permission_group-1.0.x-dev/permission_group.module
permission_group.module
<?php
/**
* @file
* Provides hook implementations for the Permission Group module.
*/
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\StringTranslation\PluralTranslatableMarkup;
use Drupal\permission_group\Entity\PermissionGroup;
use Drupal\permission_group\Form\PermissionGroupPermissionsForm;
use Drupal\user\RoleInterface;
use Drupal\user\Entity\Role;
/**
* Implements hook_ENTITY_TYPE_presave().
*/
function permission_group_user_role_presave(RoleInterface $role) {
// Determine if the role uses permission groups and if any have been revoked.
$original_groups = isset($role->original) ? $role->original->getThirdPartySetting('permission_group', 'groups', []) : [];
$current_groups = $role->getThirdPartySetting('permission_group', 'groups', []);
// Remove any permissions from the revoked permission groups from the role.
$revoked_groups = array_diff($original_groups, $current_groups);
if (!empty($revoked_groups)) {
foreach (PermissionGroup::loadMultiple($revoked_groups) as $group) {
foreach ($group->permissions(TRUE) as $permission) {
$role->revokePermission($permission);
}
}
}
// Add permissions from the current permission groups to the role.
if (!empty($current_groups)) {
foreach (PermissionGroup::loadMultiple($current_groups) as $group) {
foreach ($group->permissions(TRUE) as $permission) {
$role->grantPermission($permission);
}
}
}
}
/**
* Implements hook_form_FORM_ID_alter().
*/
function permission_group_form_user_admin_permissions_alter(&$form, FormStateInterface $form_state, $form_id) {
/** @var \Drupal\permission_group\Entity\PermissionGroup[] $groups */
$groups = PermissionGroup::loadMultiple();
// Disables permissions managed via permission groups.
/** @var \Drupal\user\RoleInterface[] $roles */
$roles = Role::loadMultiple(array_keys($form['role_names']['#value']));
$groups_permissions_data = [];
foreach ($roles as $role) {
$permission_groups = $role->getThirdPartySetting('permission_group', 'groups', []);
foreach ($permission_groups as $group_id) {
if (isset($groups[$group_id])) {
foreach ($groups[$group_id]->permissions(TRUE) as $permission) {
$groups_permissions_data[$permission][$role->id()][] = $groups[$group_id]->label();
}
}
}
}
foreach ($groups_permissions_data as $permission => $role) {
foreach ($role as $role_id => $group_labels) {
$form['permissions'][$permission][$role_id]['#disabled'] = TRUE;
$form['permissions'][$permission][$role_id]['#attributes']['title'] = new PluralTranslatableMarkup(
count($group_labels),
'This permission is part of the @label permission group',
'This permission is part of the permission groups: @label',
['@label' => implode(', ', $group_labels)]
);
}
}
// Add the ability link permission groups to the top of the list of
// permissions.
if (count($groups) > 0) {
// Render group/permission overview:
$hide_descriptions = system_admin_compact_mode();
$permission_list = \Drupal::service('user.permissions')->getPermissions();
// Add in reverse order because we adding to the top of the form.
foreach (array_reverse($groups) as $group_id => $group) {
// Fill in default values for the permission.
$perm_item = [
'title' => $group->label(),
'description' => $group->description(),
'restrict access' => $group->restrictAccess($permission_list),
];
$perm_item['warning'] = !empty($perm_item['restrict access']) ? t('Warning: this permission group has security implications.') : '';
// Add the groups to the top of the form.
$form['permissions'] = [$group_id => []] + $form['permissions'];
$form['permissions'][$group_id]['description'] = [
'#type' => 'inline_template',
'#template' => '<div class="permission"><span class="title">{{ title }}</span>{% if description or warning %}<div class="description">{% if warning %}<em class="permission-warning">{{ warning }}</em> {% endif %}{{ description }}</div>{% endif %}</div>',
'#context' => [
'title' => $perm_item['title'],
],
];
// Show the permission description.
if (!$hide_descriptions) {
$form['permissions'][$group_id]['description']['#context']['description'] = $perm_item['description'];
$form['permissions'][$group_id]['description']['#context']['warning'] = $perm_item['warning'];
}
foreach ($roles as $role_id => $role) {
$role_groups = $role->getThirdPartySetting('permission_group', 'groups', []);
$form['permissions'][$group_id][$role_id] = [
'#title' => $role->label() . ': ' . $perm_item['title'],
'#title_display' => 'invisible',
'#wrapper_attributes' => [
'class' => ['checkbox'],
],
'#type' => 'checkbox',
'#default_value' => (int) in_array($group->id(), $role_groups, TRUE),
'#attributes' => [
'class' => [
'rid-' . $role_id,
'js-rid-' . $role_id,
],
],
'#parents' => [PermissionGroupPermissionsForm::LINKED_GROUP_PARENT, $role_id, $group_id],
// Disable if the role is an admin role.
'#disabled' => $role->isAdmin(),
];
}
}
$form['permissions'] = ['permission_group.linked_groups' => []] + $form['permissions'];
$form['permissions']['permission_group.linked_groups'][] = [
'#wrapper_attributes' => [
'colspan' => count($roles) + 1,
'class' => ['module'],
'id' => 'module-permission_group-linked_groups',
],
'#markup' => t('Permission groups'),
];
$form['#submit'][] = 'permission_group_permissions_form_submit';
}
}
/**
* Submit callback for the permission form to save the linked permission groups.
*/
function permission_group_permissions_form_submit($form, FormStateInterface $form_state) {
/** @var \Drupal\user\Entity\Role[] $roles */
$roles = Role::loadMultiple(array_keys($form_state->getValue('role_names')));
foreach ($roles as $role_id => $role) {
$linked_groups = array_keys(array_filter((array) $form_state->getValue([
PermissionGroupPermissionsForm::LINKED_GROUP_PARENT,
$role_id,
])));
PermissionGroup::roleSave($role, $linked_groups);
}
}
