src/Entity/Form/GroupRelationshipTypeForm.php

@@ -142,7 +142,7 @@ class GroupRelationshipTypeForm extends EntityForm {
     // If we are on an 'add' form, we create the relationship type using the
     // plugin configuration submitted using this form.
     if ($this->operation == 'add') {
-      $storage = $this->entityTypeManager->getStorage('group_content_type');
+      $storage = $this->entityTypeManager->getStorage('group_relationship_type');
       assert($storage instanceof GroupRelationshipTypeStorageInterface);
       $storage->createFromPlugin($group_type, $plugin->getRelationTypeId(), $config)->save();
       $this->messenger()->addStatus($this->t('The content plugin was installed on the group type.'));

src/Entity/Form/GroupRevisionDeleteForm.php

@@ -38,7 +38,7 @@ class GroupRevisionDeleteForm extends ConfirmFormBase {
   /**
    * Constructs a new GroupRevisionDeleteForm.
    *
-   * @param \Drupal\Core\Entity\ContentEntityStorageInterface
+   * @param \Drupal\Core\Entity\ContentEntityStorageInterface $group_storage
    *   The group storage.
    * @param \Drupal\Core\Datetime\DateFormatterInterface $date_formatter
    *   The date formatter service.
@@ -111,7 +111,7 @@ class GroupRevisionDeleteForm extends ConfirmFormBase {
     $this->messenger()->addStatus(
       $this->t('Revision from %revision-date of @type %title has been deleted.', [
         '%revision-date' => $this->dateFormatter->format($this->revision->getRevisionCreationTime()),
-        '@type' => $group_type,
+        '@type' => $group_type->label(),
         '%title' => $this->revision->label(),
       ])
     );
@@ -138,6 +138,7 @@ class GroupRevisionDeleteForm extends ConfirmFormBase {
       ->getQuery()
       ->allRevisions()
       ->condition('id', $group->id())
+      ->accessCheck()
       ->count()
       ->execute();
   }

src/Entity/Form/GroupRevisionRevertForm.php

@@ -13,6 +13,13 @@ use Symfony\Component\DependencyInjection\ContainerInterface;
  */
 class GroupRevisionRevertForm extends RevisionRevertForm {
 
+  /**
+   * The entity revision.
+   *
+   * @var \Drupal\group\Entity\GroupInterface
+   */
+  protected $revision;
+
   /**
    * The time service.
    *

src/Entity/Form/GroupRoleForm.php

@@ -22,7 +22,6 @@ class GroupRoleForm extends EntityForm {
 
     assert($this->entity instanceof GroupRoleInterface);
     $group_role = $this->entity;
-    $group_role_id = '';
 
     $form['label'] = [
       '#title' => $this->t('Name'),
@@ -33,28 +32,28 @@ class GroupRoleForm extends EntityForm {
       '#size' => 30,
     ];
 
-    // Since group role IDs are prefixed by the group type's ID followed by a
-    // period, we need to save some space for that.
-    $subtract = strlen($group_role->getGroupTypeId()) + 1;
-
-    // Since machine names with periods in it are technically not allowed, we
-    // strip the group type ID prefix when editing a group role.
-    if ($group_role->id()) {
-      [, $group_role_id] = explode('-', $group_role->id(), 2);
+    // UI-generated group roles have the group type prefixed to their ID.
+    if ($this->operation === 'add') {
+      // Since group role IDs are prefixed by the group type's ID followed by a
+      // period, we need to save some space for that.
+      $subtract = strlen($group_role->getGroupTypeId()) + 1;
+      $form['id'] = [
+        '#type' => 'machine_name',
+        '#description' => $this->t('A unique machine-readable name for this group role. It must only contain lowercase letters, numbers, and underscores.'),
+        '#maxlength' => EntityTypeInterface::ID_MAX_LENGTH - $subtract,
+        '#field_prefix' => $group_role->getGroupTypeId() . '-',
+        '#machine_name' => [
+          'exists' => [$this, 'exists'],
+          'source' => ['label'],
+        ],
+      ];
+    }
+    else {
+      $form['id'] = [
+        '#type' => 'value',
+        '#value' => $group_role->id(),
+      ];
     }
-
-    $form['id'] = [
-      '#type' => 'machine_name',
-      '#default_value' => $group_role_id,
-      '#maxlength' => EntityTypeInterface::ID_MAX_LENGTH - $subtract,
-      '#machine_name' => [
-        'exists' => [$this, 'exists'],
-        'source' => ['label'],
-      ],
-      '#description' => $this->t('A unique machine-readable name for this group role. It must only contain lowercase letters, numbers, and underscores.'),
-      '#disabled' => !$group_role->isNew(),
-      '#field_prefix' => $group_role->getGroupTypeId() . '-',
-    ];
 
