ISTWCMS-5564 Adjusting user-settable permissions to be ignored by updated uwperm

src/Commands/UwDrushCommands.php

@@ -5,6 +5,7 @@ namespace Drupal\uw_cfg_common\Commands;
 use Drupal\Core\Config\ConfigFactoryInterface;
 use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\uw_cfg_common\Service\UWMissingBlocks;
+use Drupal\uw_cfg_common\UwPermissions\UwPermissions;
 use Drupal\uw_cfg_common\UwRoles\UwRoles;
 use Drush\Commands\DrushCommands;
 use Drush\Utils\StringUtils;
@@ -64,13 +65,20 @@ class UwDrushCommands extends DrushCommands {
     $rids = UwRoles::getAllRoles();
 
     // Step through each rid and set the permissions.
-    foreach ($rids as $rid) {
+    $all = UwPermissions::setAccessPermissions();
 
+    foreach ($rids as $rid) {
       // Get the info about the role.
       $uw_role = UwRoles::getUwRole($rid);
 
+      // Array to hold additional access content permissions for each role.
+      $additional = [];
+      if ($uw_role['label'] && !empty($all[$uw_role['label']])) {
+        $additional = $all[$uw_role['label']];
+      }
+
       // Set the permissions for the role.
-      UwRoles::setUwPermissions($uw_role);
+      UwRoles::setUwPermissions($uw_role, $additional);
 
       // Set message for specific role setting permissions.
       $this->logger()->success('Permissions set for ' . $uw_role['label'] . '.');

src/UwPermissions/UwPermissions.php

@@ -3,6 +3,7 @@
 namespace Drupal\uw_cfg_common\UwPermissions;
 
 use Drupal\user\Entity\Role;
+use Symfony\Component\Yaml\Yaml;
 
 /**
  * Class UwPermissions.
@@ -297,6 +298,37 @@ class UwPermissions {
     return $uw_permissions;
   }
 
+  /**
+   * Convert the permissions array and send it to grantRevoke.
+   */
+  public static function setAccessPermissions(): array {
+
+    // Load and transform content-access permissions.
+    $all_permissions = UwPermissions::getPermissionsArray();
+    $module_handler = \Drupal::service('module_handler');
+    $module_path = $module_handler->getModule('uw_cfg_common')->getPath();
+    $yaml_perm = Yaml::parseFile($module_path . '/src/UwRoles/access_content_permissions.yml');
+    $all = [];
+    foreach ($yaml_perm as $ct => $actions) {
+
+      foreach ($actions as $name => $roles) {
+
+        foreach (['Site manager', 'Content author', 'Content editor'] as $role) {
+
+          if (!empty($all_permissions[$ct][$name][$role])) {
+            if (!isset($all[$role])) {
+              $all[$role] = [];
+            }
+
+            $all[$role] = array_merge($all[$role], $all_permissions[$ct][$name][$role]);
+          }
+        }
+      }
+    }
+
+    return $all;
+  }
+
   /**
    * Build uw role permissions list for content types.
    *

src/UwRoles/UwRoles.php

@@ -99,7 +99,7 @@ class UwRoles {
         return 'Site manager';
 
       case 'uw_role_content_author':
-        return 'Content Author';
+        return 'Content author';
 
       case 'uw_role_content_editor':
         return 'Content editor';
@@ -149,9 +149,13 @@ class UwRoles {
    * Set the list of permissions inside the uw_role array.
    *
    * @param array $uw_role
+   *   - The roles array.
+   * @param array $additional
+   *   - The access content array.
    *   The uw_role array from function getRole.
    */
-  public static function setUwPermissions(array $uw_role): void {
+  public static function setUwPermissions(array $uw_role, array $additional = []) {
+
     $current_permissions = $uw_role['object']->getPermissions();
     $desired_permissions = $uw_role['permissions'];
 
@@ -160,11 +164,10 @@ class UwRoles {
       $uw_role['object']->grantPermission($permission);
     }
 
