function administerusersbyrole_query_administerusersbyrole_edit_access_alter in Administer Users by Role 8.3
Same name and namespace in other branches
- 8.2 administerusersbyrole.module \administerusersbyrole_query_administerusersbyrole_edit_access_alter()
Implements hook_query_TAG_alter().
Modifies the user listing results to exclude user accounts that the logged in user does not have permission to modify.
File
- ./
administerusersbyrole.module, line 156 - Administer Users by Role main module file.
Code
function administerusersbyrole_query_administerusersbyrole_edit_access_alter(AlterableInterface $query) {
$account = \Drupal::currentUser();
// The tag administerusersbyrole_edit_access is used to indicate that we
// should filter out users where there isn't edit access.
if (!$account
->hasPermission('administer users')) {
// Exclude the root user.
$query
->condition('users_field_data.uid', 1, '<>');
// Hide any user accounts that the sub-admin can't edit or assign roles to.
$access_service = \Drupal::service('administerusersbyrole.access');
$roles = array_merge($access_service
->listRoles('edit', $account), $access_service
->listRoles('role-assign', $account));
if ($roles) {
// This code was changed from D7 to workaround D8 core bug https://www.drupal.org/node/2744069.
// Get a list of uids with roles that the user does not have permission
// to edit.
$subquery = \Drupal::database()
->select('user__roles', 'ur2');
$subquery
->fields('ur2', [
'entity_id',
]);
$subquery
->condition('ur2.roles_target_id', $roles, 'NOT IN');
// Exclude those uids from the result list.
$query
->condition('users_field_data.uid', $subquery, 'NOT IN');
}
else {
// Exclude all users.
$query
->condition('users_field_data.uid', NULL);
}
}
}