function user_readonly_form_alter in User Read-Only 7

Same name and namespace in other branches

5 user_readonly.module \user_readonly_form_alter()
6 user_readonly.module \user_readonly_form_alter()

Prevent the user from attempting to edit the field, thus preventing confusion. insert a hidden field w/ the appropriate value, since disabled fields do not get posted.

File

./user_readonly.module, line 224: This module provides restrictions on user account/profile fields.

Code

function user_readonly_form_alter(&$form, &$form_state, $form_id) {
  if ($form_id != 'user_edit' && $form_id != 'user_profile_form') {
    return;
  }
  $settings = _user_readonly_get();
  global $user;
  $user_roles = $user->roles;
  foreach ($form as $group => $data) {
    if (!is_array($data) || preg_match("/^#/", $group) || count(element_children($data)) == 0) {
      continue;
    }
    $display_group = FALSE;
    foreach (element_children($data) as $key => $value) {
      if (isset($data[$value][0]["#field_name"])) {
        $field = $data[$value][0]["#field_name"];
      }
      elseif (isset($data[$value]["#field_name"])) {
        $field = $data[$value]["#field_name"];
      }
      else {
        $field = $value;
      }

      // Only restrict access to fields controlled by this module.
      if (empty($settings[$field]) || !is_array($data[$value])) {
        $display_group = TRUE;
        continue;

        // Skip to the next child element.
      }

      // Use the default values unless the setting says otherwise.
      $settings_used = $settings['user_readonly'];
      if (!empty($settings[$field]['mode']) && $settings[$field]['mode'] != 'default') {
        $settings_used['mode'] = $settings[$field]['mode'];
        $settings_used['roles'] = $settings[$field]['roles'];
      }
      if (!empty($settings[$field]['action']) && $settings[$field]['action'] != 'default') {
        $settings_used['action'] = $settings[$field]['action'];
        $settings_used['roles'] = $settings[$field]['roles'];
      }

      //  Check if any of this user's roles are ticked in the settings.
      $ticked = FALSE;
      foreach ($user_roles as $role_rid => $role_name) {
        if (!empty($settings_used['roles'][$role_rid])) {
          $ticked = TRUE;
          break;
        }
      }

      // Check whether this user is allowed to make changes to this field.
      // If user is allowed to modify settings, then we skip these changes.
      if (!user_access('modify user read-only settings') && ($ticked == TRUE && $settings_used['mode'] == 'deny' || $ticked == FALSE && $settings_used['mode'] == 'allow')) {
        $action = $settings_used['action'];
        if (isset($form[$group][$value]['#type'])) {
          switch ($form[$group][$value]['#type']) {
            case 'date':

              // Due to complexity of these fields, we just remove it.
              $form[$group]['user_readonly'][$value] = $form[$group][$key];
              $form[$group]['user_readonly'][$value]['#type'] = 'item';
              $form[$group]['user_readonly'][$value]['#description'] = '';
              $form[$group]['user_readonly'][$value]['#title'] = '';
              $form[$group][$value]['#disabled'] = TRUE;
              break;
            case 'password_confirm':

              // Due to complexity of these fields, we just remove it.
              $form[$group][$value]['#access'] = FALSE;
              break;
            case 'button':
              $form[$group][$value]['#access'] = FALSE;
              break;
            case 'submit':
              $form[$group][$value]['#access'] = FALSE;
              break;
            case 'file':
              $form[$group][$value]['#access'] = FALSE;
              break;
            default:
              if ($action == 'hide') {

                // Do not unset anything, just remove access to it.
                $form[$group][$value]['#access'] = FALSE;
              }
              else {

                // Disabled fields can still be manipulated via DOM or JS to change value.
                // So we explicitly add the value as a return.
                // This way, even if someone tries to circumvent it - #value sets it hard.
                // Note, relies on the form default_value being set properly.
                $display_group = TRUE;
                $form[$group][$value]['#disabled'] = TRUE;
                $form[$group][$value]['#value'] = '';
                if (isset($form[$group][$value]['#default_value'])) {
                  if ($value == 'roles' && is_array($form[$group][$value]['#default_value'])) {
                    $form[$group][$value]['#value'] = drupal_map_assoc($form[$group][$value]['#default_value']);
                  }
                  else {
                    $form[$group][$value]['#value'] = $form[$group][$value]['#default_value'];
                  }
                }
              }
              break;
          }

          // End switch.
        }

        // End check for existing type.
      }
      else {
        $display_group = TRUE;
      }
    }

    // End foreach (element_children($data) as $key => $value)
    if (!$display_group) {
      $form[$group]['#access'] = FALSE;
    }
  }

  // End foreach ($form as $group => $data)
}

You are here

function user_readonly_form_alter in User Read-Only 7

File

Code

API Navigation