user_permissions.module in User Permissions 7

<?php

/**
 * Defines a new constant for the dummy role _user_role_0, which
 * will not be given any permissions.
 */
define("USER_PERMISSIONS_NO_ROLE", '_user_role_0');

/**
 * The pattern that matches a User Permissions related role.
 */
define('USER_PERMISSIONS_ROLE_REGEX', '/^_user_role_\\d+$/');

/**
 * Implements hook_theme()
 */
function user_permissions_theme() {
  return array(
    'user_permissions_profile_permissions_form' => array(
      'arguments' => array(
        'form' => NULL,
      ),
      'function' => 'theme_user_admin_perm',
    ),
    'user_admin_new_role' => array(
      'arguments' => array(
        'form' => NULL,
      ),
      'function' => 'theme_user_permissions_user_admin_new_role',
    ),
  );
}

/**
 * Implements hook_menu()
 */
function user_permissions_menu() {
  $items['user/%user/permissions'] = array(
    'title' => 'User Permissions',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'user_permissions_profile_permissions_form',
      1,
    ),
    'access callback' => 'user_access',
    'access arguments' => array(
      'administer permissions',
    ),
    'type' => MENU_LOCAL_TASK,
  );
  return $items;
}

/**
 * Implements hook_user_delete()
 */
function user_permissions_user_delete($account) {
  if ($role = user_role_load_by_name('_user_role_' . $account->uid)) {
    user_role_delete((int) $role->rid);
  }
}

/**
 * Creates form on user's profile for assigning permissions
 */
function user_permissions_profile_permissions_form($form, $form_state, $account) {
  module_load_include('inc', 'user', 'user.admin');
  $role_name = '_user_role_' . $account->uid;
  $role = user_role_load_by_name($role_name);
  if ($role) {
    $form = drupal_get_form('user_admin_permissions', $role->rid);
  }
  else {
    $role = user_role_load_by_name(USER_PERMISSIONS_NO_ROLE);
    $form = drupal_get_form('user_admin_permissions', $role->rid);
    $form['checkboxes'][$role->rid]['#default_value'] = array();
    $form['role_names']['#value'][$role->rid] = $role_name;
  }
  $blocked_permissions = array();
  foreach (user_role_permissions($account->roles) as $rid => $permissions) {
    if ($rid != $role->rid) {
      $blocked_permissions += array_filter($permissions);
    }
  }
  foreach (array_keys($blocked_permissions) as $permission) {
    if (isset($form['checkboxes'][$role->rid][$permission])) {
      $form['checkboxes'][$role->rid][$permission]['#checked'] = TRUE;
      $form['checkboxes'][$role->rid][$permission]['#value'] = $permission;
      $form['checkboxes'][$role->rid][$permission]['#disabled'] = TRUE;
    }
  }
  $form['role_names'][$role->rid]['#markup'] = 'Enable?';
  $form['role_name'] = array(
    '#type' => 'hidden',
    '#value' => $role->name,
  );
  $form['rid'] = array(
    '#type' => 'hidden',
    '#value' => $role->rid,
  );
  $form['uid'] = array(
    '#type' => 'hidden',
    '#value' => $account->uid,
  );
  unset($form['#submit']);
  return $form;
}

/**
 * Handles submission of user_permissions_profile_permissions_form
 *
 * If the user has a role created by this module, this updates the permissions
 * for this role. Otherwise it creates the new role with the new permissions if
 * any permissions were given.
 */
function user_permissions_profile_permissions_form_submit($form, &$form_state) {
  $perms = array();
  $uid = (int) $form_state['values']['uid'];
  $rid = (int) $form_state['values']['rid'];
  $role_name = $form_state['values']['role_name'];
  if (array_key_exists($rid, $form_state['input'])) {
    $perms = $form_state['input'][$rid];
  }
  if ($role_name == USER_PERMISSIONS_NO_ROLE) {
    if (!empty($perms)) {

      // Creates a new role with the name $role_name
      $role_name = '_user_role_' . $uid;
      $role = new stdClass();
      $role->name = $role_name;
      $role_saved = user_role_save($role);
      if ($role_saved == SAVED_NEW || $role_saved == SAVED_UPDATED) {
        $role = user_role_load_by_name($role_name);
        $rid = $role->rid;
        $account = user_load($uid);
        $account->roles[$rid] = $role_name;
        user_save($account);
        user_role_grant_permissions($rid, $perms);
      }
      else {
        drupal_set_message('User role was not saved.', 'error');
      }
    }

    // else $perms has no permissions for the user, so no user role is created.
  }
  else {

