Skip to content
Snippets Groups Projects
Select Git revision
  • feature/ISTWCMS-6638-l26yan-Using-layout_builder_iframe_modal-instead-layout_builder_modal
  • feature/ISTWCMS-7275-ibiki-publications_rename
  • prod/1.1.x
  • 1.1.x default
  • feature/EXP-kpaxman-drush_uw_role_users
  • feature/ISTWCMS-6642-ebremner-scholar
  • feature/ISTWCMS-7252-ebremner-uw-custom-forms
  • feature/ISTWCMS-7152-default-taxonomy-terms-language
  • feature/EXP-kpaxman-custom_section_spacing
  • feature/EXP-kpaxman_spacer_block_retry
  • Expri-l26yan-date-translate
  • feature/ISTWCMS-6001-ebremner-remove-features
  • Experi-hours/l26yan-Update_ec_pattern_via_update_hook
  • feature/EXPHOUR-ebremner-node-field-values
  • feature/ISTWCMS-7000-ebremner-no-banner
  • feature/ISTWCMS-6904-tstruyk-2-taxonomy-authorship
  • feature/ISTWCMS-6306-ebremner-udpate-hook-related-links
  • feature/ISTWCMS-7141-kpaxman-remove_video_check
  • feature/ISTWCMS-6904-tstruyk-taxonomy-add-author
  • feature/ISTWCMS-6989-ebremner-pub-ref-lang
  • 1.1.42
  • 1.1.41
  • 1.1.40
  • 1.1.39
  • 1.1.38
  • 1.1.37
  • 1.1.36
  • 1.1.35
  • 1.1.34
  • 1.1.33
  • 1.1.32
  • 1.1.31
  • 1.1.30
  • 1.1.29
  • 1.1.28
  • 1.1.27
  • 1.1.26
  • 1.1.25
  • 1.1.24
  • 1.1.23
40 results
Blame Permalink
UwPermissions.php 10.73 KiB 
<?php

namespace Drupal\uw_cfg_common\UwPermissions;

use Drupal\user\Entity\Role;

/**
 * Class UwPermissions.
 *
 * UW Specific permissions.
 */
class UwPermissions {

  /**
   * Get UW roles.
   *
   * @return array
   *   An array of the UW roles to be used on this form.
   */
  public static function getRoles(): array {

    // UW site manager role.
    $uw_roles['Site manager'] = [
      'name' => 'Site manager',
      'id' => 'uw_role_site_manager',
      'object' => Role::load('uw_role_site_manager'),
    ];

    // UW content editor role.
    $uw_roles['Content editor'] = [
      'name' => 'Content editor',
      'id' => 'uw_role_content_editor',
      'object' => Role::load('uw_role_content_editor'),
    ];

    // UW content author role.
    $uw_roles['Content author'] = [
      'name' => 'Content author',
      'id' => 'uw_role_content_author',
      'object' => Role::load('uw_role_content_author'),
    ];

    return $uw_roles;
  }

  /**
   * Get Uw content permissions array.
   *
   * @return array
   *   The array of all permissions for uw content access form.
   */
  public static function getPermissionsArray(): array {

    $uw_permissions = [

      // Blog permissions.
      'Blog' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
          'uw_ct_blog'
        ),
        'Create/edit tags' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_blog_tags',
          ['create', 'edit']
        ),
        'Delete tags' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_blog_tags',
          ['delete']
        ),
      ],

      // Contact permissions.
      'Contact' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
         'uw_ct_contact'
        ),
        'Create/edit group' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_contact_group',
          ['create', 'edit']
        ),
        'Delete group' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_contact_group',
          ['delete']
        ),
      ],

      // Catalog permissions.
      'Catalog' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
          'uw_ct_catalog_item'
        ),
        'Create/edit audience' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_audience',
          ['create', 'edit']
        ),
        'Delete audience' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_audience',
          ['delete']
        ),
        'Create/edit categories' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_catalog_categories',
          ['create', 'edit']
        ),
        'Delete categories' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_catalog_categories',
          ['delete']
        ),
        'Create/edit catalogs' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_catalogs',
          ['create', 'edit']
        ),
        'Delete catalogs' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_catalogs',
          ['delete']
        ),
      ],

      // Event permissions.
      'Event' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
          'uw_ct_event'
        ),
        'Create/edit tags' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_tax_event_tags',
          ['create', 'edit']
        ),
        'Delete tags' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_tax_event_tags',
          ['delete']
        ),
        'Create/edit types' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_tax_event_type',
          ['create', 'edit']
        ),
        'Delete types' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_tax_event_type',
          ['delete']
        ),
      ],

      // News permissions.
      'News' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
          'uw_ct_news_item'
        ),
        'Create/edit tags' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_news_tags',
          ['create', 'edit']
        ),
        'Delete tags' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
          'uw_vocab_news_tags',
          ['delete']
        ),
      ],

      // Profile permissions.
      'Profile' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
         'uw_ct_profile'
        ),
        'Create/edit type' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
         'uw_vocab_profile_type',
          ['create', 'edit']
        ),
        'Delete type' =>
        UwPermissions::buildRolePermissionsListTaxonomyTerm(
         'uw_vocab_profile_type',
          ['delete']
        ),
      ],

