Commit a557b0de authored by Dries's avatar Dries

- Patch #300993 by sun: extended the roles and permissions API so we can...

- Patch #300993 by sun: extended the roles and permissions API so we can revoke permissions from a role etc.
parent 448996a5
...@@ -901,7 +901,7 @@ protected function drupalCreateRole(array $permissions, $name = NULL) { ...@@ -901,7 +901,7 @@ protected function drupalCreateRole(array $permissions, $name = NULL) {
$role = new stdClass(); $role = new stdClass();
$role->name = $name; $role->name = $name;
user_role_save($role); user_role_save($role);
user_role_set_permissions($role->name, $permissions); user_role_grant_permissions($role->rid, $permissions);
$this->assertTrue(isset($role->rid), t('Created role of name: @name, id: @rid', array('@name' => $name, '@rid' => (isset($role->rid) ? $role->rid : t('-n/a-')))), t('Role')); $this->assertTrue(isset($role->rid), t('Created role of name: @name, id: @rid', array('@name' => $name, '@rid' => (isset($role->rid) ? $role->rid : t('-n/a-')))), t('Role'));
if ($role && !empty($role->rid)) { if ($role && !empty($role->rid)) {
......
...@@ -626,7 +626,7 @@ function user_admin_permissions($form, $form_state, $rid = NULL) { ...@@ -626,7 +626,7 @@ function user_admin_permissions($form, $form_state, $rid = NULL) {
$form['permission'][] = array( $form['permission'][] = array(
'#markup' => $info['name'], '#markup' => $info['name'],
'#id' => $module, '#id' => $module,
); );
foreach ($permissions as $perm => $perm_item) { foreach ($permissions as $perm => $perm_item) {
$options[$perm] = ''; $options[$perm] = '';
$form['permission'][$perm] = array( $form['permission'][$perm] = array(
...@@ -663,8 +663,7 @@ function user_admin_permissions($form, $form_state, $rid = NULL) { ...@@ -663,8 +663,7 @@ function user_admin_permissions($form, $form_state, $rid = NULL) {
*/ */
function user_admin_permissions_submit($form, &$form_state) { function user_admin_permissions_submit($form, &$form_state) {
foreach ($form_state['values']['role_names'] as $rid => $name) { foreach ($form_state['values']['role_names'] as $rid => $name) {
$permissions = array_filter($form_state['values'][$rid]); user_role_change_permissions($rid, $form_state['values'][$rid]);
user_role_set_permissions($rid, $permissions);
} }
drupal_set_message(t('The changes have been saved.')); drupal_set_message(t('The changes have been saved.'));
......
...@@ -2301,39 +2301,69 @@ function user_role_delete($role) { ...@@ -2301,39 +2301,69 @@ function user_role_delete($role) {
->condition('rid', $role->rid) ->condition('rid', $role->rid)
->execute(); ->execute();
module_invoke_all('user_role_delete', $role);
// Clear the user access cache. // Clear the user access cache.
drupal_static_reset('user_access'); drupal_static_reset('user_access');
drupal_static_reset('user_role_permissions'); drupal_static_reset('user_role_permissions');
module_invoke_all('user_role_delete', $role);
} }
/** /**
* Assign permissions to a user role. * Change permissions for a user role.
* *
* @param $role * This function may be used to grant and revoke multiple permissions at once.
* A string with the role name, or an integer with the role ID. * For example, when a form exposes checkboxes to configure permissions for a
* role, the submitted values may be directly passed on in a form submit
* handler.
*
* @param $rid
* The ID of a user role to alter.
* @param $permissions * @param $permissions
* An array of permissions strings. * An array of permissions, where the key holds the permission name and the
* @param $merge * value is an integer or boolean that determines whether to grant or revoke
* A boolean indicating whether to add permissions or to merge * the permission:
* with all existing permissions. * @code
* array(
* 'administer nodes' => 0,
* 'access user profiles' => 1,
* )
* @endcode
* Existing permissions are not changed, unless specified in $permissions.
*
* @see user_role_grant_permissions()
* @see user_role_revoke_permissions()
*/ */
function user_role_set_permissions($role, array $permissions = array(), $merge = FALSE) { function user_role_change_permissions($rid, array $permissions = array()) {
$role = user_role_load($role); // Grant new permissions for the role.
if (!$merge) { $grant = array_filter($permissions);
// Delete existing permissions for the role. if (!empty($grant)) {
db_delete('role_permission') user_role_grant_permissions($rid, array_keys($grant));
->condition('rid', $role->rid) }
->execute(); // Revoke permissions for the role.
$revoke = array_diff_assoc($permissions, $grant);
if (!empty($revoke)) {
user_role_revoke_permissions($rid, array_keys($revoke));
} }
}
// Assign the new permissions for the role. /**
foreach ($permissions as $permission_string) { * Grant permissions to a user role.
*
* @param $rid
* The ID of a user role to alter.
* @param $permissions
* A list of permission names to grant.
*
* @see user_role_change_permissions()
* @see user_role_revoke_permissions()
*/
function user_role_grant_permissions($rid, array $permissions = array()) {
// Grant new permissions for the role.
foreach ($permissions as $name) {
db_merge('role_permission') db_merge('role_permission')
->key(array( ->key(array(
'rid' => $role->rid, 'rid' => $rid,
'permission' => $permission_string, 'permission' => $name,
)) ))
->execute(); ->execute();
} }
...@@ -2341,8 +2371,29 @@ function user_role_set_permissions($role, array $permissions = array(), $merge = ...@@ -2341,8 +2371,29 @@ function user_role_set_permissions($role, array $permissions = array(), $merge =
// Clear the user access cache. // Clear the user access cache.
drupal_static_reset('user_access'); drupal_static_reset('user_access');
drupal_static_reset('user_role_permissions'); drupal_static_reset('user_role_permissions');
}
return TRUE; /**
* Revoke permissions from a user role.
*
* @param $rid
* The ID of a user role to alter.
* @param $permissions
* A list of permission names to revoke.
*
* @see user_role_change_permissions()
* @see user_role_grant_permissions()
*/
function user_role_revoke_permissions($rid, array $permissions = array()) {
// Revoke permissions for the role.
db_delete('role_permission')
->condition('rid', $rid)
->condition('permission', $permissions, 'IN')
->execute();
// Clear the user access cache.
drupal_static_reset('user_access');
drupal_static_reset('user_role_permissions');
} }
/** /**
......
...@@ -928,6 +928,31 @@ class UserPermissionsTestCase extends DrupalWebTestCase { ...@@ -928,6 +928,31 @@ class UserPermissionsTestCase extends DrupalWebTestCase {
$this->drupalPost('admin/config/modules', $edit, t('Save configuration')); $this->drupalPost('admin/config/modules', $edit, t('Save configuration'));
$this->assertTrue(user_access('administer news feeds', $this->admin_user), t('The permission was automatically assigned to the administrator role')); $this->assertTrue(user_access('administer news feeds', $this->admin_user), t('The permission was automatically assigned to the administrator role'));
} }
/**
* Verify proper permission changes by user_role_change_permissions().
*/
function testUserRoleChangePermissions() {
$rid = $this->rid;
$account = $this->admin_user;
// Verify current permissions.
$this->assertFalse(user_access('administer nodes', $account), t('User does not have "administer nodes" permission.'));
$this->assertTrue(user_access('access user profiles', $account), t('User has "access user profiles" permission.'));
$this->assertTrue(user_access('administer site configuration', $account), t('User has "administer site configuration" permission.'));
// Change permissions.
$permissions = array(
'administer nodes' => 1,
'access user profiles' => 0,
);
user_role_change_permissions($rid, $permissions);
// Verify proper permission changes.
$this->assertTrue(user_access('administer nodes', $account), t('User now has "administer nodes" permission.'));
$this->assertFalse(user_access('access user profiles', $account), t('User no longer has "access user profiles" permission.'));
$this->assertTrue(user_access('administer site configuration', $account), t('User still has "administer site configuration" permission.'));
}
} }
class UserAdminTestCase extends DrupalWebTestCase { class UserAdminTestCase extends DrupalWebTestCase {
......
...@@ -184,15 +184,15 @@ function default_install() { ...@@ -184,15 +184,15 @@ function default_install() {
db_insert('taxonomy_vocabulary_node_type')->fields(array('vid' => $vid, 'type' => 'article'))->execute(); db_insert('taxonomy_vocabulary_node_type')->fields(array('vid' => $vid, 'type' => 'article'))->execute();
// Enable default permissions for system roles. // Enable default permissions for system roles.
user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content')); user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access content'));
user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval')); user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval'));
// Create a default role for site administrators, with all available permissions assigned. // Create a default role for site administrators, with all available permissions assigned.
$admin_role = new stdClass(); $admin_role = new stdClass();
$admin_role->name = 'administrator'; $admin_role->name = 'administrator';
user_role_save($admin_role); user_role_save($admin_role);
user_role_set_permissions($admin_role->name, array_keys(module_invoke_all('permission'))); user_role_grant_permissions($admin_role->rid, array_keys(module_invoke_all('permission')));
// Set this as the administrator role. // Set this as the administrator role.
variable_set('user_admin_role', $admin_role->rid); variable_set('user_admin_role', $admin_role->rid);
......
...@@ -68,8 +68,8 @@ function expert_install() { ...@@ -68,8 +68,8 @@ function expert_install() {
$query->execute(); $query->execute();
// Enable default permissions for system roles. // Enable default permissions for system roles.
user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content')); user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access content'));
user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval')); user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval'));
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment