Skip to content
Snippets Groups Projects
Commit 763a22b1 authored by Josha Hubbers's avatar Josha Hubbers
Browse files

Issue #3479631 by jeroen dost, joshahubbers: Also protect default pages (403,...

Issue #3479631 by jeroen dost, joshahubbers: Also protect default pages (403, 404) and custom urls - fixes, tweaks
parent e6c3e6c9
No related branches found
No related tags found
No related merge requests found
Pipeline #305545 passed
{
"name": "drupal/prevent_homepage_deletion",
"description": "This module adds a permission 'delete_homepage_node'.",
"description": "This module protects pages from deletion with a permission.",
"type": "drupal-module",
"license": "GPL-2.0-or-later",
"authors": [
......
name: Prevent Homepage Deletion
type: module
description: With this module you can revoke the permission to delete the homepage node.
core_version_requirement: ^8 || ^9 || ^10 || ^11
description: With this module you can revoke the permission to delete specific nodes.
configure: prevent_homepage_deletion.settings
core_version_requirement: ^9 || ^10 || ^11
package: Access control
dependencies:
- drupal:node
prevent_homepage_deletion.settings:
title: 'Prevent Homepage Deletion Settings'
title: 'Prevent page deletion'
parent: system.admin_config_system
description: 'Configure the Prevent Homepage Deletion module.'
description: 'Configure which pages cannot be deleted without permission.'
weight: -10
route_name: prevent_homepage_deletion.settings
......@@ -26,16 +26,14 @@ function prevent_homepage_deletion_help($route_name, RouteMatchInterface $route_
$output .= '<h3>' . t('About') . '</h3>';
$output .= '<p>' . t("This module provides a new permission: delete
homepage node. Only users with this permission can delete the node that
is currently configured as the home page of the site. Other users will
is currently configured as the home page of the site, the 404 page, the
403 page and a configurable set of other pages. Other users will
not see the delete-tab, nor the delete option in the content overview.
Please mind that if the user has the permission \"bypass node access\"
this module will be overruled.")
. '</p>';
$output .= '<p>' . t("In addition this module also checks deletion of
default pages like 403 and 404, also stored in system.site config file.")
. '</p>';
$output .= '<p>' . t("It can also check other routes available in de admin
config settings for this module.")
$output .= '<p>' . t("You can set up the other pages that need to be
protected at /admin/config/system/prevent-homepage-deletion.")
. '</p>';
return $output;
}
......@@ -63,7 +61,7 @@ function prevent_homepage_deletion_node_access(EntityInterface $entity, $operati
/**
* Implements hook_entity_field_access().
*/
function prevent_homepage_deletion_entity_field_access($operation, $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL): AccessResultForbidden|AccessResultNeutral {
function prevent_homepage_deletion_entity_field_access($operation, $field_definition, AccountInterface $account, FieldItemListInterface $items): AccessResultForbidden|AccessResultNeutral {
$accessResult = AccessResult::neutral();
if ($operation === "edit" && $items) {
$entity = $items->getEntity();
......@@ -122,7 +120,6 @@ function _prevent_homepage_deletion_check(EntityInterface $entity, AccountInterf
if (\Drupal::service('path.matcher')->isFrontPage() || in_array($entity_id, $ids)) {
// Check for permission.
// @todo: Check if the permission needs to be different.
if (!$account->hasPermission('delete_homepage_node')) {
$can_delete = FALSE;
}
......@@ -139,7 +136,7 @@ function _prevent_homepage_deletion_show_message(): void {
$delete_action = \Drupal::request()->request->get('action') === 'node_delete_action';
if (str_contains($url, '/delete') || $delete_action) {
\Drupal::messenger()->addMessage(t('You tried to delete a restricted page
(homepage, 404 or 403 pages), but you do not have the permission to do
so.'));
(homepage, 404, 403 or other specifically protected pages), but you do not
have the permission to do so.'));
}
}
delete_homepage_node:
title: 'Delete homepage node'
description: 'Users with this permission are allowed to delete a homepage node.'
description: 'Users with this permission are allowed to delete a homepage, 404, 403 or other protected node.'
restrict access: false
......@@ -2,6 +2,6 @@ prevent_homepage_deletion.settings:
path: '/admin/config/system/prevent-homepage-deletion'
defaults:
_form: '\Drupal\prevent_homepage_deletion\Form\PreventHomepageDeletionSettingsForm'
_title: 'Prevent Homepage Deletion settings'
_title: 'Prevent page deletion settings'
requirements:
_permission: 'administer site configuration'
......@@ -37,22 +37,15 @@ class PreventHomepageDeletionSettingsForm extends ConfigFormBase {
$config = $this->config('prevent_homepage_deletion.settings');
$form['protected_urls'] = [
'#type' => 'textarea',
'#title' => $this->t('Protect these urls'),
'#title' => $this->t("Protect these URL's"),
'#description' => $this->t('Enter a list of page paths to protect against
deletion. Start with "/".<br><strong>One item per line.</strong>'),
deletion. Start with "/". Wildcards are not supported.<br><strong>One item per line.</strong>'),
'#default_value' => $config->get('protected_urls'),
];
return parent::buildForm($form, $form_state);
}
/**
* {@inheritdoc}
*/
public function validateForm(array &$form, FormStateInterface $form_state): void {
parent::validateForm($form, $form_state);
}
/**
* {@inheritdoc}
*/
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment