You are here

Home » API reference » RoleAssign 6 » roleassign.module

function roleassign_user_operations in RoleAssign 6

Same name and namespace in other branches
  1. 5 roleassign.module \roleassign_user_operations()
  2. 7.2 roleassign.module \roleassign_user_operations()
  3. 7 roleassign.module \roleassign_user_operations()

Implementation of hook_user_operations().

Add or remove roles to selected users. Thanks to hunmonk for the original code.

File

./roleassign.module, line 237
Allows site administrators to further delegate the task of managing user's roles.

Code

function roleassign_user_operations() {

  // Do nothing if add and remove roles operations already is shown or
  // the user hasn't right to assign roles.
  if (user_access('administer permissions') || !user_access('assign roles')) {
    return;
  }

  // Get roles that are available for assignment.
  $assignable_roles = _roleassign_assignable_roles(user_roles(true));

  // Build an array of available operations.
  if (count($assignable_roles)) {
    foreach ($assignable_roles as $key => $value) {
      $add_roles['roleassign_add_role-' . $key] = $value;
      $remove_roles['roleassign_remove_role-' . $key] = $value;
    }
    $operations = array(
      t('Add a role to the selected users') => array(
        'label' => $add_roles,
      ),
      t('Remove a role from the selected users') => array(
        'label' => $remove_roles,
      ),
    );
  }
  else {
    $operations = array();
  }

  // The global variable $form_values is not available anymore;
  // the $_POST values are "sanitized" below.
  // The required 'callback' key and optional 'callback arguments' key are
  // actually only needed when someone has posted. We therefore postpone
  // the attachement of these until $form_values is set.
  if (isset($_POST['operation']) && ($operation = $_POST['operation'])) {

    // Get operation and role id.
    $op = explode('-', $operation);
    $rid = intval($op[1]);
    $op = $op[0];

    // If not a RoleAssign operation, there is not much to do.
    if ($op != 'roleassign_add_role' && $op != 'roleassign_remove_role') {
      return;
    }

    // If someone is trying to update user's roles, it's a malicious
    // attempt to alter user's roles.
    if (!user_access('assign roles')) {
      watchdog('security', 'Detected malicious attempt to alter user\'s roles.', array(), WATCHDOG_WARNING);
      form_set_error('category', t('Detected malicious attempt to alter user\'s roles.'));
    }

    // Form the name of the core callback functions for adding and
    // removing roles by choping off the 'roleassign_' part of the
    // operation string.
    $operations[$operation] = array(
      'callback' => 'user_multiple_role_edit',
      'callback arguments' => array(
        substr($op, 11),
        $rid,
      ),
    );
  }
  return $operations;
}