You are here

Home » API reference » Organic groups 7.2 » og_ui.admin.inc

function og_ui_admin_permissions in Organic groups 7.2

Menu callback: administer permissions.

Parameters

$group_type: Group entity type. E.g. 'node'.

$gid: Group item ID.

$bundle: Group bundle.

$rid.: Role ID. When specified, edit only this role's permissions.

See also

og_ui_admin_permissions_submit()

theme_og_ui_admin_permissions()

2 string references to 'og_ui_admin_permissions'
og_ui_forms in og_ui/og_ui.module
Implement hook_forms().
og_ui_menu in og_ui/og_ui.module
Implements hook_menu().

File

og_ui/og_ui.admin.inc, line 713
Admin settings for Organic groups module.

Code

function og_ui_admin_permissions($form, $form_state, $group_type = '', $gid = 0, $bundle = '', $rid = 0) {
  if ($rid) {

    // Get group type and bundle from role.
    $role = og_role_load($rid);
    $bundle = $role->group_bundle;
    $group_type = $role->group_type;
  }
  if ($gid) {
    og_set_breadcrumb($group_type, $gid, array(
      l(t('Group'), "{$group_type}/{$gid}/group"),
    ));
    list(, , $bundle) = entity_extract_ids($group_type, entity_load_single($group_type, $gid));
  }
  $form['group_type'] = array(
    '#type' => 'value',
    '#value' => $group_type,
  );
  $form['bundle'] = array(
    '#type' => 'value',
    '#value' => $bundle,
  );
  $form['gid'] = array(
    '#type' => 'value',
    '#value' => $gid,
  );
  $role_names = _og_ui_get_role_names($group_type, $bundle, $gid, $rid);

  // Fetch permissions for all roles or the one selected role.
  $role_permissions = og_role_permissions($role_names);

  // Store $role_names for use when saving the data.
  $form['role_names'] = array(
    '#type' => 'value',
    '#value' => $role_names,
  );

  // Render role/permission overview:
  $options = array();

  // Get the list of modules and sort it by name.
  $module_info = system_get_info('module');

  // Prepare the array of OG permissions so the modules are ordered by name.
  $modules = array();
  foreach (module_implements('og_permission') as $module) {
    $modules[$module] = $module_info[$module]['name'];
  }
  asort($modules);
  $permissions_by_module = array_fill_keys(array_keys($modules), array());

  // Get a list of all the modules implementing a hook_permission() and sort by
  // display name.
  foreach (og_get_permissions() as $perm => $value) {
    $module = $value['module'];
    $permissions_by_module[$module][$perm] = $value;
  }
  foreach ($permissions_by_module as $module => $permissions) {
    $form['permission'][] = array(
      '#markup' => $module_info[$module]['name'],
      '#id' => $module,
    );
    foreach ($permissions as $perm => $perm_item) {

      // Fill in default values for the permission.
      $perm_item += array(
        'description' => '',
        'restrict access' => FALSE,
        'warning' => !empty($perm_item['restrict access']) ? t('Warning: Give to trusted roles only; this permission has security implications in the group context.') : '',
      );

      // If the user can manage permissions, but does not have administer
      // group permission, hide restricted permissions from them. This
      // prevents users from escalating their privileges.
      if ($gid && ($perm_item['restrict access'] && !og_user_access($group_type, $gid, 'administer group'))) {
        continue;
      }
      $options[$perm] = '';
      $form['permission'][$perm] = array(
        '#type' => 'item',
        '#markup' => $perm_item['title'],
        '#description' => theme('user_permission_description', array(
          'permission_item' => $perm_item,
        )),
      );
      foreach ($role_names as $rid => $name) {

        // Builds arrays for checked boxes for each role
        if (isset($role_permissions[$rid][$perm])) {
          $status[$rid][] = $perm;
        }
      }
    }
  }

  // Have to build checkboxes here after checkbox arrays are built
  foreach ($role_names as $rid => $name) {
    $form['checkboxes'][$rid] = array(
      '#type' => 'checkboxes',
      '#options' => $options,
      '#default_value' => isset($status[$rid]) ? $status[$rid] : array(),
      '#attributes' => array(
        'class' => array(
          'rid-' . $rid,
        ),
      ),
    );
    $form['role_names'][$rid] = array(
      '#markup' => check_plain($name),
      '#tree' => TRUE,
    );
  }
  if (!$gid || !og_is_group_default_access($group_type, $gid)) {
    $form['actions'] = array(
      '#type' => 'actions',
    );
    $form['actions']['submit'] = array(
      '#type' => 'submit',
      '#value' => t('Save permissions'),
      '#submit' => array(
        'og_ui_admin_permissions_submit',
      ),
    );
  }
  $form['#after_build'][] = 'og_ui_admin_permissions_after_build';
  return $form;
}