/**
* Returns the permission strings that a group of roles have.
*
* @param array $roleIDs
* The array of roleIDs to check.
* @param bool $groupByRoleId
* Choose whether to group permissions by role ID.
* @return array
* An array of the permissions untrusted roles have. If $groupByRoleId is
* true, the array key is the role ID, the value is the array of permissions
* the role has.
*/
public static function rolePermissions(array $roleIDs, $groupByRoleId = FALSE)
{
// Get the permissions the given roles have, grouped by roles.
$permissions_grouped = user_role_permissions($roleIDs);
// Fill up the administrative roles' permissions too.
foreach ($roleIDs as $roleID) {
$role = Role::load($roleID);
/** @var Role $role */
if ($role->isAdmin()) {
$permissions_grouped[$roleID] = static::permissions();
}
}
if ($groupByRoleId) {
// If the result should be grouped, we have nothing else to do.
return $permissions_grouped;
} else {
// Merge the grouped permissions into $untrusted_permissions.
$untrusted_permissions = array();
foreach ($permissions_grouped as $rid => $permissions) {
$untrusted_permissions = array_merge($untrusted_permissions, $permissions);
}
// Remove duplicate elements and fix indexes.
$untrusted_permissions = array_values(array_unique($untrusted_permissions));
return $untrusted_permissions;
}
}
/**
* Generates a hash that uniquely identifies the user's permissions.
*
* @param \Drupal\user\Entity\Role[] $roles
* The user's roles.
*
* @return string
* The permissions hash.
*/
protected function doGenerate(array $roles)
{
// @todo Once Drupal gets rid of user_role_permissions(), we should be able
// to inject the user role controller and call a method on that instead.
$permissions_by_role = user_role_permissions($roles);
foreach ($permissions_by_role as $role => $permissions) {
sort($permissions);
$permissions_by_role[$role] = $permissions;
}
return hash('sha256', $this->privateKey->get() . Settings::getHashSalt() . serialize($permissions_by_role));
}
/**
* Checks if user has Drupal's role with LiteCommerce administrator permissions
*
* @param array $roles Array of user's roles in Drupal
*
* @return boolean
*/
public static function isRoleHasAdminPermission(array $roles)
{
$rolePermissions = user_role_permissions($roles);
$found = false;
foreach ($rolePermissions as $rid => $perms) {
$found = isset($perms[self::LC_DRUPAL_ADMIN_ROLE_NAME]);
if ($found) {
break;
}
}
return $found;
}
function tac_admin($form, $form_state, $rid = NULL)
{
$vocabularyObjects = taxonomy_get_vocabularies();
$vocabularies = array(-1 => '[Select One]');
foreach ($vocabularyObjects as $vocabularyObject) {
$vocabularies[$vocabularyObject->vid] = $vocabularyObject->name;
}
$vocabulary = variable_get('tac_vocabulary', -1);
$form = array();
$form[] = array('vocabulary' => array('#type' => 'select', '#options' => $vocabularies, '#title' => t('Vocabulary to use for Access Control'), '#default_value' => $vocabulary));
if ($vocabulary > 0) {
$query = db_select('tac_map', 'm');
$query->fields('m');
$data = $query->execute()->fetchAll();
$currentValues = array();
foreach ($data as $row) {
$currentValues[$row->rid][$row->tid] = $row;
}
$user_roles = user_roles();
$role_permissions = user_role_permissions($user_roles);
foreach ($user_roles as $rid => $role) {
if ($rid == DRUPAL_ANONYMOUS_RID) {
continue;
}
if (isset($role_permissions[$rid]['bypass node access']) && $role_permissions[$rid]['bypass node access']) {
continue;
}
$subform = array('#theme' => 'tac_term_list', '#title' => 'Permissions for role "' . $role . '"');
foreach (taxonomy_get_tree($vocabulary) as $term) {
$subform['term_' . $term->tid] = array('#title' => $term->name, 'list' => array('#parents' => array('edit', $rid, $term->tid, 'list'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_list) ? $currentValues[$rid][$term->tid]->grant_list : 0), 'create' => array('#parents' => array('edit', $rid, $term->tid, 'create'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_create) ? $currentValues[$rid][$term->tid]->grant_create : 0), 'update' => array('#parents' => array('edit', $rid, $term->tid, 'update'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_update) ? $currentValues[$rid][$term->tid]->grant_update : 0), 'delete' => array('#parents' => array('edit', $rid, $term->tid, 'delete'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_delete) ? $currentValues[$rid][$term->tid]->grant_delete : 0));
}
$form['role' . $rid] = $subform;
}
}
$form[] = array('#type' => 'submit', '#value' => t('Submit'));
return $form;
}
/**
* {@inheritdoc}
*/
public function getPermissionValue(FieldStorageConfigInterface $field)
{
$roules = user_roles();
$field_field_permissions = [];
$field_permission_perm = FieldPermissionsService::permissions();
$permissions = user_role_permissions();
foreach ($roules as $rule_name => $roule) {
$roule_perms = $roule->getPermissions();
$field_field_permissions[$rule_name] = [];
// For all element set admin permission.
if ($roule->isAdmin()) {
foreach (array_keys($field_permission_perm) as $perm_name) {
$field_field_permissions[$rule_name][] = $perm_name;
}
} else {
foreach ($roule_perms as $key => $roule_perm) {
if (in_array($roule_perm, array_keys($field_permission_perm))) {
$field_field_permissions[$rule_name][] = $roule_perm;
}
}
}
}
return $field_field_permissions;
}
public function getPerms() {
$perms = user_role_permissions(array($this->rid => $this->name));
return array_keys($perms[$this->rid]);
}
/**
* Represent the current state of permissions as a perm to role name array map.
*/
protected static function get_permissions($by_role = TRUE)
{
$map = user_permission_get_modules();
$roles = static::get_roles();
$permissions = array();
foreach (user_role_permissions($roles) as $rid => $role_permissions) {
if ($by_role) {
foreach (array_keys(array_filter($role_permissions)) as $permission) {
if (isset($map[$permission])) {
$permissions[$permission][] = $roles[$rid];
}
}
} else {
$permissions[$roles[$rid]] = array();
foreach ($role_permissions as $permission => $status) {
if (isset($map[$permission])) {
$permissions[$roles[$rid]][$permission] = $status;
}
}
}
}
return $permissions;
}
/**
* Look for admin permissions granted to untrusted roles.
*/
private function checkAdminPermissions()
{
$result = TRUE;
$check_result_value = array();
$mapping_role = array('anonymous' => 1, 'authenticated' => 2);
$untrusted_roles = $this->untrustedRoles();
// Collect permissions marked as for trusted users only.
$all_permissions = \Drupal::service('user.permissions')->getPermissions();
$all_keys = array_keys($all_permissions);
// Get permissions for untrusted roles.
$untrusted_permissions = user_role_permissions(array_keys($untrusted_roles));
foreach ($untrusted_permissions as $rid => $permissions) {
$intersect = array_intersect($all_keys, $permissions);
foreach ($intersect as $permission) {
if (isset($all_permissions[$permission]['restrict access'])) {
$check_result_value[$mapping_role[$rid]][] = $permission;
}
}
}
if (!empty($check_result_value)) {
$result = FALSE;
}
return array('result' => $result, 'value' => $check_result_value);
}
