You are here

Home » API reference » Administer Users by Role 7.2 » administerusersbyrole.module

function administerusersbyrole_query_alter in Administer Users by Role 7.2

Implements hook_query_alter().

File

./administerusersbyrole.module, line 104
Provides fine-grained permissions for creating, editing, and deleting users.

Code

function administerusersbyrole_query_alter(QueryAlterableInterface $query) {

  // The tag administerusersbyrole_edit_access is used to indicate that we should filter out users where there isn't edit access.
  if ($query
    ->hasTag('administerusersbyrole_edit_access') && !user_access('administer users')) {

    // Exclude the root user.
    $query
      ->condition('users.uid', 1, '<>');
    $roles = user_roles(TRUE);
    foreach ($roles as $rid => $role) {
      if (!user_access(_administerusersbyrole_build_perm_string($rid, 'edit'))) {
        $exclude[$rid] = $rid;
      }
    }
    if (isset($exclude[DRUPAL_AUTHENTICATED_RID])) {

      // No permission unless there is a role.
      $query
        ->join('users_roles', 'users_roles_2', 'users_roles_2.uid=users.uid');
      unset($exclude[DRUPAL_AUTHENTICATED_RID]);
    }

    // Do an "anti-join" on the excluded roles - add a left join and then check the results set is null.
    // NB We don't have to check that $exclude might be empty, because it always contains the admin role.
    $urAlias = $query
      ->leftjoin('users_roles', 'ur', 'ur.uid=users.uid AND ur.rid IN (:exclude)', array(
      ':exclude' => $exclude,
    ));
    $query
      ->isNull("{$urAlias}.uid");
  }
}