Allow other case roles who are not the case client to update details on the case via webform
Currently, due to security considerations, only the case client can submit data onto a case via a public form. Create functionality so that a webform can be configured to allow either the client or those with specific case roles to update the details on a specific case.
The table below illustrates the current functioning of the system across different scenarios. Scenario 8 reflects the anticipated operation in accordance with the detailed requirements provided below.
Current expected outcome
Case client
Scenario 1: Base scenario
Is not a case client
Is not a current case role
Is not logged in
Does not have checksum
No permissions
Cannot access case on webform
Scenario 2: Logged out no checksum
Is a case client
Is not a current case role
Is not logged in
Does not have checksum
No permissions
Cannot access case on webform
(As is not logged in and doesn’t have a checksum token)
Scenario 3: Logged out no checksum
Is a case client
Is not a current case role
Is not logged in
Does have checksum
No permissions
Can access case on webform
Case role
Scenario 4
Has a current case role
Is not logged in
Does not have checksum
No additional permissions
Cannot access case on webform
Scenario 5
Has a current case role
Is not logged in
Does have checksum
No additional permissions
Cannot access case on webform
Scenario 6
Has a current case role
Is not logged in
Does have checksum
Access MY cases
Cannot access case on webform
Scenario 7
Has a current case role
Is not logged in
Does have checksum
Access ALL cases
Cannot access case on webform
New scenario
Scenario 8
Has a current case role
Is not logged in
Does have checksum
No additional permissions
Configure the webform:
Case role specified can access the case
New: Should be able to access and update case via webform
ID / Title
Detailed requirement
1.1
Webform Configuration
Create a new setting under Webform > Civicrm > Cases > Case Roles
Field details:
Title: Case roles that can update case via webform
Type: Multi-select
Options: List of case roles in CiviCRM
Help: Specify additional case roles that can access the case via the webform without logging in. To do so create a link with the following details populated: examplesite.com&case1={case.id}&cid1={contact.id}&{contact.checksum} where case1 is the case number on the form, cid1 is the contact you would like to populate with the users details who is accessing the form. Note that contacts who are the case client can always access the case with the above details.
Sample screenshot:
1.2
Allow other case roles who are not the case client to update details on the case via webform
If a contact holds a current case role (eg: user1@user1.com i.e. consultant)
Start date <= todays date or null
AND
End date > todays date or null
AND
Is_active (is not) NO
They are sent a link via email to a specific webform with:
Contact ID of their contact autoloaded on the form for at least one of the existing contact fields
AND
Case ID is in the URL is a case where they have a case role (&case1={case_id})
AND
Case type has their role enabled for edit access as per ID-1.1 above
AND
Either:
Contact CheckSum for their contact if not logged in
OR
Any of the following: (note the following is unchanged from CiviCRM out the box and just included for completeness)
Check CiviCRM permissions if logged in
If they have CiviCRM Admin role they should have access OR
If they have CiviCase: access all cases and activities OR
If they have CiviCase: access my cases and activities And are the case manager
The case details should load in the webform and allow the user to update the case.