protected function ManagedRolePermissionsManager::getManagedPermissionsForRole in farmOS 2.x
Helper function to build managed permissions for managed roles.
Parameters
\Drupal\user\RoleInterface $role: The role to load permissions for.
Return value
array Array of permissions for the managed role.
1 call to ManagedRolePermissionsManager::getManagedPermissionsForRole()
- ManagedRolePermissionsManager::isPermissionInRole in modules/
core/ role/ src/ ManagedRolePermissionsManager.php - Checks if the role has a specified permission.
File
- modules/
core/ role/ src/ ManagedRolePermissionsManager.php, line 147
Class
- ManagedRolePermissionsManager
- ManagedRolePermissions Plugin Manager.
Namespace
Drupal\farm_roleCode
protected function getManagedPermissionsForRole(RoleInterface $role) {
// Start list of permissions.
$perms = [];
// If the role does not have farm_role settings, bail.
if (!$this
->isManagedRole($role)) {
return $perms;
}
// Load the Role's third party farm_role access settings.
$access_settings = $role
->getThirdPartySetting('farm_role', 'access');
// Get all plugin definitions.
$plugin_definitions = $this
->getDefinitions();
// Include permissions defined by plugin_definitions config entities.
foreach ($plugin_definitions as $plugin_definition) {
// Create an instance of the plugin.
$plugin = $this
->createInstance($plugin_definition['id']);
// Always include default permissions.
$default_perms = $plugin
->getDefaultPermissions();
$perms = array_merge($perms, $default_perms);
// Include config permissions if the role has config access.
if (!empty($access_settings['config'])) {
$config_perms = $plugin
->getConfigPermissions();
$perms = array_merge($perms, $config_perms);
}
// Include permissions defined by permission callbacks.
foreach ($plugin
->getPermissionCallbacks() as $permission_callback) {
// Resolve callback name and call the function. Pass the Role object as
// a parameter so the callback can access the role's settings.
$callback = $this->controllerResolver
->getControllerFromDefinition($permission_callback);
if ($callback_permissions = call_user_func($callback, $role)) {
// Add any callback permissions to the array of permissions.
$perms = array_merge($perms, $callback_permissions);
}
}
}
// Load the access.entity settings. Use an empty array if not provided.
$entity_settings = $access_settings['entity'] ? $access_settings['entity'] : [];
// Managed entity types.
$managed_entity_types = [
'asset',
'log',
'plan',
'taxonomy_term',
'quantity',
];
// Start an array of permission rules. This will be a multi-dimensional
// array that ultimately defines which permission strings will be given to
// the managed role. Each entity type's operations can be granted to
// individual bundles or all bundles by providing 'all' as a bundle name.
// Once built, the array will contain the following structure:
// $permission_rules[$entity_types][$operations][$bundles];.
$permission_rules = [];
// Build permission rules for each entity type.
foreach ($managed_entity_types as $entity_type) {
// Create empty array of operations for the entity_type.
$permission_rules[$entity_type] = [];
// Different entity types support different operations. Allow each entity
// type to map the high level 'create_all', 'view all', 'update all' and
// 'delete_all' operations to their specific operations.
switch ($entity_type) {
case 'asset':
case 'log':
case 'plan':
case 'quantity':
// Create.
if (!empty($entity_settings['create all'])) {
$permission_rules[$entity_type]['create'] = [
'all',
];
}
// View.
if (!empty($entity_settings['view all'])) {
$perms[] = 'view any ' . $entity_type;
$perms[] = 'view own ' . $entity_type;
$perms[] = 'view all ' . $entity_type . ' revisions';
$permission_rules[$entity_type]['view any'] = [
'all',
];
$permission_rules[$entity_type]['view own'] = [
'all',
];
}
// Update.
if (!empty($entity_settings['update all'])) {
$perms[] = 'revert all ' . $entity_type . ' revisions';
$permission_rules[$entity_type]['update any'] = [
'all',
];
$permission_rules[$entity_type]['update own'] = [
'all',
];
}
// Delete.
if (!empty($entity_settings['delete all'])) {
$permission_rules[$entity_type]['delete any'] = [
'all',
];
$permission_rules[$entity_type]['delete own'] = [
'all',
];
}
break;
case 'taxonomy_term':
// Create.
if (!empty($entity_settings['create all'])) {
$permission_rules[$entity_type]['create'] = [
'all',
];
}
// Update.
if (!empty($entity_settings['update all'])) {
$permission_rules[$entity_type]['edit'] = [
'all',
];
}
// Delete.
if (!empty($entity_settings['delete all'])) {
$permission_rules[$entity_type]['delete'] = [
'all',
];
}
break;
}
}
// Include granular entity + bundle permissions if defined on the role.
if (!empty($entity_settings['type'])) {
// Recursively merge granular permissions into the permission_rules array.
$permission_rules = array_merge_recursive($permission_rules, $entity_settings['type']);
}
// Build permissions for each entity type as defined in the
// permission_rules array.
foreach ($permission_rules as $entity_type => $operations) {
// Load all bundles of this entity type.
$entity_bundle_info = $this->entityTypeBundleInfo
->getBundleInfo($entity_type);
$entity_bundles = array_keys($entity_bundle_info);
// Build permissions for each operation associated with the entity.
foreach ($operations as $operation => $allowed_bundles) {
// Build operation permission for each bundle in the entity.
foreach ($entity_bundles as $bundle) {
// Build the operation permission string for each entity type. The
// permission syntax may be different for each entity type so build
// permission strings according to the entity type. Only add
// permissions if the operation explicitly lists the bundle name or
// specifies 'all' bundles.
switch ($entity_type) {
case 'asset':
case 'log':
case 'plan':
case 'quantity':
if (array_intersect([
'all',
$bundle,
], $allowed_bundles)) {
$perms[] = $operation . ' ' . $bundle . ' ' . $entity_type;
}
break;
case 'taxonomy_term':
if (array_intersect([
'all',
$bundle,
], $allowed_bundles)) {
$perms[] = $operation . ' terms in ' . $bundle;
}
break;
}
}
}
}
$this->rolePermissions[$role
->id()] = $perms;
return $perms;
}