Contrib.social

Edit all expense and income transactions permission excludes author field

Open on Drupal.org β†’
Created on 13 October 2023, about 2 years ago

Problem/Motivation

The permission "Edit all expense and income transactions" excludes the author field.

If you are not user 1 on the site you can not set the author when creating or editing transactions.

Steps to reproduce

Create a new role "Office"
Add all available permissions that this module offers to the "office" role
give a user the office role
login as user and add a transaction.

The author field will not be available to set.

When the user save the transaction the user is set as the author of the transaction.
When the user edit the transaction the author field is not visible to change

Proposed resolution

Add a new permission

edit author expense_tracker:
  title: 'Edit the author of all expense and income transactions'
πŸ› Bug report
Status

Needs review

Version

1.3

Component

User interface

Created by

πŸ‡ΏπŸ‡¦South Africa vlooi vlerke

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @vlooi vlerke
  • Status changed to Needs review about 2 years ago
  • Comment about 2 years ago β†’
    πŸ‡ΏπŸ‡¦South Africa vlooi vlerke

    It turns out a permission setting was missing.

    Add the following to expense_tracker.permissions.yml

    administer expense_tracker:
  title: 'Administer expense and income data'

    A new permission will be available to select and this will give you access to set the author.

    The code this permission executes is in place at src/EtTransactionAccessControlHandler.php

     /**
   * {@inheritdoc}
   */
  protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {

    $restricted_fields = [
      'uid',
    ];
    if ($operation === 'edit' && in_array($field_definition->getName(), $restricted_fields, TRUE)) {
      return AccessResult::allowedIfHasPermission($account, 'administer expense_tracker');
    }
    return parent::checkFieldAccess($operation, $field_definition, $account, $items);
  }
}
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024