View source
<?php
namespace Drupal\apigee_edge_teams\Form;
use Drupal\apigee_edge_teams\TeamPermissionHandlerInterface;
use Drupal\Component\Utility\Html;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Form\FormStateInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
class TeamPermissionsForm extends FormBase {
protected $teamPermissionHandler;
protected $entityTypeManager;
public function __construct(TeamPermissionHandlerInterface $team_permissions, EntityTypeManagerInterface $entity_type_manager) {
$this->teamPermissionHandler = $team_permissions;
$this->entityTypeManager = $entity_type_manager;
}
public static function create(ContainerInterface $container) {
return new static($container
->get('apigee_edge_teams.team_permissions'), $container
->get('entity_type.manager'));
}
public function getFormId() {
return 'apigee_edge_teams_permissions_form';
}
public function buildForm(array $form, FormStateInterface $form_state) {
$form['non_member_team_apps_visible_api_products'] = [
'#type' => 'checkboxes',
'#title' => $this
->t('Visible API products on team app add/edit forms for users who are not member of a team'),
'#description' => $this
->t("This configuration allows to limit the visible API products on team app add/edit forms for users who are not a member of the team but still has access to these forms. For example, if a user is not member a team, but it has \"Manage team apps\" site-wide permission then it can create team apps for the team and edit any team apps owned by the team.<br>Suggestion: keep this configuration in sync with the team administrator's API product access settings."),
'#options' => [
'public' => $this
->t('Public'),
'private' => $this
->t('Private'),
'internal' => $this
->t('Internal'),
],
'#default_value' => $this
->config('apigee_edge_teams.team_settings')
->get('non_member_team_apps_visible_api_products'),
];
$role_names = [];
$role_permissions = [];
$roles = $this
->getTeamRoles();
$member = $roles['member'];
unset($roles['member']);
$roles = [
'member' => $member,
] + $roles;
if (isset($roles['admin'])) {
$admin = $roles['admin'];
unset($roles['admin']);
$roles['admin'] = $admin;
}
foreach ($roles as $role_name => $role) {
$role_names[$role_name] = $role
->label();
$role_permissions[$role_name] = $role
->getPermissions();
}
$form['role_names'] = [
'#type' => 'value',
'#value' => $role_names,
];
$hide_descriptions = system_admin_compact_mode();
$form['system_compact_link'] = [
'#id' => FALSE,
'#type' => 'system_compact_link',
];
$form['permissions'] = [
'#type' => 'table',
'#header' => [
$this
->t('Permission'),
],
'#id' => 'permissions',
'#attributes' => [
'class' => [
'permissions',
'js-permissions',
],
],
'#sticky' => TRUE,
];
foreach ($role_names as $name) {
$form['permissions']['#header'][] = [
'data' => $name,
'class' => [
'checkbox',
],
];
}
foreach ($this->teamPermissionHandler
->getPermissions() as $permission) {
$category_id = preg_replace('/[^A-Za-z0-9_]+/', '_', $permission
->getCategory()
->getUntranslatedString());
$form['permissions'][$category_id] = [
[
'#wrapper_attributes' => [
'colspan' => count($role_names) + 1,
'class' => [
'group',
],
'id' => Html::getId($category_id),
],
'#markup' => $permission
->getCategory(),
],
];
$form['permissions'][$permission
->getName()]['description'] = [
'#type' => 'inline_template',
'#template' => '<div class="permission"><span class="title">{{ title }}</span>{% if description %}<div class="description">{{ description }}</div>{% endif %}</div>',
'#context' => [
'title' => $permission
->getLabel(),
],
];
if (!$hide_descriptions) {
$form['permissions'][$permission
->getName()]['description']['#context']['description'] = $permission
->getDescription() ?? '';
}
foreach ($role_names as $rid => $name) {
$form['permissions'][$permission
->getName()][$rid] = [
'#title' => $permission
->getName() . ': ' . $permission
->getLabel(),
'#title_display' => 'invisible',
'#wrapper_attributes' => [
'class' => [
'checkbox',
],
],
'#type' => 'checkbox',
'#default_value' => in_array($permission
->getName(), $role_permissions[$rid]) ? 1 : 0,
'#attributes' => [
'class' => [
'rid-' . $rid,
'js-rid-' . $rid,
],
],
'#parents' => [
$rid,
$permission
->getName(),
],
];
}
}
$form['actions'] = [
'#type' => 'actions',
];
$form['actions']['submit'] = [
'#type' => 'submit',
'#value' => $this
->t('Save permissions'),
'#button_type' => 'primary',
];
$form['#attached']['library'][] = 'apigee_edge_teams/permissions';
return $form;
}
public function submitForm(array &$form, FormStateInterface $form_state) {
$this
->configFactory()
->getEditable('apigee_edge_teams.team_settings')
->set('non_member_team_apps_visible_api_products', array_keys(array_filter($form_state
->getValue('non_member_team_apps_visible_api_products', []))))
->save();
$storage = $this->entityTypeManager
->getStorage('team_role');
foreach ($form_state
->getValue('role_names') as $role_name => $name) {
$storage
->changePermissions($role_name, (array) $form_state
->getValue($role_name));
}
$this
->messenger()
->addStatus($this
->t('The changes have been saved.'));
}
protected function getTeamRoles() : array {
return $this->entityTypeManager
->getStorage('team_role')
->loadMultiple();
}
}