You are here

administerusersbyrole.module in Administer Users by Role 6

Non-displayable characters.

File

administerusersbyrole.module
View source
<?php



/**
 * Implements hook_perm().
 */
function administerusersbyrole_perm() {
  $roles = db_query('SELECT name FROM {role} WHERE rid > 2 ORDER BY name');
  $perms = array();
  $perms[] = 'create users';
  $perms[] = 'edit users with no custom roles';
  $perms[] = 'delete users with no custom roles';
  while ($role = db_fetch_array($roles)) {
    $perms[] = _administerusersbyrole_build_perm_string($role['name'], 'edit', FALSE);
    $perms[] = _administerusersbyrole_build_perm_string($role['name'], 'edit', TRUE);
    $perms[] = _administerusersbyrole_build_perm_string($role['name'], 'delete', FALSE);
    $perms[] = _administerusersbyrole_build_perm_string($role['name'], 'delete', TRUE);
  }
  return $perms;
}

/**
 * Implements hook_init().
 */
function administerusersbyrole_init() {
  $items = array();
  if (arg(0) === 'admin' && arg(1) === 'user' && arg(2) === 'user' && arg(3) === 'create') {
    if (!user_access('create users')) {
      drupal_set_message(t('You do not have permission to create users.'), 'error');
      drupal_goto("");
    }
  }
  elseif (arg(0) === 'user') {
    $uid = arg(1);
    if (module_exists('me')) {
      $uid = _me_check_arg($uid);
    }
    $account = user_load(array(
      'uid' => $uid,
    ));
    switch (arg(2)) {
      case 'edit':
        if (!_administerusersbyrole_can_edit_user($account)) {
          drupal_set_message(t('You do not have permission to edit %user.', array(
            '%user' => $account->name,
          )), 'error');
          drupal_goto('user/' . $account->uid);
        }
        break;
      case 'delete':
        if (!_administerusersbyrole_can_delete_user($account)) {
          drupal_set_message(t('You do not have permission to delete %user.', array(
            '%user' => $account->name,
          )), 'error');
          drupal_goto('user/' . $account->uid);
        }
        break;
    }
  }
  return $items;
}
function _administerusersbyrole_can_edit_user($account) {
  global $user;
  if ($account->uid == $user->uid) {
    return TRUE;
  }

  // allow only uid1 to edit uid1
  if ($account->uid == 1) {
    return FALSE;
  }
  if ($account->roles === array(
    DRUPAL_AUTHENTICATED_RID => 'authenticated user',
  )) {
    if (!user_access('edit users with no custom roles')) {
      return FALSE;
    }
  }
  $allow = TRUE;
  foreach ($account->roles as $rid => $role) {
    if ($rid === DRUPAL_AUTHENTICATED_RID) {
      continue;
    }
    if (user_access(_administerusersbyrole_build_perm_string($role, 'edit', TRUE))) {
      return TRUE;
    }
    if (!user_access(_administerusersbyrole_build_perm_string($role, 'edit', FALSE))) {
      $allow = FALSE;
    }
  }
  return $allow;
}
function _administerusersbyrole_can_delete_user($account) {
  if ($account->uid == 1) {
    return FALSE;
  }
  if ($account->roles === array(
    DRUPAL_AUTHENTICATED_RID => 'authenticated user',
  )) {
    if (!user_access('delete users with no custom roles')) {
      return FALSE;
    }
  }
  $allow = TRUE;
  foreach ($account->roles as $rid => $role) {
    if ($rid === DRUPAL_AUTHENTICATED_RID) {
      continue;
    }
    if (user_access(_administerusersbyrole_build_perm_string($role, 'delete', TRUE))) {
      return TRUE;
    }
    if (!user_access(_administerusersbyrole_build_perm_string($role, 'delete', FALSE))) {
      $allow = FALSE;
    }
  }
  return $allow;
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function administerusersbyrole_form_user_multiple_delete_confirm_alter(&$form, &$form_state) {
  $anyallowed = FALSE;
  foreach (array_filter($form_state['post']['accounts']) as $uid => $value) {
    $account = user_load($uid);
    if (_administerusersbyrole_can_delete_user($account)) {
      $anyallowed = TRUE;
    }
    else {
      drupal_set_message(t('You do not have permission to delete %user.', array(
        '%user' => $account->name,
      )), 'error');
      unset($form_state['post']['accounts'][$uid]);
      unset($form['accounts'][$uid]);
    }
  }
  if (!$anyallowed) {
    drupal_goto(drupal_substr($form['#action'], 1));
  }
}

/**
 * Implements hook_user().
 */
function administerusersbyrole_user($op, &$edit, &$account, $category = NULL) {
  if (defined('MAINTENANCE_MODE') && MAINTENANCE_MODE == 'install') {
    return;
  }
  if ($op === 'update' && $category === 'account') {
    if (!_administerusersbyrole_can_edit_user($account)) {
      if (isset($edit['status'])) {
        $action = $edit['status'] ? t('unblock') : t('block');
        drupal_set_message(t('You do not have permission to @action %user.', array(
          '@action' => $action,
          '%user' => $account->name,
        )), 'error');
        unset($edit['status']);
      }
    }
  }
}

/**
 * Generates a permission string for a given a role name.
 */
function _administerusersbyrole_build_perm_string($role_name, $op = 'edit', $other = FALSE) {
  $perm = "{$op} users with role ";
  $perm .= preg_replace('/[^a-zA-Z0-9]/', '', $role_name);
  if ($other) {
    $perm .= ' and other roles';
  }
  return $perm;
}