From b5ff90184c0b7baf98edd5efac3ec5befcbf435a Mon Sep 17 00:00:00 2001
From: Anuprita Kulkarni <a5kulkar@uwaterloo.ca>
Date: Thu, 2 Jun 2022 16:19:51 -0400
Subject: [PATCH] ISTWCMS-5564 Adjusting user-settable permissions to be
ignored by updated uwperm
---
src/Commands/UwDrushCommands.php | 12 +-
src/UwPermissions/UwPermissions.php | 32 ++++
src/UwRoles/UwRoles.php | 11 +-
src/UwRoles/access_content_permissions.yml | 140 +++++++++++++++
uw_cfg_common.install | 200 +--------------------
5 files changed, 194 insertions(+), 201 deletions(-)
create mode 100644 src/UwRoles/access_content_permissions.yml
diff --git a/src/Commands/UwDrushCommands.php b/src/Commands/UwDrushCommands.php
index ad59a42b..72546483 100644
--- a/src/Commands/UwDrushCommands.php
+++ b/src/Commands/UwDrushCommands.php
@@ -5,6 +5,7 @@ namespace Drupal\uw_cfg_common\Commands;
use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\uw_cfg_common\Service\UWMissingBlocks;
+use Drupal\uw_cfg_common\UwPermissions\UwPermissions;
use Drupal\uw_cfg_common\UwRoles\UwRoles;
use Drush\Commands\DrushCommands;
use Drush\Utils\StringUtils;
@@ -64,13 +65,20 @@ class UwDrushCommands extends DrushCommands {
$rids = UwRoles::getAllRoles();
// Step through each rid and set the permissions.
- foreach ($rids as $rid) {
+ $all = UwPermissions::setAccessPermissions();
+ foreach ($rids as $rid) {
// Get the info about the role.
$uw_role = UwRoles::getUwRole($rid);
+ // Array to hold additional access content permissions for each role.
+ $additional = [];
+ if ($uw_role['label'] && !empty($all[$uw_role['label']])) {
+ $additional = $all[$uw_role['label']];
+ }
+
// Set the permissions for the role.
- UwRoles::setUwPermissions($uw_role);
+ UwRoles::setUwPermissions($uw_role, $additional);
// Set message for specific role setting permissions.
$this->logger()->success('Permissions set for ' . $uw_role['label'] . '.');
diff --git a/src/UwPermissions/UwPermissions.php b/src/UwPermissions/UwPermissions.php
index 11cdaff4..7681d802 100644
--- a/src/UwPermissions/UwPermissions.php
+++ b/src/UwPermissions/UwPermissions.php
@@ -3,6 +3,7 @@
namespace Drupal\uw_cfg_common\UwPermissions;
use Drupal\user\Entity\Role;
+use Symfony\Component\Yaml\Yaml;
/**
* Class UwPermissions.
@@ -297,6 +298,37 @@ class UwPermissions {
return $uw_permissions;
}
+ /**
+ * Convert the permissions array and send it to grantRevoke.
+ */
+ public static function setAccessPermissions(): array {
+
+ // Load and transform content-access permissions.
+ $all_permissions = UwPermissions::getPermissionsArray();
+ $module_handler = \Drupal::service('module_handler');
+ $module_path = $module_handler->getModule('uw_cfg_common')->getPath();
+ $yaml_perm = Yaml::parseFile($module_path . '/src/UwRoles/access_content_permissions.yml');
+ $all = [];
+ foreach ($yaml_perm as $ct => $actions) {
+
+ foreach ($actions as $name => $roles) {
+
+ foreach (['Site manager', 'Content author', 'Content editor'] as $role) {
+
+ if (!empty($all_permissions[$ct][$name][$role])) {
+ if (!isset($all[$role])) {
+ $all[$role] = [];
+ }
+
+ $all[$role] = array_merge($all[$role], $all_permissions[$ct][$name][$role]);
+ }
+ }
+ }
+ }
+
+ return $all;
+ }
+
/**
* Build uw role permissions list for content types.
*
diff --git a/src/UwRoles/UwRoles.php b/src/UwRoles/UwRoles.php
index 9dc22fd4..58ca90ef 100644
--- a/src/UwRoles/UwRoles.php
+++ b/src/UwRoles/UwRoles.php
@@ -99,7 +99,7 @@ class UwRoles {
return 'Site manager';
case 'uw_role_content_author':
- return 'Content Author';
+ return 'Content author';
case 'uw_role_content_editor':
return 'Content editor';
@@ -149,9 +149,13 @@ class UwRoles {
* Set the list of permissions inside the uw_role array.
*
* @param array $uw_role
+ * - The roles array.
+ * @param array $additional
+ * - The access content array.
* The uw_role array from function getRole.