    // Modifying existing user permissions
    if (empty($perms)) {

      // If $perms has no permissions for the user, this deletes all permission/role
      // information related to this role to reduce database clutter
      user_role_delete($rid);
    }
    else {

      // Updating the user's permissions
      $old_perms = user_role_permissions(array(
        $rid => $role_name,
      ));
      user_role_revoke_permissions($rid, array_keys($old_perms[$rid]));
      user_role_grant_permissions($rid, $perms);
    }
  }
}

/**
 * Alters user_filter_form
 */
function user_permissions_form_user_filter_form_alter(&$form, &$form_state, $form_id) {
  if (is_array($form['filters']['status']['filters']['role']['#options'])) {

    // Removes _user_role_N roles from the roles user filter on the /admin/people page.
    user_permissions_array_filter_roles($form['filters']['status']['filters']['role']['#options']);
  }
}

/**
 * Alters user_admin_account
 *
 * Removes _user_role_N roles from the 'Add/Remove a role to the selected
 * users' update Option on the /admin/people page.
 */
function user_permissions_form_user_admin_account_alter(&$form, &$form_state, $form_id) {
  if (!empty($form['options']['operation']['#options'])) {
    $options =& $form['options']['operation']['#options'];
    $operations = array(
      t('Add a role to the selected users'),
      t('Remove a role from the selected users'),
    );
    foreach ($operations as $operation) {
      if (!empty($options[$operation]) && is_array($options[$operation])) {
        user_permissions_array_filter_roles($options[$operation]);
      }
    }
  }
}

/**
 * Implements hook_FORM_ID_alter for the user profile form.
 *
 * @see user_profile_form()
 */
function user_permissions_form_user_profile_form_alter(&$form, &$form_state, $form_id) {
  if ($form['#user_category'] === 'account') {

    // Removes the elements related to _user_role_N roles from the Roles form on the /user/{UID}/edit page
    foreach (user_roles() as $rid => $name) {
      if (preg_match(USER_PERMISSIONS_ROLE_REGEX, $name) && !in_array($rid, $form['account']['roles']['#default_value'])) {
        unset($form['account']['roles']['#options'][$rid]);
      }
    }
  }
}

/**
* Implements hook_FORM_ID_alter for the user registration form.
*
* @see user_register_form()
*/
function user_permissions_form_user_register_form_alter(&$form, &$form_state, $form_id) {
  if (isset($form['account']['roles'])) {

    // Removes the elements related to _user_role_N roles from the Roles
    // form on the admin/people/create page.
    user_permissions_array_filter_roles($form['account']['roles']['#options']);
    if (empty($form['account']['roles']['#options'])) {
      $form['account']['roles']['#access'] = FALSE;
    }
  }
}

/**
 * Alters user_admin_permissions
 */
function user_permissions_form_user_admin_permissions_alter(&$form, &$form_state, $form_id) {

  // If viewing a user permissions page, this returns early so
  // it doesn't modify the form.
  if (count($form['role_names']['#value']) == 1) {
    $names = array_values($form['role_names']['#value']);
    if (preg_match(USER_PERMISSIONS_ROLE_REGEX, array_shift($names))) {
      return;
    }
  }
  $role_id_filter = array();

  // Creates an array of role IDs to use as a filter for removing
  // all _user_role_N related elements from the Permissions form.
  foreach (user_roles() as $rid => $name) {
    if (preg_match(USER_PERMISSIONS_ROLE_REGEX, $name)) {
      $role_id_filter[] = $rid;
    }
  }

  // Removes the checkboxes from the Permissions form on the
  // /admin/people/permissions page.
  foreach ($form['checkboxes'] as $key => $value) {
    if (in_array($key, $role_id_filter)) {
      unset($form['checkboxes'][$key]);
    }
  }

  // Removes the columns for the _user_role_N roles from the Permissions
  // form on the /admin/people/permissions page.
  foreach (element_children($form['role_names']) as $key) {
    if (in_array($key, $role_id_filter)) {
      unset($form['role_names'][$key]);
      unset($form['role_names']['#value'][$key]);
    }
  }
}

/**
 * Alters user_admin_new_role
 */
function user_permissions_form_user_admin_roles_alter(&$form, &$form_state, $form_id) {

  // Removes the elements related to _user_role_N roles from the Roles form on the /admin/people/permissions/roles page
  foreach (user_roles() as $rid => $name) {
    if (preg_match(USER_PERMISSIONS_ROLE_REGEX, $name)) {
      unset($form['roles'][$rid]);
    }
  }
}

/**
 * Remove the User Permissions module related roles from an array.
 */
function user_permissions_array_filter_roles(&$array) {
  $array = array_filter(preg_replace(USER_PERMISSIONS_ROLE_REGEX, '', $array));
}