      // Sidebar permissions.
      'Sidebar' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
          'uw_ct_sidebar'
        ),
      ],

      // Site footer permissions.
      'Site footer' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
          'uw_ct_site_footer'
        ),
      ],

      // Special alert permissions.
      'Special alert' => [
        'Administer Display' =>
        UwPermissions::buildRolePermissionsListCustom(
          'administer special alert'
        ),
      ],

      // Web page permissions.
      'Web page' => [
        'Use content type' =>
        UwPermissions::buildRolePermissionsListContentType(
          'uw_ct_web_page'
        ),
      ],
    ];

    return $uw_permissions;
  }

  /**
   * Build uw role permissions list for content types.
   *
   * @param string $ct_name
   *   The machine name of the content type.
   *
   * @return array
   *   An array of the uw permissions.
   */
  public static function buildRolePermissionsListContentType(string $ct_name): array {

    // Build the permissions list for the content type.
    $content_type_permissions_list = [
      'Site manager' => [
        'create ' . $ct_name . ' content',
        'delete any ' . $ct_name . ' content',
        'delete own ' . $ct_name . ' content',
        'edit any ' . $ct_name . ' content',
        'edit own ' . $ct_name . ' content',
        'revert ' . $ct_name . ' revisions',
        'view ' . $ct_name . ' revisions',
      ],
      'Content editor' => [
        'create ' . $ct_name . ' content',
        'edit any ' . $ct_name . ' content',
        'edit own ' . $ct_name . ' content',
        'revert ' . $ct_name . ' revisions',
        'view ' . $ct_name . ' revisions',
      ],
      'Content author' => [
        'create ' . $ct_name . ' content',
        'edit any ' . $ct_name . ' content',
        'edit own ' . $ct_name . ' content',
        'revert ' . $ct_name . ' revisions',
        'view ' . $ct_name . ' revisions',
      ],
    ];

    return $content_type_permissions_list;
  }

  /**
   * Build role permissions list for a custom permission.
   *
   * @param string $permission_name
   *   The machine name of the taxonomy term.
   *
   * @return array
   *   An array of the uw permissions.
   */
  public static function buildRolePermissionsListCustom(string $permission_name): array {

    // The roles used for the uw permissions.
    $uw_roles = UwPermissions::getRoles();

    // Step through each role and add permission.
    foreach ($uw_roles as $uw_role) {

      // Set the permission.
      $uw_permissions[$uw_role['name']][] = $permission_name;
    }

    return $uw_permissions;
  }

  /**
   * Build role permissions list for taxonomy terms.
   *
   * @param string $tax_name
   *   The machine name of the taxonomy term.
   * @param array $permission_types
   *   The list of permissions for the taxonomy term (create, edit, and/or
   *   delete).
   *
   * @return array
   *   An array of the uw permissions.
   */
  public static function buildRolePermissionsListTaxonomyTerm(string $tax_name, array $permission_types): array {

    // The roles used for the uw permissions.
    $uw_roles = UWPermissions::getRoles();

    // Step through each of the uw roles and setup list of permissions.
    foreach ($uw_roles as $uw_role) {

      // Step through each permission types and setup list of permissions.
      foreach ($permission_types as $permission_type) {

        // Set the permission.
        $uw_permissions[$uw_role['name']][] = $permission_type . ' terms in ' . $tax_name;
      }
    }

    return $uw_permissions;
  }

  /**
   * Save UW permissions.
   *
   * @parm array $uw_roles
   *   The array of roles to be saved.
   */
  public static function save(array $uw_roles) {

    // Step through each of the roles and save the role object,
    // so that the permissions get saved.
    foreach ($uw_roles as $uw_role) {

      // Save the role object.
      $uw_role['object']->save();
    }
  }

  /**
   * Grant/revoke UW permission to roles and save.
   *
   * @param array $permissions_to_process
   *   The array of permissions to be granted or revoked.
   * @param string $type
   *   The type of permissions to be processed (grant/revoke).
   */
  public static function grantRevoke(array $permissions_to_process, string $type): void {

    // Get the UW roles.
    $uw_roles = UwPermissions::getRoles();

    // The array of uw permissions.
    $uw_permissions = UwPermissions::getPermissionsArray();

    // Step through each of the permissions to grant/revoke.
    foreach ($permissions_to_process as $feature => $permission_to_process) {

      // Step through the feature and get the roles.
      foreach ($permission_to_process as $permission => $roles) {

        // Step through each of the roles and grant/revoke the permission.
        foreach ($roles as $role) {

          // Step through each of the permissions that need to be granted/revoke
          // and grant/revoke for the specified uw role.
          foreach ($uw_permissions[$feature][$permission][$role] as $uw_perm) {

            // If type is grant, grant the permission for the role.
            if ($type == 'grant') {

              // Grant the permission for the specified role.
              $uw_roles[$role]['object']->grantPermission($uw_perm);
            }
            // If the type is revoke, revoke the permission for the role.
            elseif ($type == 'revoke') {

              // Revoke the permission for the specified role.
              $uw_roles[$role]['object']->revokePermission($uw_perm);
            }
          }
        }
      }
    }

    // Save the permissions.
    UwPermissions::save($uw_roles);
  }

}