*/
- public static function setUwPermissions(array $uw_role): void {
+ public static function setUwPermissions(array $uw_role, array $additional = []) {
+
$current_permissions = $uw_role['object']->getPermissions();
$desired_permissions = $uw_role['permissions'];
@@ -160,11 +164,10 @@ class UwRoles {
$uw_role['object']->grantPermission($permission);
}
- $remove_permissions = array_diff($current_permissions, $desired_permissions);
+ $remove_permissions = array_diff($current_permissions, $desired_permissions, $additional);
foreach ($remove_permissions as $permission) {
$uw_role['object']->revokePermission($permission);
}
-
$uw_role['object']->save();
}
diff --git a/src/UwRoles/access_content_permissions.yml b/src/UwRoles/access_content_permissions.yml
new file mode 100644
index 00000000..9cc11a49
--- /dev/null
+++ b/src/UwRoles/access_content_permissions.yml
@@ -0,0 +1,140 @@
+Blog:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit tags':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete tags':
+ - 'Site manager'
+Contact:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit groups':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete groups':
+ - 'Site manager'
+Catalog:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit audience':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete audience':
+ - 'Site manager'
+ 'Create/edit categories':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete categories':
+ - 'Site manager'
+ 'Create/edit catalogs':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete catalogs':
+ - 'Site manager'
+Event:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit tags':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete tags':
+ - 'Site manager'
+ 'Create/edit types':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete types':
+ - 'Site manager'
+'Expand/Collapse Group':
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+News:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit tags':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete tags':
+ - 'Site manager'
+Opportunity:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+Profile:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit types':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete types':
+ - 'Site manager'
+Project:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit roles':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete roles':
+ - 'Site manager'
+ 'Create/edit topics':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete topics':
+ - 'Site manager'
+Service:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Create/edit categories':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+ 'Delete categories':
+ - 'Site manager'
+Sidebar:
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+'Site footer':
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
+'Special alert':
+ 'Use':
+ - 'Site manager'
+'Web page':
+ 'Use content type':
+ - 'Site manager'
+ - 'Content author'
+ - 'Content editor'
diff --git a/uw_cfg_common.install b/uw_cfg_common.install
index 58ee4a9a..7ce88d6d 100644
--- a/uw_cfg_common.install
+++ b/uw_cfg_common.install
@@ -12,6 +12,7 @@ use Drupal\user\Entity\Role;
use Drupal\uw_cfg_common\UwPermissions\UwPermissions;
use Drupal\uw_cfg_common\UwRoles\UwRoles;
use Drupal\webform\WebformInterface;
+use Symfony\Component\Yaml\Yaml;
/**
* Implements hook_install().
@@ -54,201 +55,10 @@ function uw_cfg_common_install() {
// Set the permissions for the role.
UwRoles::setUwPermissions($uw_role);
}
-
- $permissions_to_process = [
- 'Blog' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit tags' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete tags' => [
- 'Site manager',
- ],
- ],
- 'Contact' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit groups' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete groups' => [
- 'Site manager',
- ],
- ],
- 'Catalog' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit audience' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete audience' => [
- 'Site manager',
- ],
- 'Create/edit categories' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete categories' => [
- 'Site manager',
- ],
- 'Create/edit catalogs' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete catalogs' => [
- 'Site manager',
- ],
- ],
- 'Event' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit tags' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete tags' => [
- 'Site manager',
- ],
- 'Create/edit types' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete types' => [
- 'Site manager',
- ],
- ],
- 'Expand/Collapse Group' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- ],
- 'News' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit tags' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete tags' => [
- 'Site manager',
- ],
- ],
- 'Opportunity' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- ],
- 'Profile' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit types' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete types' => [
- 'Site manager',
- ],
- ],
- 'Project' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit roles' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete roles' => [
- 'Site manager',
- ],
- 'Create/edit topics' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete topics' => [
- 'Site manager',
- ],
- ],
- 'Service' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Create/edit categories' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- 'Delete categories' => [
- 'Site manager',
- ],
- ],
- 'Sidebar' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- ],
- 'Site footer' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- ],
- 'Special alert' => [
- 'Use' => [
- 'Site manager',
- ],
- ],
- 'Web page' => [
- 'Use content type' => [
- 'Site manager',
- 'Content author',
- 'Content editor',
- ],
- ],
- ];
+ // Build the access permissions array.
+ $module_handler = \Drupal::service('module_handler');
+ $module_path = $module_handler->getModule('uw_cfg_common')->getPath();
+ $permissions_to_process = Yaml::parseFile($module_path . '/src/UwRoles/access_content_permissions.yml');
UwPermissions::grantRevoke($permissions_to_process, 'grant');
// Add terms to the vocabulary 'uw_vocab_audience'.
--
GitLab