     $form['weight'] = [
       '#type' => 'value',
@@ -146,10 +145,15 @@ class GroupRoleForm extends EntityForm {
    */
   public function save(array $form, FormStateInterface $form_state) {
     assert($this->entity instanceof GroupRoleInterface);
+
     $group_role = $this->entity;
-    $group_role->set('id', $group_role->getGroupTypeId() . '-' . $group_role->id());
     $group_role->set('label', trim($group_role->label()));
 
+    // UI-generated group roles have the group type prefixed to their ID.
+    if ($this->operation === 'add') {
+      $group_role->set('id', $group_role->getGroupTypeId() . '-' . $group_role->id());
+    }
+
     // Make sure the global_role property is NULL rather than FALSE.
     if ($group_role->getScope() === PermissionScopeInterface::INDIVIDUAL_ID) {
       $group_role->set('global_role', NULL);
@@ -169,12 +173,14 @@ class GroupRoleForm extends EntityForm {
     }
 
     $form_state->setRedirectUrl($group_role->toUrl('collection'));
+    return $status;
   }
 
   /**
    * Checks whether a group role ID exists already.
    *
    * @param string $id
+   *   The group role ID.
    *
    * @return bool
    *   Whether the ID is taken.
@@ -182,7 +188,7 @@ class GroupRoleForm extends EntityForm {
   public function exists($id) {
     assert($this->entity instanceof GroupRoleInterface);
     $group_role = $this->entity;
-    return (boolean) $this->entityTypeManager->getStorage('group_role')->load($group_role->getGroupTypeId() . '-' .$id);
+    return (boolean) $this->entityTypeManager->getStorage('group_role')->load($group_role->getGroupTypeId() . '-' . $id);
   }
 
   /**

src/Entity/Form/GroupTypeDeleteForm.php

@@ -4,7 +4,6 @@ namespace Drupal\group\Entity\Form;
 
 use Drupal\Core\Entity\EntityDeleteForm;
 use Drupal\Core\Form\FormStateInterface;
-use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
  * Provides a form for group type deletion.
@@ -30,7 +29,7 @@ class GroupTypeDeleteForm extends EntityDeleteForm {
 
       $form['#title'] = $this->getQuestion();
       $form['description'] = [
-        '#markup' => '<p>' . $this->formatPlural($num_groups, $single, $multiple, $replace) . '</p>'
+        '#markup' => '<p>' . $this->formatPlural($num_groups, $single, $multiple, $replace) . '</p>',
       ];
 
       return $form;

src/Entity/Form/GroupTypeForm.php

@@ -89,7 +89,14 @@ class GroupTypeForm extends BundleEntityFormBase {
       '#description' => $this->t('This text will be displayed on the <em>Add group</em> page.'),
     ];
 
-    $form['title_label'] = [
+    $form['group_settings'] = [
+      '#type' => 'details',
+      '#title' => $this->t('Group settings'),
+      '#description' => $this->t('The following settings apply to all groups of this type.'),
+      '#open' => FALSE,
+    ];
+
+    $form['group_settings']['title_label'] = [
       '#title' => $this->t('Title field label'),
       '#type' => 'textfield',
       '#default_value' => $fields['label']->getLabel(),
@@ -97,20 +104,26 @@ class GroupTypeForm extends BundleEntityFormBase {
       '#required' => TRUE,
     ];
 
-    $form['new_revision'] = [
+    $form['group_settings']['new_revision'] = [
       '#type' => 'checkbox',
       '#title' => $this->t('Create a new revision when a group is modified'),
       '#default_value' => $type->shouldCreateNewRevision(),
     ];
 
-    $form['creator_membership'] = [
+    $form['creator_settings'] = [
+      '#type' => 'details',
+      '#title' => $this->t('Creator settings'),
+      '#open' => TRUE,
+    ];
+
+    $form['creator_settings']['creator_membership'] = [
       '#title' => $this->t('The group creator automatically becomes a member'),
       '#type' => 'checkbox',
       '#default_value' => $type->creatorGetsMembership(),
       '#description' => $this->t('This will make sure that anyone who creates a group of this type will automatically become a member of it.'),
     ];
 
-    $form['creator_wizard'] = [
+    $form['creator_settings']['creator_wizard'] = [
       '#title' => $this->t('Group creator must complete their membership'),
       '#type' => 'checkbox',
       '#default_value' => $type->creatorMustCompleteMembership(),
@@ -120,34 +133,88 @@ class GroupTypeForm extends BundleEntityFormBase {
       ],
     ];
 
