Issue #143: Default permissions with Paragraphs Type Permissions subm…

…odule. Fixes #143 By @yorkshire-pudding.
backdrop-contrib · Feb 25, 2023 · 6f191fe · 6f191fe
1 parent 52bb643
commit 6f191fe
Show file tree

Hide file tree

Showing 3 changed files with 207 additions and 0 deletions.
diff --git a/modules/paragraphs_bundle_permissions/paragraphs_bundle_permissions.install b/modules/paragraphs_bundle_permissions/paragraphs_bundle_permissions.install
@@ -0,0 +1,99 @@
+<?php
+/**
+ * @file
+ * Install, update and uninstall functions for the paragraphs_bundle_permissions
+ * sub-module.
+ */
+
+/**
+ * Implements hook_install().
+ *
+ * Add default permissions to anonymous and authenticated roles. Admin roles
+ * are added by default when the permissions are defined, so no need to add
+ * here.
+ */
+function paragraphs_bundle_permissions_install() {
+  // Load paragraph types/bundles.
+  $bundles = paragraphs_bundle_load();
+  // Create empty array for permissions.
+  $permissions = array();
+  // Define the view permissions for each type/bundle.
+  foreach ($bundles as $machine_name => $bundle) {
+    $permission_name = 'view paragraph content ' . $machine_name;
+    $permissions += array(
+      $permission_name => TRUE,
+    );
+  }
+  // Add the permissions to the anonymous role.
+  user_role_change_permissions('anonymous', $permissions);
+
+  // Add the permissions to the authenticated role.
+  user_role_change_permissions('authenticated', $permissions);
+
+  // Define a message informing the user default permissions have been added to
+  // each paragraph type.
+  // Get role names.
+  $roles = user_roles();
+  $admin_role = config_get('system.core', 'user_admin_role');
+  // Compile the message.
+  $t = get_t();
+  $message = $t('Default permissions have been added to the %anonymous and %authenticated roles (View) and %administrator role (All) for all existing paragraph types. ',
+    array(
+      '%anonymous' => $roles['anonymous'],
+      '%authenticated' => $roles['authenticated'],
+      '%administrator' => $roles[$admin_role],
+    )
+  );
+
+  // Define part of the message depending on whether the user has permission
+  // to administer permissions or not.
+  $conditional_message = paragraphs_bundle_permissions_conditional_message('Paragraphs Type Permissions');
+
+  // Display the combined message.
+  backdrop_set_message($message . $conditional_message, 'info');
+}
+
+/**
+ * Implements hook_update().
+ *
+ * Adds default permissions to the administrator role as these may be missing
+ * if new paragraph types have been added since the module was first enabled
+ * and they have not been added manually. Other roles will not be modified here
+ * as there is a strong possibility they have been defined.
+ */
+function paragraphs_bundle_permissions_update_1100() {
+  // Load paragraph types/bundles.
+  $bundles = paragraphs_bundle_load();
+  // Define all permissions for the administrator role.
+  $admin_permission_types = array('view', 'update', 'delete', 'create');
+  // Define array to add permissions to.
+  $permissions = array();
+  // Define the permissions for each type/bundle.
+  foreach ($bundles as $machine_name => $bundle) {
+    // Loop through each admin permission and add permission to array.
+    foreach ($admin_permission_types as $permission) {
+      $permission_name = $permission . ' paragraph content ' . $machine_name;
+      $permissions += array(
+        $permission_name => TRUE,
+      );
+    }
+  }
+  // Add the permissions to the administrator role.
+  $admin_role = config_get('system.core', 'user_admin_role');
+  user_role_change_permissions($admin_role, $permissions);
+
+  // Define a message informing the user that default permissions have been
+  // added to each paragraph type.
+  // Get role names.
+  $roles = user_roles();
+  // Compile the message.
+  $message = t('Default permissions (All) have been added to the %administrator role for all existing paragraph types if they did not already exist. No other roles have been modified. ',
+    array('%administrator' => $roles[$admin_role]));
+
+  // Define part of the message depending on whether the user has permission
+  // to administer permissions or not.
+  $conditional_message = paragraphs_bundle_permissions_conditional_message('Paragraphs Type Permissions');
+
+  // Display the combined message.
+  backdrop_set_message($message . $conditional_message, 'info');
+}
diff --git a/modules/paragraphs_bundle_permissions/paragraphs_bundle_permissions.module b/modules/paragraphs_bundle_permissions/paragraphs_bundle_permissions.module
@@ -74,3 +74,58 @@ function paragraphs_bundle_permissions_permission() {
 
   return $perms;
 }
+
+/**
+ * Generate conditional message.
+ *
+ * Generate the conditional part of the message to be displayed when
+ * permissions are added.
+ */
+function paragraphs_bundle_permissions_conditional_message($search) {
+  // Use get_t() instead of t() as the hook_install implementation could be
+  // called during the Backdrop installation phase.
+  $t = get_t();
+  // Define part of the message depending on whether the user has permission
+  // to administer permissions or not.
+  if (user_access("administer permissions")) {
+    // Compile the message with the link.
+    $conditional_message = $t('Review and make changes if needed on the <a href="@url">permissions</a> page.', array(
+      '@url' => paragraphs_bundle_permissions_url($search),
+    ));
+  }
+  else {
+    $conditional_message = $t("Contact an administrator with permission to modify these permissions if different permissions are needed.");
+  }
+  return $conditional_message;
+}
+
+/**
+ * Generate a link to the relevant section of the permissions screen.
+ */
+function paragraphs_bundle_permissions_url($search = '') {
+  // Define the base permission path.
+  $url_path = 'admin/config/people/permissions';
+
+  // If the Filter Permissions module is enabled then we should filter this
+  // module within the path so the filter can be applied server-side.
+  if (module_exists('filter_perms')) {
+    $url_module_filter = 'module-paragraphs_bundle_permissions';
+    $url_path .= '/' . $url_module_filter;
+    // If the search text is just for the module we can remove it as Filter
+    // Permissions will handle this.
+    $search = (($search == 'Paragraphs Type Permissions') ? '' : $search);
+  }
+  // Create a blank $options array so we can include in url function whether or
+  // not a search string is needed.
+  $options = array();
+  // Add the search query to $options if applicable.
+  if (!empty($search)) {
+    $options = array(
+      'query' => array(
+        'search' => $search,
+      ),
+    );
+  }
+  // Generate the url string.
+  return url($url_path, $options);
+}
diff --git a/paragraphs.admin.inc b/paragraphs.admin.inc
@@ -58,6 +58,17 @@ function paragraphs_admin_bundle_overview() {
       'title' => t('clone'),
       'href' => 'admin/structure/paragraphs/' . $type_url_str . '/clone',
     );
+
+    // Manage permissions if module enabled.
+    if (module_exists('paragraphs_bundle_permissions')) {
+      $operations['permissions'] = array(
+        'title' => t('Permissions'),
+        'href' => paragraphs_bundle_permissions_url(),
+        'query' => array('search' => $bundle->name . ': '),
+        'attributes' => array('title' => t('Configure permissions')),
+      );
+    }
+
     // Delete bundle.
     $operations['delete_type'] = array(
       'title' => t('Delete'),
@@ -249,6 +260,48 @@ function paragraphs_admin_bundle_form_submit(array $form, array &$form_state) {
 
   $status = paragraphs_bundle_save($bundle);
 
+  // Add permissions if paragraphs_bundle_permissions is enabled and paragraph
+  // is newly created.
+  if (module_exists('paragraphs_bundle_permissions') && $status == SAVED_NEW) {
+    // Define the permission name for viewing paragraph content.
+    $permission_name = 'view paragraph content ' . $bundle->bundle;
+    // Add the permission to the anonymous role.
+    user_role_change_permissions('anonymous', array($permission_name => TRUE));
+    // Add the permission to the authenticated role.
+    user_role_change_permissions('authenticated', array($permission_name => TRUE));
+
+    // Define all administrator permissions.
+    $admin_permissions = array('view', 'update', 'delete', 'create');
+    $permissions = array();
+    foreach ($admin_permissions as $permission) {
+      $permission_name = $permission . ' paragraph content ' . $bundle->bundle;
+      $permissions += array(
+        $permission_name => TRUE,
+      );
+    }
+    // Add the permissions to the administrator role.
+    $admin_role = config_get('system.core', 'user_admin_role');
+    user_role_change_permissions($admin_role, $permissions);
+
+    // Define a message informing the user who created the paragraph type that
+    // default permissions have been added.
+    $roles = user_roles();
+    $message = t("Default permissions have been added to the %anonymous and %authenticated roles ('View') and %admin role (all) for the %paragraph_type paragraph type. ",
+      array(
+        '%anonymous' => $roles['anonymous'],
+        '%authenticated' => $roles['authenticated'],
+        '%admin' => $roles[$admin_role],
+        '%paragraph_type' => $bundle->name,
+      )
+    );
+    // Define part of the message depending on whether the user has permission
+    // to administer permissions or not.
+    $conditional_message = paragraphs_bundle_permissions_conditional_message($bundle->name . ': ');
+
+    // Display the combined message.
+    backdrop_set_message($message . $conditional_message, 'info');
+  }
+
   $t_args = array('%name' => $bundle->name);
 
   if ($status == SAVED_UPDATED) {