheableDependency($team) + ->cachePerUser(); + } + + return $result; + } + /** * {@inheritdoc} */