From 5f9167c5d7abf89a0e30667091b803c6fdcadd30 Mon Sep 17 00:00:00 2001
From: Liam Morland <lkmorlan@uwaterloo.ca>
Date: Tue, 16 Feb 2021 16:38:37 -0500
Subject: [PATCH] ISTWCMS-4229: Protect home page

---
 uw_cfg_common.module | 79 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/uw_cfg_common.module b/uw_cfg_common.module
index 0f5298ec..17719beb 100644
--- a/uw_cfg_common.module
+++ b/uw_cfg_common.module
@@ -7,6 +7,7 @@
 
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Form\FormStateInterface;
+use Drupal\uw_cfg_common\Service\UWService;
 use Drupal\webform\WebformInterface;
 use Drupal\webform\WebformSubmissionStorageInterface;
 
@@ -276,3 +277,81 @@ function uw_cfg_common_form_node_type_add_form_alter(&$form, FormStateInterface
   $form['submission']['preview_mode']['#default_value'] = 0;
 
 }
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ *
+ * Node edit form: node/NID/edit.
+ *
+ * Prevent certain changes to the home page.
+ */
+function uw_cfg_common_form_node_uw_ct_web_page_edit_form_alter(array &$form, FormStateInterface $form_state, string $form_id): void {
+  // No changes for those with access.
+  if (\Drupal::currentUser()->hasPermission('bypass home page protection')) {
+    return;
+  }
+
+  // Do not allow the home page to be parent of any item.
+  unset($form['menu']['link']['menu_parent']['#options']['main:uw_base_profile.front_page']);
+
+  // Early return if not editing home page.
+  $nid = (int) \Drupal::routeMatch()->getRawParameter('node');
+  if (!UWService::nodeIsHomePage($nid)) {
+    return;
+  }
+
+  // Remove access to certain controls.
+  $form['path']['#access'] = FALSE;
+  $form['promote']['#access'] = FALSE;
+  $form['sticky']['#access'] = FALSE;
+  // For 'menu', setting #access did not work for non-admins. So, also hide the
+  // sub-components and make it a container so that nothing appears on the page.
+  $form['menu']['#access'] = FALSE;
+  $form['menu']['#type'] = 'container';
+  $form['menu']['enabled']['#access'] = FALSE;
+  $form['menu']['link']['#access'] = FALSE;
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ *
+ * Menu edit form: admin/structure/menu/manage/main.
+ *
+ * Prevent certain changes to the home page.
+ */
+function uw_cfg_common_form_menu_edit_form_alter(array &$form, FormStateInterface $form_state, string $form_id): void {
+  // No changes for those with access.
+  if (\Drupal::currentUser()->hasPermission('bypass home page protection')) {
+    return;
+  }
+
+  // Return early if not editing "Main navigation" menu.
+  if (!isset($form['links']['links']['menu_plugin_id:uw_base_profile.front_page'])) {
+    return;
+  }
+
+  // Remove access to home page controls.
+  $form['links']['links']['menu_plugin_id:uw_base_profile.front_page']['enabled']['#access'] = FALSE;
+  $form['links']['links']['menu_plugin_id:uw_base_profile.front_page']['operations']['#access'] = FALSE;
+  $form['links']['links']['menu_plugin_id:uw_base_profile.front_page']['weight']['#access'] = FALSE;
+  // Make home page not draggable.
+  $key = array_search('draggable', $form['links']['links']['menu_plugin_id:uw_base_profile.front_page']['#attributes']['class'], TRUE);
+  unset($form['links']['links']['menu_plugin_id:uw_base_profile.front_page']['#attributes']['class'][$key]);
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ *
+ * Menu link edit form: admin/structure/menu/link/LINK/edit.
+ *
+ * Do not allow the home page to be parent of any item.
+ */
+function uw_cfg_common_form_menu_link_edit_alter(array &$form, FormStateInterface $form_state, string $form_id): void {
+  // No changes for those with access.
+  if (\Drupal::currentUser()->hasPermission('bypass home page protection')) {
+    return;
+  }
+
+  // Do not allow the home page to be parent of any item.
+  unset($form['menu_parent']['#options']['main:uw_base_profile.front_page']);
+}
-- 
GitLab