CM Document for content types should display a section related to perms.

Closes #3344078

src/CmDocumentViewBuilder.php

@@ -2,9 +2,16 @@
 
 namespace Drupal\content_model_documentation;
 
+use Drupal\Core\Config\ConfigManagerInterface;
 use Drupal\content_model_documentation\Entity\CMDocumentInterface;
 use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Entity\EntityTypeInterface;
+use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\Core\Entity\EntityViewBuilder;
+use Drupal\Core\Extension\ModuleExtensionList;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Drupal\user\Entity\Role;
+use Drupal\user\PermissionHandlerInterface;
 
 /**
  * Defines a class for entity view builder for entities.
@@ -13,6 +20,46 @@ class CmDocumentViewBuilder extends EntityViewBuilder {
 
   use CMDocumentConnectorTrait;
 
+  /**
+   * The configuration manager.
+   *
+   * @var \Drupal\Core\Config\ConfigManagerInterface
+   */
+  protected $configManager;
+
+  /**
+   * The entity type manager.
+   *
+   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
+   */
+  protected $entityTypeManager;
+
+  /**
+   * The permission handler.
+   *
+   * @var \Drupal\user\PermissionHandlerInterface
+   */
+  protected $permissionHandler;
+
+  /**
+   * The module extension list.
+   *
+   * @var \Drupal\Core\Extension\ModuleExtensionList
+   */
+  protected $moduleExtensionList;
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
+    $instance = parent::createInstance($container, $entity_type);
+    $instance->configManager = $container->get('config.manager');
+    $instance->entityTypeManager = $container->get('entity_type.manager');
+    $instance->permissionHandler = $container->get('user.permissions');
+    $instance->moduleExtensionList = $container->get('extension.list.module');
+    return $instance;
+  }
+
   /**
    * {@inheritdoc}
    */
@@ -52,6 +99,9 @@ class CmDocumentViewBuilder extends EntityViewBuilder {
       case ((empty($field)) && ($type !== 'site') && ($type !== 'module')):
         // This is fieldable entity.
         $add_ons = ['FieldsOnEntity'];
+        if ($type === 'node' || $type === 'taxonomy_term') {
+          array_push($add_ons, 'PermissionOnEntity');
+        }
         break;
 
       default:
@@ -259,6 +309,138 @@ class CmDocumentViewBuilder extends EntityViewBuilder {
     return $add_on;
   }
 
+  /**
+   * Gets a a table of permission data for an entity.
+   *
+   * @param \Drupal\content_model_documentation\Entity\CMDocumentInterface $cm_document
+   *   The current document to process.
+   *
+   * @return array
+   *   A render array of entity permissions.
+   */
+  protected function getPermissionOnEntity(CMDocumentInterface $cm_document): array {
+    $role_names = [];
+    $role_permissions = [];
+    $admin_roles = [];
+    $roles = Role::loadMultiple();
+    $entity_type = $cm_document->getDocumentedEntityParameter('type');
+    $bundle = $cm_document->getDocumentedEntityParameter('bundle');
+
+    $add_on['permissions'] = [
+      '#type' => 'table',
+      '#header' => [$this->t('Permission')],
+      '#sticky' => TRUE,
+      '#caption' => $this->t("Permissions for @type @bundle", ['@type' => $entity_type, '@bundle' => $bundle]),
+    ];
+
+    foreach ($roles as $role_name => $role) {
+      // Retrieve role names for columns.
+      $role_names[$role_name] = $role->label();
+      // Fetch permissions for the roles.
+      $role_permissions[$role_name] = $role->getPermissions();
+      $admin_roles[$role_name] = $role->isAdmin();
+    }
+    foreach ($role_names as $name) {
+      $add_on['permissions']['#header'][] = [
+        'data' => $name,
+        'class' => ['checkbox'],
+      ];
+    }
+
+    $bundle_permission = $this->permissionsOfBundle($cm_document->getStorageMap()[$entity_type], $bundle);
+    foreach ($bundle_permission as $provider => $permissions) {
+
+      // Module name.
+      $add_on['permissions'][$provider] = [
+        [
+          '#wrapper_attributes' => [
+            'colspan' => count($role_names) + 1,
+          ],
+          '#markup' => $this->moduleExtensionList->getName($provider),
+        ],
+      ];
+
+      foreach ($permissions as $perm => $perm_item) {
+        // Fill in default values for the permission.
+        $perm_item += [
+          'description' => '',
+          'restrict access' => FALSE,
+          'warning' => !empty($perm_item['restrict access']) ? $this->t('Warning: Give to trusted roles only; this permission has security implications.') : '',
+        ];
+        $add_on['permissions'][$perm]['description'] = [
+          '#type' => 'inline_template',
+          '#template' => '<div class="permission"><span class="title table-filter-text-source">{{ title }}</span>{% if description or warning %}<div class="description">{% if warning %}<em class="permission-warning">{{ warning }}</em> {% endif %}{{ description }}</div>{% endif %}</div>',
+          '#context' => [
+            'title' => $perm_item['title'],
+          ],
+        ];
+
+        $add_on['permissions'][$perm]['description']['#context']['description'] = $perm_item['description'];
+        $add_on['permissions'][$perm]['description']['#context']['warning'] = $perm_item['warning'];
+
+        foreach ($role_names as $rid => $name) {
+          $add_on['permissions'][$perm][$rid] = [
+            '#title' => $name . ': ' . $perm_item['title'],
+            '#title_display' => 'invisible',
+            '#wrapper_attributes' => [
+              'class' => ['checkbox'],
+            ],
+            '#type' => 'checkbox',
+            '#default_value' => in_array($perm, $role_permissions[$rid]) ? 1 : 0,
+            '#attributes' => ['class' => ['rid-' . $rid, 'js-rid-' . $rid], 'disabled' => 'disabled'],
+            '#parents' => [$rid, $perm],
+          ];
+          $add_on['permissions'][$perm][$rid]['#attributes']['checked'] = in_array($perm, $role_permissions[$rid]) ? 'checked' : FALSE;
+          // Show a column of checked checkboxes.
+          if ($admin_roles[$rid]) {
+            $add_on['permissions'][$perm][$rid]['#attributes']['checked'] = 'checked';
+          }
+        }
+      }
+    }
+    $add_on['#weight'] = 21;
+    return $add_on;
+  }
+
+  /**
+   * Get the array of permissions associated with a entity bundle.
+   * 
+   * @param string $entity_type
+   *   The entity type for the permissions.
+   * @param string $bundle
+   *   The bundle id for the permissions.
+   * 
+   * @return array
+   *   An array of permissions related to the entity bundle.
+   */
+  protected function permissionsOfBundle(string $entity_type, string $bundle): array {
+
+    // Load a specific bundle (e.g., node content type).
+    $bundle_info = $this->entityTypeManager->getStorage($entity_type)->load($bundle);
+
+    // Get the names of all config entities that depend on $this->bundle.
+    $config_name = $bundle_info->getConfigDependencyName();
+    $config_entities = $this->configManager->findConfigEntityDependencies('config', [$config_name]);
+    $config_names = array_map(
+      fn($dependent_config) => $dependent_config->getConfigDependencyName(),
+      $config_entities,
+    );
+    $config_names[] = $config_name;
+
+    // Find all the permissions that depend on $bundle.
+    $permissions = $this->permissionHandler->getPermissions();
+    $permissions_by_provider = [];
+    foreach ($permissions as $permission_name => $permission) {
+      $required_configs = $permission['dependencies']['config'] ?? [];
+      if (array_intersect($required_configs, $config_names)) {
+        $provider = $permission['provider'];
+        $permissions_by_provider[$provider][$permission_name] = $permission;
+      }
+    }
+
+    return $permissions_by_provider;
+  }
+
   /**
    * Builds the rows of all fields on a fieldable entity.
    *

[Steve Wirt]

Nice work, I forgot to tell you about using add ons.