-    $remove_permissions = array_diff($current_permissions, $desired_permissions);
+    $remove_permissions = array_diff($current_permissions, $desired_permissions, $additional);
     foreach ($remove_permissions as $permission) {
       $uw_role['object']->revokePermission($permission);
     }
-
     $uw_role['object']->save();
   }
 

src/UwRoles/access_content_permissions.yml

+Blog:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit tags':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete tags':
+    - 'Site manager'
+Contact:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit groups':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete groups':
+    - 'Site manager'
+Catalog:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit audience':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete audience':
+    - 'Site manager'
+  'Create/edit categories':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete categories':
+    - 'Site manager'
+  'Create/edit catalogs':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete catalogs':
+    - 'Site manager'
+Event:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit tags':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete tags':
+    - 'Site manager'
+  'Create/edit types':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete types':
+    - 'Site manager'
+'Expand/Collapse Group':
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+News:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit tags':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete tags':
+    - 'Site manager'
+Opportunity:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+Profile:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit types':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete types':
+    - 'Site manager'
+Project:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit roles':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete roles':
+    - 'Site manager'
+  'Create/edit topics':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete topics':
+    - 'Site manager'
+Service:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Create/edit categories':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+  'Delete categories':
+    - 'Site manager'
+Sidebar:
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+'Site footer':
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'
+'Special alert':
+  'Use':
+    - 'Site manager'
+'Web page':
+  'Use content type':
+    - 'Site manager'
+    - 'Content author'
+    - 'Content editor'

uw_cfg_common.install

@@ -12,6 +12,7 @@ use Drupal\user\Entity\Role;
 use Drupal\uw_cfg_common\UwPermissions\UwPermissions;
 use Drupal\uw_cfg_common\UwRoles\UwRoles;
 use Drupal\webform\WebformInterface;
+use Symfony\Component\Yaml\Yaml;
 
 /**
  * Implements hook_install().
@@ -54,201 +55,10 @@ function uw_cfg_common_install() {
     // Set the permissions for the role.
     UwRoles::setUwPermissions($uw_role);
   }
-
-  $permissions_to_process = [
-    'Blog' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit tags' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete tags' => [
-        'Site manager',
-      ],
-    ],
-    'Contact' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit groups' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete groups' => [
-        'Site manager',
-      ],
-    ],
-    'Catalog' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit audience' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete audience' => [
-        'Site manager',
-      ],
-      'Create/edit categories' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete categories' => [
-        'Site manager',
-      ],
-      'Create/edit catalogs'    => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete catalogs' => [
-        'Site manager',
-      ],
-    ],
-    'Event' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit tags' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete tags' => [
-        'Site manager',
-      ],
-      'Create/edit types' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete types' => [
-        'Site manager',
-      ],
-    ],
-    'Expand/Collapse Group' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-    ],
-    'News' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit tags' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete tags' => [
-        'Site manager',
-      ],
-    ],
-    'Opportunity' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-    ],
-    'Profile' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit types' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete types' => [
-        'Site manager',
-      ],
-    ],
-    'Project' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit roles' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete roles' => [
-        'Site manager',
-      ],
-      'Create/edit topics' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete topics' => [
-        'Site manager',
-      ],
-    ],
-    'Service' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Create/edit categories' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-      'Delete categories' => [
-        'Site manager',
-      ],
-    ],
-    'Sidebar' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-    ],
-    'Site footer' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-    ],
-    'Special alert' => [
-      'Use' => [
-        'Site manager',
-      ],
-    ],
-    'Web page' => [
-      'Use content type' => [
-        'Site manager',
-        'Content author',
-        'Content editor',
-      ],
-    ],
-  ];
+  // Build the access permissions array.
+  $module_handler = \Drupal::service('module_handler');
+  $module_path = $module_handler->getModule('uw_cfg_common')->getPath();
+  $permissions_to_process = Yaml::parseFile($module_path . '/src/UwRoles/access_content_permissions.yml');
   UwPermissions::grantRevoke($permissions_to_process, 'grant');
 
   // Add terms to the vocabulary 'uw_vocab_audience'.