function administerusersbyrole_query_alter in Administer Users by Role 7.2
Implements hook_query_alter().
File
- ./
administerusersbyrole.module, line 104 - Provides fine-grained permissions for creating, editing, and deleting users.
Code
function administerusersbyrole_query_alter(QueryAlterableInterface $query) {
// The tag administerusersbyrole_edit_access is used to indicate that we should filter out users where there isn't edit access.
if ($query
->hasTag('administerusersbyrole_edit_access') && !user_access('administer users')) {
// Exclude the root user.
$query
->condition('users.uid', 1, '<>');
$roles = user_roles(TRUE);
foreach ($roles as $rid => $role) {
if (!user_access(_administerusersbyrole_build_perm_string($rid, 'edit'))) {
$exclude[$rid] = $rid;
}
}
if (isset($exclude[DRUPAL_AUTHENTICATED_RID])) {
// No permission unless there is a role.
$query
->join('users_roles', 'users_roles_2', 'users_roles_2.uid=users.uid');
unset($exclude[DRUPAL_AUTHENTICATED_RID]);
}
// Do an "anti-join" on the excluded roles - add a left join and then check the results set is null.
// NB We don't have to check that $exclude might be empty, because it always contains the admin role.
$urAlias = $query
->leftjoin('users_roles', 'ur', 'ur.uid=users.uid AND ur.rid IN (:exclude)', array(
':exclude' => $exclude,
));
$query
->isNull("{$urAlias}.uid");
}
}