From c4640a098cde5fa9ff4c3f668c098faba254bd66 Mon Sep 17 00:00:00 2001
From: ebremner <ebremner@uwaterloo.ca>
Date: Tue, 14 Jul 2020 13:01:04 -0400
Subject: [PATCH] ISTWCMS-3921: updating function in UW permissions class to
 revoke or grant permissions

---
 src/UwPermissions/UwPermissions.php | 37 +++++++++++++++++++----------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/src/UwPermissions/UwPermissions.php b/src/UwPermissions/UwPermissions.php
index 6c1f0bac..69795dea 100644
--- a/src/UwPermissions/UwPermissions.php
+++ b/src/UwPermissions/UwPermissions.php
@@ -205,12 +205,14 @@ class UwPermissions {
   }
 
   /**
-   * Add UW permission to roles and save.
+   * Grant/revoke UW permission to roles and save.
    *
-   * @parm array $permissions_to_add
-   *   The array of permissions to be added.
+   * @parm array $permissions_to_process
+   *   The array of permissions to be granted or revoked.
+   * @param string $type
+   *   The type of permissions to be processed (grant/revoke).
    */
-  public static function uw_add_permissions(array $permissions_to_add) {
+  public static function uw_grant_revoke_permissions(array $permissions_to_process, string $type): void {
 
     // Get the UW roles.
     $uw_roles = UwPermissions::uw_get_roles();
@@ -218,22 +220,31 @@ class UwPermissions {
     // The array of uw permissions.
     $uw_permissions = UwPermissions::uw_get_permissions_array();
 
-    // Step through each of the permissions to add and get teh feature.
-    foreach ($permissions_to_add as $feature => $permission_to_add) {
+    // Step through each of the permissions to grant/revoke.
+    foreach ($permissions_to_process as $feature => $permission_to_process) {
 
       // Step through the feature and get the roles.
-      foreach ($permission_to_add as $permission => $roles) {
+      foreach ($permission_to_process as $permission => $roles) {
 
-        // Step through each of the roles and grant the permission.
+        // Step through each of the roles and grant/revoke the permission.
         foreach ($roles as $role) {
 
-          // Step through each of the permissions that need to be granted
-          // for that actually permission and grant them for the specified
-          // uw role.
+          // Step through each of the permissions that need to be granted/revoke
+          // and grant/revoke for the specified uw role.
           foreach($uw_permissions[$feature][$permission][$role] as $uw_perm) {
 
-            // Grant the permission for the specified role.
-            $uw_roles[$role]['object']->grantPermission($uw_perm);
+            // If type is grant, grant the permission for the role.
+            if ($type == 'grant') {
+
+              // Grant the permission for the specified role.
+              $uw_roles[$role]['object']->grantPermission($uw_perm);
+            }
+            // If the type is revoke, revoke the permission for the role.
+            elseif ($type == 'revoke') {
+
+              // Revoke the permission for the specified role.
+              $uw_roles[$role]['object']->revokePermission($uw_perm);
+            }
           }
         }
       }
-- 
GitLab