+    $access_information = $this->t('
+      <p>Please note that Drupal accounts, <em><strong>including user 1</strong></em>, do not have access to any groups unless configured so.<br />It is therefore important that you at the very least do one of the following:</p>
+      <ul>
+        <li>Allow the group creator to get a role and set some permissions on it. You can edit this group type at any time to set more creator roles.</li>
+        <li>Allow certain global roles to get some permissions via Outsider or Insider group roles.</li>
+        <li>Optionally set an admin role, either for the group creator or for global roles (via Outsider or Insider group roles).</li>
+      </ul>
+      <p>If your use case does not require the group creator to be an admin of the group, then it is <strong>strongly advised</strong> to at least create an Outsider and/or Insider group role that synchronize with whatever administrator global role you have configured.</p>
+    ');
+
+    $form['access_settings'] = [
+      '#type' => 'details',
+      '#title' => $this->t('Access settings'),
+      '#description' => $access_information,
+      '#open' => TRUE,
+    ];
+
     // Add-form specific elements.
     if ($this->operation == 'add') {
-      $form['add_default_roles'] = [
+      $form['access_settings']['add_default_roles'] = [
         '#title' => $this->t('Automatically configure useful default roles'),
         '#type' => 'checkbox',
         '#default_value' => 0,
         '#description' => $this->t("This will create an 'Anonymous', 'Outsider' and 'Member' role by default which will synchronize to the 'Anonymous user' and 'Authenticated user' global roles."),
       ];
 
-      $form['add_admin_role'] = [
+      $form['access_settings']['add_admin_role'] = [
         '#title' => $this->t('Automatically configure an administrative role'),
         '#type' => 'checkbox',
         '#default_value' => 0,
         '#description' => $this->t("This will create an 'Admin' role by default which will have all permissions."),
       ];
 
-      $form['assign_admin_role'] = [
+      $form['access_settings']['assign_admin_role'] = [
         '#title' => $this->t('Automatically assign this administrative role to group creators'),
         '#type' => 'checkbox',
         '#default_value' => 0,
         '#description' => $this->t("This will assign the 'Admin' role to the group creator membership."),
         '#states' => [
           'visible' => [
-            ':input[name="creator_membership"]' => ['checked' => TRUE],
-            ':input[name="add_admin_role"]' => ['checked' => TRUE],
+            ':input[name="creator_membership"]' => ['unchecked' => FALSE],
+            ':input[name="add_admin_role"]' => ['unchecked' => FALSE],
           ],
         ],
       ];
+
+      $admin_role = FALSE;
+      foreach ($this->entityTypeManager->getStorage('user_role')->loadMultiple() as $user_role) {
+        assert($user_role instanceof RoleInterface);
+        if ($user_role->isAdmin()) {
+          $admin_role = $user_role;
+          break;
+        }
+      }
+
+      if ($admin_role !== FALSE) {
+        $form['access_settings']['global_admins'] = [
+          '#type' => 'details',
+          '#title' => $this->t('Global administrator settings'),
+          '#description' => $this->t('<p>We have detected that your site has an all-access global role called @role.</p>', ['@role' => $admin_role->toLink(NULL, 'edit-form')->toString()]),
+          '#open' => TRUE,
+        ];
+
+        $form['access_settings']['global_admins']['global_admin_role_id'] = [
+          '#type' => 'value',
+          '#value' => $admin_role->id(),
+        ];
+
+        $form['access_settings']['global_admins']['add_admin_outsider'] = [
+          '#title' => $this->t('Automatically allow accounts with this role to manage all groups of this type they <strong>are not</strong> a member of'),
+          '#type' => 'checkbox',
+          '#default_value' => 1,
+          '#description' => $this->t("This will create an 'Administrator' role in the Outsider scope that syncs to the global role."),
+        ];
+
+        $form['access_settings']['global_admins']['add_admin_insider'] = [
+          '#title' => $this->t('Automatically allow accounts with this role to manage all groups of this type they <strong>are</strong> a member of'),
+          '#type' => 'checkbox',
+          '#default_value' => 1,
+          '#description' => $this->t("This will create an 'Administrator' role in the Insider scope that syncs to the global role."),
+        ];
+      }
     }
     // Edit-form specific elements.
     else {
@@ -156,7 +223,7 @@ class GroupTypeForm extends BundleEntityFormBase {
         $options[$group_role->id()] = $group_role->label();
       }
 
-      $form['creator_roles'] = [
+      $form['access_settings']['creator_roles'] = [
         '#title' => $this->t('Group creator roles'),
         '#type' => 'checkboxes',
         '#options' => $options,
@@ -171,7 +238,7 @@ class GroupTypeForm extends BundleEntityFormBase {
         $add_role_url = Url::fromRoute('entity.group_role.add_form', ['group_type' => $type->id()]);
         $t_args = ['@url' => $add_role_url->toString()];
         $description = $this->t('You do not have any custom group roles yet, <a href="@url">create one here</a>.', $t_args);
-        $form['creator_roles']['#description'] .= "<br /><em>$description</em>";
+        $form['access_settings']['creator_roles']['#description'] .= "<br /><em>$description</em>";
       }
     }
 
@@ -239,7 +306,10 @@ class GroupTypeForm extends BundleEntityFormBase {
       // Optionally create the default and/or admin roles.
       $add_default_roles = $form_state->getValue('add_default_roles');
       $add_admin_role = $form_state->getValue('add_admin_role');
-      if ($add_default_roles || $add_admin_role) {
+      $add_admin_outsider = $form_state->getValue('add_admin_outsider');
+      $add_admin_insider = $form_state->getValue('add_admin_insider');
+
+      if ($add_default_roles || $add_admin_role || $add_admin_outsider || $add_admin_insider) {
         $storage = $this->entityTypeManager->getStorage('group_role');
         assert($storage instanceof GroupRoleStorageInterface);
 
@@ -276,7 +346,7 @@ class GroupTypeForm extends BundleEntityFormBase {
           $storage->save($storage->create([
             'id' => "$group_type_id-admin",
             'label' => $this->t('Admin'),
-            'weight' => -99,
+            'weight' => 100,
             'scope' => PermissionScopeInterface::INDIVIDUAL_ID,
             'group_type' => $group_type_id,
             'admin' => TRUE,
@@ -287,10 +357,36 @@ class GroupTypeForm extends BundleEntityFormBase {
             $group_type->set('creator_roles', [$group_type_id . '-admin'])->save();
           }
         }
+
+        if ($add_admin_outsider || $add_admin_insider) {
+          $base = [
+            'label' => $this->t('Administrator'),
+            'global_role' => $form_state->getValue('global_admin_role_id'),
+            'group_type' => $group_type_id,
+            'admin' => TRUE,
+          ];
+
+          if ($add_admin_outsider) {
+            $storage->save($storage->create([
+              'id' => "$group_type_id-admin_out",
+              'weight' => 101,
+              'scope' => PermissionScopeInterface::OUTSIDER_ID,
+            ] + $base));
+          }
+
+          if ($add_admin_insider) {
+            $storage->save($storage->create([
+              'id' => "$group_type_id-admin_in",
+              'weight' => 102,
+              'scope' => PermissionScopeInterface::INSIDER_ID,
+            ] + $base));
+          }
+        }
       }
     }
 
     $form_state->setRedirectUrl($group_type->toUrl('collection'));
+    return $status;
   }
 
 }

src/Entity/GroupInterface.php

@@ -2,13 +2,13 @@
 
 namespace Drupal\group\Entity;
 
-use Drupal\Core\Entity\EntityInterface;
-use Drupal\user\EntityOwnerInterface;
 use Drupal\Core\Entity\ContentEntityInterface;
 use Drupal\Core\Entity\EntityChangedInterface;
+use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Entity\EntityPublishedInterface;
 use Drupal\Core\Entity\RevisionLogInterface;
 use Drupal\Core\Session\AccountInterface;
+use Drupal\user\EntityOwnerInterface;
 use Drupal\user\UserInterface;
 
 /**
@@ -30,6 +30,7 @@ interface GroupInterface extends ContentEntityInterface, EntityOwnerInterface, E
    * Returns the group type entity the group uses.
    *
    * @return \Drupal\group\Entity\GroupTypeInterface
+   *   The group type entity.
    */
   public function getGroupType();
 
@@ -121,7 +122,7 @@ interface GroupInterface extends ContentEntityInterface, EntityOwnerInterface, E
    *   The user to load the membership for.
    *
    * @return \Drupal\group\GroupMembership|false
-   *   The loaded GroupMembership or FALSE if none was found.
+   *   The loaded group membership or FALSE if none was found.
    */
   public function getMember(AccountInterface $account);
 
@@ -133,7 +134,7 @@ interface GroupInterface extends ContentEntityInterface, EntityOwnerInterface, E
    *   names to filter on. Results only need to match on one role (IN query).
    *
    * @return \Drupal\group\GroupMembership[]
-   *   A list of GroupMembership objects representing the memberships.
+   *   A list of group memberships.
    */
   public function getMembers($roles = NULL);