Issue #3396895 by jhuhta, nicoschi, pontus.talvikarhu, bramdriesen, sokru:...

Issue #3396895 by jhuhta, nicoschi, pontus.talvikarhu, bramdriesen, sokru: Cookiebot should be showing for Administrators too

Issue #3396895 by jhuhta, nicoschi, pontus.talvikarhu, bramdriesen, sokru:...
acaa7782 · nicoschi · Bram Driesen · 59f79a0d · acaa7782 · acaa7782
Commit acaa7782 authored 4 months ago by nicoschi Committed by Bram Driesen 4 months ago
--- a/config/schema/cookiebot.schema.yml
+++ b/config/schema/cookiebot.schema.yml
@@ -31,9 +31,12 @@ cookiebot.settings:
    exclude_admin_theme:
      type: boolean
      label: "Exclude admin pages."
-    exclude_uid_1:
-      type: boolean
-      label: "Exclude user 1."
+    disabled_for_roles:
+      type: sequence
+      label: 'Roles that have the Cookiebot functionality disabled.'
+      sequence:
+        type: string
+        label: 'Role name.'
    message_placeholder_cookieconsent_optout_marketing_show:
      type: boolean
      label: "Show placeholder message for blocked marketing elements."

--- a/cookiebot.install
+++ b/cookiebot.install
@@ -5,6 +5,8 @@
 * Contains install, update and uninstall hooks.
 */

+use Drupal\user\Entity\Role;
+
 /**
 * Update configuration keys.
 */
@@ -77,3 +79,29 @@ function cookiebot_update_8004() {
 function cookiebot_update_8005() {
  \Drupal::service('module_installer')->install(['js_cookie']);
 }
+
+/**
+ * Update role and permission configuration.
+ */
+function cookiebot_update_8006() {
+  $config = \Drupal::configFactory()->getEditable('cookiebot.settings');
+
+  $roles = Role::loadMultiple();
+  $roles_with_permission = [];
+
+  // This goes through all the roles and if the permission is found,
+  // adds it to the list.
+  foreach ($roles as $role) {
+    if ($role->hasPermission('skip cookiebot consent')) {
+      $roles_with_permission[] = $role->id();
+      $role->revokePermission('skip cookiebot consent');
+      $role->save();
+    }
+  }
+
+  // Let's add these roles to the list in the configuration.
+  $config->set('disabled_for_roles', $roles_with_permission);
+  $config->clear('exclude_uid_1');
+  $config->save();
+
+}
--- a/cookiebot.module
+++ b/cookiebot.module
@@ -58,15 +58,12 @@ function cookiebot_theme($existing, $type, $theme, $path) {
 * Implements hook_page_attachments_alter().
 */
 function cookiebot_page_attachments_alter(array &$page) {
-  // Check hide if user can use site without giving Cookiebot cookie consent.
-  if (\Drupal::currentUser()->id() !== 1 && \Drupal::currentUser()->hasPermission('skip cookiebot consent')) {
-    return;
-  }
-
  $config = \Drupal::config('cookiebot.settings');

-  // Check hide cookie for the superuser.
-  if (\Drupal::currentUser()->id() == 1 && !empty($config->get('exclude_uid_1')) && $config->get('exclude_uid_1')) {
+  // A permission based approach would be cleaner, but it doesn't work
+  // here, as the Administrator role will get all permissions and thus
+  // this is always disabled for admin users. Let's make it truly configurable.
+  if ((bool) array_intersect($config->get('disabled_for_roles') ?? [], \Drupal::currentUser()->getRoles())) {
    return;
  }


--- a/cookiebot.permissions.yml
+++ b/cookiebot.permissions.yml
 'administer cookiebot settings':
  title: Administer Cookiebot Settings
  description: Allows users to administer Cookiebot settings.
-'skip cookiebot consent':
-  title: Can use the site without giving Cookiebot cookie consent
-  description: Allows users to use the site without giving Cookiebot cookie consent.
--- a/src/Form/CookiebotForm.php
+++ b/src/Form/CookiebotForm.php
@@ -8,6 +8,7 @@ use Drupal\Core\Config\TypedConfigManagerInterface;
 use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\Core\Form\ConfigFormBase;
 use Drupal\Core\Form\FormStateInterface;
+use Drupal\user\Entity\Role;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Drupal\path_alias\AliasManagerInterface;

@@ -176,10 +177,17 @@ class CookiebotForm extends ConfigFormBase {
      '#default_value' => $config->get('exclude_admin_theme'),
    ];

-    $form['visibility']['exclude_uid_1'] = [
-      '#type' => 'checkbox',
-      '#title' => $this->t('Don’t show the Cookiebot for UID 1.'),
-      '#default_value' => $config->get('exclude_uid_1'),
+    $role_options = array_map(function($role) {
+      return $role->label();
+    }, Role::loadMultiple());
+
+    $form['visibility']['disabled_for_roles'] = [
+      '#type' => 'select',
+      '#multiple' => TRUE,
+      '#options' => $role_options,
+      '#title' => $this->t('Cookiebot is disabled for these roles'),
+      '#description' => $this->t('The Cookiebot functionality is not loaded for users with the selected roles.'),
+      '#default_value' => $config->get('disabled_for_roles'),
    ];

    $declaration_node = '';
@@ -289,7 +297,7 @@ class CookiebotForm extends ConfigFormBase {
      ->set('cookiebot_show_declaration_node', $form_state->getValue('cookiebot_show_declaration_node'))
      ->set('exclude_paths', $form_state->getValue('exclude_paths'))
      ->set('exclude_admin_theme', $form_state->getValue('exclude_admin_theme'))
-      ->set('exclude_uid_1', $form_state->getValue('exclude_uid_1'))
+      ->set('disabled_for_roles', $form_state->getValue('disabled_for_roles'))
      ->set('message_placeholder_cookieconsent_optout_marketing_show', $form_state->getValue('message_placeholder_cookieconsent_optout_marketing_show'))
      ->set('message_placeholder_cookieconsent_optout_marketing', $form_state->getValue('message_placeholder_cookieconsent_optout_marketing'))
      ->save();