Add a setting for allowing Account Admins to assign Account Admin role.
This commit is contained in:
parent
05a3b374bb
commit
e4b656af74
|
@ -0,0 +1,7 @@
|
|||
farm_role_account_admin.settings:
|
||||
type: config_object
|
||||
label: 'farmOS Account Admin Role settings'
|
||||
mapping:
|
||||
allow_peer_role_assignment:
|
||||
type: boolean
|
||||
label: 'Allow users with the Account Admin role to assign/revoke the Account Admin role.'
|
|
@ -0,0 +1,5 @@
|
|||
farm_role_account_admin.settings:
|
||||
base_route: farm_settings.settings_page
|
||||
route_name: farm_role_account_admin.settings
|
||||
title: 'Account Admin'
|
||||
weight: 5
|
|
@ -0,0 +1,7 @@
|
|||
farm_role_account_admin.settings:
|
||||
path: 'farm/settings/account-admin'
|
||||
defaults:
|
||||
_form: '\Drupal\farm_role_account_admin\Form\AccountAdminSettingsForm'
|
||||
_title: 'Account Admin Role settings'
|
||||
requirements:
|
||||
_permission: 'administer farm settings'
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Drupal\farm_role_account_admin;
|
||||
|
||||
use Drupal\Core\Config\ConfigFactoryInterface;
|
||||
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
|
||||
use Drupal\farm_role\ManagedRolePermissionsManagerInterface;
|
||||
use Drupal\user\RoleInterface;
|
||||
|
@ -19,14 +20,24 @@ class AccountAdminPermissions implements ContainerInjectionInterface {
|
|||
*/
|
||||
protected $managedRolePermissionsManager;
|
||||
|
||||
/**
|
||||
* The config factory service.
|
||||
*
|
||||
* @var \Drupal\Core\Config\ConfigFactoryInterface
|
||||
*/
|
||||
protected $configFactory;
|
||||
|
||||
/**
|
||||
* Constructs an AccountAdminPermissions object.
|
||||
*
|
||||
* @param \Drupal\farm_role\ManagedRolePermissionsManagerInterface $managed_role_permissions_manager
|
||||
* The managed role permissions manager.
|
||||
* @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
|
||||
* The config factory service.
|
||||
*/
|
||||
public function __construct(ManagedRolePermissionsManagerInterface $managed_role_permissions_manager) {
|
||||
public function __construct(ManagedRolePermissionsManagerInterface $managed_role_permissions_manager, ConfigFactoryInterface $config_factory) {
|
||||
$this->managedRolePermissionsManager = $managed_role_permissions_manager;
|
||||
$this->configFactory = $config_factory;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -35,6 +46,7 @@ class AccountAdminPermissions implements ContainerInjectionInterface {
|
|||
public static function create(ContainerInterface $container) {
|
||||
return new static(
|
||||
$container->get('plugin.manager.managed_role_permissions'),
|
||||
$container->get('config.factory'),
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -53,9 +65,20 @@ class AccountAdminPermissions implements ContainerInjectionInterface {
|
|||
// Add permissions to the farm_account_admin role.
|
||||
if ($role->id() == 'farm_account_admin') {
|
||||
|
||||
// Load the module settings.
|
||||
$settings = $this->configFactory->get('farm_role_account_admin.settings');
|
||||
|
||||
// Grant the ability to assign managed farmOS roles.
|
||||
$roles = $this->managedRolePermissionsManager->getMangedRoles();
|
||||
foreach ($roles as $role) {
|
||||
|
||||
// Do not allow assigning the "Account Admin" role if
|
||||
// allow_peer_role_assignment is disabled.
|
||||
if ($role->id() == 'farm_account_admin' && !$settings->get('allow_peer_role_assignment', FALSE)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Add permission to assign the role.
|
||||
$perms[] = 'assign ' . $role->id() . ' role';
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
<?php
|
||||
|
||||
namespace Drupal\farm_role_account_admin\Form;
|
||||
|
||||
use Drupal\Core\Form\ConfigFormBase;
|
||||
use Drupal\Core\Form\FormStateInterface;
|
||||
|
||||
/**
|
||||
* Provides a settings form for the Account Admin Role module.
|
||||
*/
|
||||
class AccountAdminSettingsForm extends ConfigFormbase {
|
||||
|
||||
/**
|
||||
* Config settings.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const SETTINGS = 'farm_role_account_admin.settings';
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getFormId() {
|
||||
return 'farm_role_account_admin_settings';
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected function getEditableConfigNames() {
|
||||
return [
|
||||
static::SETTINGS,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function buildForm(array $form, FormStateinterface $form_state) {
|
||||
$config = $this->config(static::SETTINGS);
|
||||
|
||||
$form['allow_peer_role_assignment'] = [
|
||||
'#type' => 'checkbox',
|
||||
'#title' => $this->t('Allow peer role assignment'),
|
||||
'#description' => $this->t('Allow users with the Account Admin role to assign/revoke the Account Admin role.'),
|
||||
'#default_value' => $config->get('allow_peer_role_assignment'),
|
||||
];
|
||||
|
||||
return parent::buildForm($form, $form_state);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function submitForm(array &$form, FormStateInterface $form_state) {
|
||||
$this->configFactory->getEditable(static::SETTINGS)
|
||||
->set('allow_peer_role_assignment', $form_state->getValue('allow_peer_role_assignment'))
|
||||
->save();
|
||||
|
||||
parent::submitForm($form, $form_state);
|
||||
}
|
||||
|
||||
}
|
|
@ -49,7 +49,6 @@ class AccountAdminPermissionsTest extends KernelTestBase {
|
|||
$account_admin_permissions = [
|
||||
'administer farm settings',
|
||||
'administer users',
|
||||
'assign farm_account_admin role',
|
||||
'assign farm_manager role',
|
||||
'assign farm_worker role',
|
||||
'assign farm_viewer role',
|
||||
|
@ -67,6 +66,23 @@ class AccountAdminPermissionsTest extends KernelTestBase {
|
|||
foreach ($account_admin_permissions as $permission) {
|
||||
$this->assertTrue($user->hasPermission($permission));
|
||||
}
|
||||
|
||||
// Ensure the user does not have the "assign farm_account_admin role"
|
||||
// permission.
|
||||
$this->assertFalse($user->hasPermission('assign farm_account_admin role'));
|
||||
|
||||
// Enable the allow_peer_role_assignment setting.
|
||||
$settings = \Drupal::configFactory()->getEditable('farm_role_account_admin.settings');
|
||||
$settings->set('allow_peer_role_assignment', TRUE);
|
||||
$settings->save();
|
||||
|
||||
// Rebuild the container so the configuration change takes effect.
|
||||
$kernel = \Drupal::service('kernel');
|
||||
$kernel->invalidateContainer();
|
||||
$kernel->rebuildContainer();
|
||||
|
||||
// Ensure the user has the "assign farm_account_admin role" permission.
|
||||
$this->assertTrue($user->hasPermission('assign farm_account_admin role'));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue