/** * Returns the permission strings that a group of roles have. * * @param array $roleIDs * The array of roleIDs to check. * @param bool $groupByRoleId * Choose whether to group permissions by role ID. * @return array * An array of the permissions untrusted roles have. If $groupByRoleId is * true, the array key is the role ID, the value is the array of permissions * the role has. */ public static function rolePermissions(array $roleIDs, $groupByRoleId = FALSE) { // Get the permissions the given roles have, grouped by roles. $permissions_grouped = user_role_permissions($roleIDs); // Fill up the administrative roles' permissions too. foreach ($roleIDs as $roleID) { $role = Role::load($roleID); /** @var Role $role */ if ($role->isAdmin()) { $permissions_grouped[$roleID] = static::permissions(); } } if ($groupByRoleId) { // If the result should be grouped, we have nothing else to do. return $permissions_grouped; } else { // Merge the grouped permissions into $untrusted_permissions. $untrusted_permissions = array(); foreach ($permissions_grouped as $rid => $permissions) { $untrusted_permissions = array_merge($untrusted_permissions, $permissions); } // Remove duplicate elements and fix indexes. $untrusted_permissions = array_values(array_unique($untrusted_permissions)); return $untrusted_permissions; } }
/** * Generates a hash that uniquely identifies the user's permissions. * * @param \Drupal\user\Entity\Role[] $roles * The user's roles. * * @return string * The permissions hash. */ protected function doGenerate(array $roles) { // @todo Once Drupal gets rid of user_role_permissions(), we should be able // to inject the user role controller and call a method on that instead. $permissions_by_role = user_role_permissions($roles); foreach ($permissions_by_role as $role => $permissions) { sort($permissions); $permissions_by_role[$role] = $permissions; } return hash('sha256', $this->privateKey->get() . Settings::getHashSalt() . serialize($permissions_by_role)); }
/** * Checks if user has Drupal's role with LiteCommerce administrator permissions * * @param array $roles Array of user's roles in Drupal * * @return boolean */ public static function isRoleHasAdminPermission(array $roles) { $rolePermissions = user_role_permissions($roles); $found = false; foreach ($rolePermissions as $rid => $perms) { $found = isset($perms[self::LC_DRUPAL_ADMIN_ROLE_NAME]); if ($found) { break; } } return $found; }
function tac_admin($form, $form_state, $rid = NULL) { $vocabularyObjects = taxonomy_get_vocabularies(); $vocabularies = array(-1 => '[Select One]'); foreach ($vocabularyObjects as $vocabularyObject) { $vocabularies[$vocabularyObject->vid] = $vocabularyObject->name; } $vocabulary = variable_get('tac_vocabulary', -1); $form = array(); $form[] = array('vocabulary' => array('#type' => 'select', '#options' => $vocabularies, '#title' => t('Vocabulary to use for Access Control'), '#default_value' => $vocabulary)); if ($vocabulary > 0) { $query = db_select('tac_map', 'm'); $query->fields('m'); $data = $query->execute()->fetchAll(); $currentValues = array(); foreach ($data as $row) { $currentValues[$row->rid][$row->tid] = $row; } $user_roles = user_roles(); $role_permissions = user_role_permissions($user_roles); foreach ($user_roles as $rid => $role) { if ($rid == DRUPAL_ANONYMOUS_RID) { continue; } if (isset($role_permissions[$rid]['bypass node access']) && $role_permissions[$rid]['bypass node access']) { continue; } $subform = array('#theme' => 'tac_term_list', '#title' => 'Permissions for role "' . $role . '"'); foreach (taxonomy_get_tree($vocabulary) as $term) { $subform['term_' . $term->tid] = array('#title' => $term->name, 'list' => array('#parents' => array('edit', $rid, $term->tid, 'list'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_list) ? $currentValues[$rid][$term->tid]->grant_list : 0), 'create' => array('#parents' => array('edit', $rid, $term->tid, 'create'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_create) ? $currentValues[$rid][$term->tid]->grant_create : 0), 'update' => array('#parents' => array('edit', $rid, $term->tid, 'update'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_update) ? $currentValues[$rid][$term->tid]->grant_update : 0), 'delete' => array('#parents' => array('edit', $rid, $term->tid, 'delete'), '#type' => 'checkbox', '#default_value' => isset($currentValues[$rid][$term->tid]->grant_delete) ? $currentValues[$rid][$term->tid]->grant_delete : 0)); } $form['role' . $rid] = $subform; } } $form[] = array('#type' => 'submit', '#value' => t('Submit')); return $form; }
/** * {@inheritdoc} */ public function getPermissionValue(FieldStorageConfigInterface $field) { $roules = user_roles(); $field_field_permissions = []; $field_permission_perm = FieldPermissionsService::permissions(); $permissions = user_role_permissions(); foreach ($roules as $rule_name => $roule) { $roule_perms = $roule->getPermissions(); $field_field_permissions[$rule_name] = []; // For all element set admin permission. if ($roule->isAdmin()) { foreach (array_keys($field_permission_perm) as $perm_name) { $field_field_permissions[$rule_name][] = $perm_name; } } else { foreach ($roule_perms as $key => $roule_perm) { if (in_array($roule_perm, array_keys($field_permission_perm))) { $field_field_permissions[$rule_name][] = $roule_perm; } } } } return $field_field_permissions; }
public function getPerms() { $perms = user_role_permissions(array($this->rid => $this->name)); return array_keys($perms[$this->rid]); }
/** * Represent the current state of permissions as a perm to role name array map. */ protected static function get_permissions($by_role = TRUE) { $map = user_permission_get_modules(); $roles = static::get_roles(); $permissions = array(); foreach (user_role_permissions($roles) as $rid => $role_permissions) { if ($by_role) { foreach (array_keys(array_filter($role_permissions)) as $permission) { if (isset($map[$permission])) { $permissions[$permission][] = $roles[$rid]; } } } else { $permissions[$roles[$rid]] = array(); foreach ($role_permissions as $permission => $status) { if (isset($map[$permission])) { $permissions[$roles[$rid]][$permission] = $status; } } } } return $permissions; }
/** * Look for admin permissions granted to untrusted roles. */ private function checkAdminPermissions() { $result = TRUE; $check_result_value = array(); $mapping_role = array('anonymous' => 1, 'authenticated' => 2); $untrusted_roles = $this->untrustedRoles(); // Collect permissions marked as for trusted users only. $all_permissions = \Drupal::service('user.permissions')->getPermissions(); $all_keys = array_keys($all_permissions); // Get permissions for untrusted roles. $untrusted_permissions = user_role_permissions(array_keys($untrusted_roles)); foreach ($untrusted_permissions as $rid => $permissions) { $intersect = array_intersect($all_keys, $permissions); foreach ($intersect as $permission) { if (isset($all_permissions[$permission]['restrict access'])) { $check_result_value[$mapping_role[$rid]][] = $permission; } } } if (!empty($check_result_value)) { $result = FALSE; } return array('result' => $result, 'value' => $check_result_value); }