Skip to content

Commit

Permalink
Issue #3217353 by Ressinel: Move away from our *_permission functions…
Browse files Browse the repository at this point in the history 
… and to move to calling user_role_grant_permission with static arrays instead.

This has a few benefits:
1. This avoids some indirection which should make it clearer what is being assigned to what role
2. We don’t automatically merge permission arrays. Drupal already does this so e.g. we don’t need to assign everything we assign to authenticated user, also to site manager. This helps move to thinking in roles as features rather than all-containing things.
3. We can no longer call get_permissions from an update hook but instead need to explicitly specify what we’re updating. This makes permission changes more easy to trace and keeps the behaviour of update hooks the same throughout versions.
  • Loading branch information
Andrii Chyrskyi committed Jul 20, 2021
1 parent 2a524f0 commit 7eab050
Show file tree
Hide file tree
Showing 33 changed files with 1,078 additions and 1,638 deletions.
15 changes: 13 additions & 2 deletions modules/custom/entity_access_by_field/entity_access_by_field.install
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,19 @@ use Drupal\user\RoleInterface;
* Perform actions related to the installation of entity_access_by_field.
*/
function entity_access_by_field_install() {
// Set some default permissions.
_entity_access_by_field_set_permissions();
// Grant the default permissions for this feature.
user_role_grant_permissions(
'contentmanager',
[
'override disabled public visibility',
]
);
user_role_grant_permissions(
'sitemanager',
[
'override disabled public visibility',
]
);
}

/**
Expand Down
60 changes: 7 additions & 53 deletions modules/custom/group_core_comments/group_core_comments.install
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,66 +6,20 @@
*/

use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;

/**
* Implements hook_install().
*
* Perform actions related to the installation of group_core_comments.
*/
function group_core_comments_install() {
// Set some default permissions.
_group_core_comments_set_permissions();
}

/**
* Function to set permissions.
*/
function _group_core_comments_set_permissions() {
$roles = Role::loadMultiple();

/** @var \Drupal\user\Entity\Role $role */
foreach ($roles as $role) {
if ($role->id() === 'administrator') {
continue;
}

$permissions = _group_core_comments_get_permissions($role->id());
user_role_grant_permissions($role->id(), $permissions);
}
}

/**
* Get permissions per role.
*
* @param string $role
* The name of the role.
*
* @return array
* A list of permissions.
*/
function _group_core_comments_get_permissions($role) {
// Anonymous.
$permissions[RoleInterface::ANONYMOUS_ID] = [];

// Authenticated.
$permissions[RoleInterface::AUTHENTICATED_ID] = array_merge($permissions[RoleInterface::ANONYMOUS_ID], []);

// Verified.
$permissions['verified'] = array_merge($permissions[RoleInterface::AUTHENTICATED_ID], []);

// Content manager.
$permissions['contentmanager'] = array_merge($permissions['verified'], []);

// Site manager.
$permissions['sitemanager'] = array_merge($permissions['contentmanager'], [
'delete all comments',
]);

if (isset($permissions[$role])) {
return $permissions[$role];
}
return [];
// Grant the default permissions for this feature.
user_role_grant_permissions(
'sitemanager',
[
'delete all comments',
]
);
}

/**
Expand Down
71 changes: 12 additions & 59 deletions modules/custom/social_font/social_font.install
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@
*/

use Drupal\social_font\Entity\Font;
use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;

/**
* The social_font install file.
Expand All @@ -23,61 +21,16 @@ function social_font_install() {

$font->save();

// Set some default permissions.
_social_font_set_permissions();
}

/**
* Function to set permissions.
*/
function _social_font_set_permissions() {
$roles = Role::loadMultiple();

/** @var \Drupal\user\Entity\Role $role */
foreach ($roles as $role) {
if ($role->id() === 'administrator') {
continue;
}

$permissions = _social_font_get_permissions($role->id());
user_role_grant_permissions($role->id(), $permissions);
}
}

/**
* Build the permissions for each role.
*
* @param string $role
* The role.
*
* @return array
* Returns an array containing permissions.
*/
function _social_font_get_permissions($role) {
// Anonymous.
$permissions[RoleInterface::ANONYMOUS_ID] = [];

// Authenticated.
$permissions[RoleInterface::AUTHENTICATED_ID] = array_merge($permissions[RoleInterface::ANONYMOUS_ID], []);

// Verified.
$permissions['verified'] = array_merge($permissions[RoleInterface::AUTHENTICATED_ID], []);

// Content manager.
$permissions['contentmanager'] = array_merge($permissions['verified'], []);

// Site manager.
$permissions['sitemanager'] = array_merge($permissions['contentmanager'], [
'add font entities',
'delete font entities',
'edit font entities',
'access font overview',
'view published font entities',
'view unpublished font entities',
]);

if (isset($permissions[$role])) {
return $permissions[$role];
}
return [];
// Grant the default permissions for this feature.
user_role_grant_permissions(
'sitemanager',
[
'add font entities',
'delete font entities',
'edit font entities',
'access font overview',
'view published font entities',
'view unpublished font entities',
]
);
}
84 changes: 18 additions & 66 deletions modules/custom/social_gdpr/social_gdpr.install
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,82 +5,34 @@
* Install, update and uninstall functions for the social_gdpr module.
*/

use Drupal\user\Entity\Role;
use Drupal\user\RoleInterface;

/**
* Implements hook_install().
*/
function social_gdpr_install() {
// Set some default permissions.
_social_gdpr_set_permissions();
// Grant the default permissions for this feature.
user_role_grant_permissions(
'sitemanager',
[
'administer data policy settings',
'administer data policy entities',
'edit data policy',
'view all data policy revisions',
'access data policy revisions',
'revert all data policy revisions',
'overview user consents',
'edit inform and consent setting',
'overview inform and consent settings',
'administer inform and consent settings',
'change inform and consent setting status',
'translate data_policy',
]
);

\Drupal::configFactory()->getEditable('data_policy.data_policy')
->set('enforce_consent', TRUE)
->save();
}

/**
* Function to set permissions.
*/
function _social_gdpr_set_permissions() {
/** @var \Drupal\user\Entity\Role $role */
foreach (Role::loadMultiple() as $role) {
if ($role->id() !== 'administrator') {
$permissions = _social_gdpr_get_permissions($role->id());
user_role_grant_permissions($role->id(), $permissions);
}
}

// Only for AN.
user_role_grant_permissions('anonymous', ['without consent']);
}

/**
* Build the permissions.
*
* @param string $role
* The role.
*
* @return array
* Returns an array containing the permissions.
*/
function _social_gdpr_get_permissions($role) {
// Anonymous.
$permissions[RoleInterface::ANONYMOUS_ID] = [];

// Authenticated.
$permissions[RoleInterface::AUTHENTICATED_ID] = array_merge($permissions[RoleInterface::ANONYMOUS_ID], []);

// Verified.
$permissions['verified'] = array_merge($permissions[RoleInterface::AUTHENTICATED_ID], []);

// Content manager.
$permissions['contentmanager'] = array_merge($permissions['verified'], []);

// Site manager.
$permissions['sitemanager'] = array_merge($permissions['contentmanager'], [
'administer data policy settings',
'administer data policy entities',
'edit data policy',
'view all data policy revisions',
'access data policy revisions',
'revert all data policy revisions',
'overview user consents',
'edit inform and consent setting',
'overview inform and consent settings',
'administer inform and consent settings',
'change inform and consent setting status',
'translate data_policy',
]);

if (isset($permissions[$role])) {
return $permissions[$role];
}

return [];
}

/**
* Update data policy permissions with new administer entities permission.
*/
Expand Down
58 changes: 18 additions & 40 deletions modules/custom/social_language/social_language.install
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,59 +6,37 @@
*/

use Drupal\Core\Serialization\Yaml;
use Drupal\user\Entity\Role;

/**
* Implements hook_install().
*
* Perform actions related to the installation of social_language.
*/
function social_language_install() {

// Set some default permissions.
_social_language_set_permissions();
// Grant the default permissions for this feature.
user_role_grant_permissions(
'contentmanager',
[
'create content translations',
'delete content translations',
'update content translations',
]
);
user_role_grant_permissions(
'sitemanager',
[
'create content translations',
'delete content translations',
'update content translations',
'translate any entity',
]
);

\Drupal::configFactory()->getEditable('locale.settings')
->set('translation.path', '/tmp')
->save();
}

/**
* Function to set permissions.
*/
function _social_language_set_permissions() {
$roles = Role::loadMultiple();

/** @var \Drupal\user\Entity\Role $role */
foreach ($roles as $role) {
if ($role->id() === 'administrator') {
continue;
}

$permissions = _social_language_get_permissions($role->id());
user_role_grant_permissions($role->id(), $permissions);
}
}

/**
* Build the permissions.
*/
function _social_language_get_permissions($role) {
// Content manager.
$permissions['contentmanager'] = [
'create content translations',
'delete content translations',
'update content translations',
];

// Site manager.
$permissions['sitemanager'] = array_merge($permissions['contentmanager'], [
'translate any entity',
]);

return isset($permissions[$role]) ? $permissions[$role] : [];
}

/**
* Enable topic type and profile tag taxonomy translation.
*/
Expand Down

0 comments on commit 7eab050

Please sign in to comment.