mirror of
https://github.com/farmOS/farmOS.git
synced 2024-02-23 11:37:38 +01:00
Add an Account Admin role with permission to administer users and assign managed roles.
This commit is contained in:
parent
6ac77f8106
commit
501d573b19
8 changed files with 177 additions and 0 deletions
|
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
- [Add a Group membership assignment quick form #723](https://github.com/farmOS/farmOS/pull/723)
|
||||
- [farmOS Setup Menu #706](https://github.com/farmOS/farmOS/pull/706)
|
||||
- [Issue #3354935: Configurable quick forms](https://www.drupal.org/project/farm/issues/3354935)
|
||||
- [Add an Account Admin role with permission to administer users and assign managed roles #714](https://github.com/farmOS/farmOS/pull/714)
|
||||
|
||||
### Changed
|
||||
|
||||
|
|
|
@ -41,6 +41,7 @@
|
|||
"drupal/migrate_source_csv": "^3.5",
|
||||
"drupal/migrate_source_ui": "^1.0",
|
||||
"drupal/migrate_tools": "^6.0.2",
|
||||
"drupal/role_delegation": "^1.2",
|
||||
"drupal/simple_oauth": "5.2.3",
|
||||
"drupal/state_machine": "^1.0",
|
||||
"drupal/subrequests": "^3.0.3",
|
||||
|
|
|
@ -60,6 +60,7 @@ function farm_modules() {
|
|||
'farm_import_kml' => t('KML asset importer'),
|
||||
'farm_fieldkit' => t('Field Kit integration'),
|
||||
'farm_l10n' => t('Translation/localization features'),
|
||||
'farm_role_account_admin' => t('Account Admin role'),
|
||||
],
|
||||
];
|
||||
}
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
langcode: en
|
||||
status: true
|
||||
dependencies:
|
||||
enforced:
|
||||
module:
|
||||
- farm_role_account_admin
|
||||
module:
|
||||
- farm_role
|
||||
id: farm_account_admin
|
||||
label: 'Account Admin'
|
||||
weight: 1
|
||||
is_admin: false
|
||||
permissions:
|
||||
- 'administer farm settings'
|
||||
- 'administer users'
|
||||
third_party_settings:
|
||||
farm_role:
|
||||
access:
|
||||
config: true
|
||||
entity:
|
||||
view all: true
|
||||
create all: true
|
||||
update all: true
|
||||
delete all: true
|
|
@ -0,0 +1,9 @@
|
|||
name: farmOS Account Admin Role
|
||||
description: Provides an Account Admin role for managing users.
|
||||
type: module
|
||||
package: farmOS
|
||||
core_version_requirement: ^9
|
||||
dependencies:
|
||||
- farm:farm_role
|
||||
- farm:farm_settings
|
||||
- role_delegation:role_delegation
|
|
@ -0,0 +1,3 @@
|
|||
farm_role_account_admin:
|
||||
permission_callbacks:
|
||||
- Drupal\farm_role_account_admin\AccountAdminPermissions::permissions
|
|
@ -0,0 +1,66 @@
|
|||
<?php
|
||||
|
||||
namespace Drupal\farm_role_account_admin;
|
||||
|
||||
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
|
||||
use Drupal\farm_role\ManagedRolePermissionsManagerInterface;
|
||||
use Drupal\user\RoleInterface;
|
||||
use Symfony\Component\DependencyInjection\ContainerInterface;
|
||||
|
||||
/**
|
||||
* Add permissions to the Account Admin role.
|
||||
*/
|
||||
class AccountAdminPermissions implements ContainerInjectionInterface {
|
||||
|
||||
/**
|
||||
* The managed role permissions manager.
|
||||
*
|
||||
* @var \Drupal\farm_role\ManagedRolePermissionsManagerInterface
|
||||
*/
|
||||
protected $managedRolePermissionsManager;
|
||||
|
||||
/**
|
||||
* Constructs an AccountAdminPermissions object.
|
||||
*
|
||||
* @param \Drupal\farm_role\ManagedRolePermissionsManagerInterface $managed_role_permissions_manager
|
||||
* The managed role permissions manager.
|
||||
*/
|
||||
public function __construct(ManagedRolePermissionsManagerInterface $managed_role_permissions_manager) {
|
||||
$this->managedRolePermissionsManager = $managed_role_permissions_manager;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public static function create(ContainerInterface $container) {
|
||||
return new static(
|
||||
$container->get('plugin.manager.managed_role_permissions'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add permissions to default farmOS roles.
|
||||
*
|
||||
* @param \Drupal\user\RoleInterface $role
|
||||
* The role to add permissions to.
|
||||
*
|
||||
* @return array
|
||||
* An array of permission strings.
|
||||
*/
|
||||
public function permissions(RoleInterface $role) {
|
||||
$perms = [];
|
||||
|
||||
// Add permissions to the farm_account_admin role.
|
||||
if ($role->id() == 'farm_account_admin') {
|
||||
|
||||
// Grant the ability to assign managed farmOS roles.
|
||||
$roles = $this->managedRolePermissionsManager->getMangedRoles();
|
||||
foreach ($roles as $role) {
|
||||
$perms[] = 'assign ' . $role->id() . ' role';
|
||||
}
|
||||
}
|
||||
|
||||
return $perms;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,72 @@
|
|||
<?php
|
||||
|
||||
namespace Drupal\Tests\farm_role_account_admin\Kernel;
|
||||
|
||||
use Drupal\KernelTests\KernelTestBase;
|
||||
use Drupal\Tests\user\Traits\UserCreationTrait;
|
||||
|
||||
/**
|
||||
* Tests for Account Admin role permissions.
|
||||
*
|
||||
* @group farm
|
||||
*/
|
||||
class AccountAdminPermissionsTest extends KernelTestBase {
|
||||
|
||||
use UserCreationTrait;
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected static $modules = [
|
||||
'farm_role',
|
||||
'farm_role_account_admin',
|
||||
'farm_role_roles',
|
||||
'farm_settings',
|
||||
'role_delegation',
|
||||
'system',
|
||||
'user',
|
||||
];
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected function setUp():void {
|
||||
parent::setUp();
|
||||
$this->installEntitySchema('user');
|
||||
$this->installSchema('system', ['sequences']);
|
||||
$this->installConfig(['farm_role_account_admin', 'farm_role_roles']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that the Account Admin role gets appropriate permissions.
|
||||
*/
|
||||
public function testAccountAdminPermissions() {
|
||||
|
||||
// Create a user.
|
||||
$user = $this->setUpCurrentUser([], [], FALSE);
|
||||
|
||||
// List Account Admin permissions.
|
||||
$account_admin_permissions = [
|
||||
'administer farm settings',
|
||||
'administer users',
|
||||
'assign farm_account_admin role',
|
||||
'assign farm_manager role',
|
||||
'assign farm_worker role',
|
||||
'assign farm_viewer role',
|
||||
];
|
||||
|
||||
// Ensure the user does not have permissions.
|
||||
foreach ($account_admin_permissions as $permission) {
|
||||
$this->assertFalse($user->hasPermission($permission));
|
||||
}
|
||||
|
||||
// Add Account Admin role.
|
||||
$user->addRole('farm_account_admin');
|
||||
|
||||
// Ensure the user has permissions.
|
||||
foreach ($account_admin_permissions as $permission) {
|
||||
$this->assertTrue($user->hasPermission($permission));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue