function userprotect_form_alter in User protect 5
Same name and namespace in other branches
- 6 userprotect.module \userprotect_form_alter()
- 7 userprotect.module \userprotect_form_alter()
Alters forms for user protection.
Parameters
$form_id The form ID.:
$form The form.:
File
- ./
userprotect.module, line 178
Code
function userprotect_form_alter($form_id, &$form) {
switch ($form_id) {
// For each of the fields, first check if any of the user's roles are protecting
// it, then check if the user themselves is protected from it. if either is TRUE,
// then disable the field, and mark a fixed form value so it will be properly submitted.
case 'user_edit':
$account = $form['_account']['#value'];
$protected = array();
if (isset($form['account']['name']) && !userprotect_check_bypass('up_name') && userprotect_get_user_protection($account, 'up_name')) {
// If for some reason this field has no initial value, then don't protect it.
if ($account->name) {
$form['account']['name']['#disabled'] = TRUE;
$form['account']['name']['#value'] = $account->name;
$protected['up_name'] = TRUE;
}
}
if (isset($form['account']['mail']) && !userprotect_check_bypass('up_mail') && userprotect_get_user_protection($account, 'up_mail')) {
// If for some reason this field has no initial value, then don't protect it.
if ($account->mail) {
$form['account']['mail']['#disabled'] = TRUE;
$form['account']['mail']['#value'] = $account->mail;
$protected['up_mail'] = TRUE;
}
}
// Password is an exception, as it needs no value, Just unset it, as
// there's no need to display two empty boxes that are disabled.
if (isset($form['account']['pass']) && !userprotect_check_bypass('up_pass') && userprotect_get_user_protection($account, 'up_pass')) {
unset($form['account']['pass']);
$protected['up_pass'] = TRUE;
}
if (isset($form['account']['status']) && !userprotect_check_bypass('up_status') && userprotect_get_user_protection($account, 'up_status')) {
$form['account']['status']['#disabled'] = TRUE;
$form['account']['status']['#value'] = $account->status;
$protected['up_status'] = TRUE;
}
// Special hack for RoleAssign module compatibility.
if (isset($form['account']['roleassign_roles'])) {
$roles = 'roleassign_roles';
}
else {
$roles = 'roles';
}
// Roles is a special case, since it's a tree'd item that needs values.
// We'll handle that in a custom validation function. Also here we slip
// the user's account info into the form so it's available to gleen the role
// info from.
if (isset($form['account'][$roles]) && !userprotect_check_bypass('up_roles') && userprotect_get_user_protection($account, 'up_roles')) {
$form['account'][$roles]['#disabled'] = TRUE;
$form['account'][$roles]['#account'] = $account;
$form['account'][$roles]['#validate'] = userprotect_add_validation($form['account'][$roles]['#validate'], array(
'userprotect_user_edit_fields_validate' => array(
$account,
'roles',
),
));
$protected['up_roles'] = TRUE;
}
// Nothing special for delete--just disable.
if (isset($form['delete']) && !userprotect_check_bypass('up_delete') && userprotect_get_user_protection($account, 'up_delete')) {
$form['delete']['#disabled'] = TRUE;
$protected['up_delete'] = TRUE;
}
// If we're initially displaying the user's edit form, throw a message if
// there are any protected fields, so the editor has a clue.
if (!empty($protected) && !$_POST) {
drupal_set_message(userprotect_display_protections($account, $protected));
}
break;
// These are complex cases, and are best handled by manipulating the form values
// in a custom validate function.
case 'user_admin_account':
case 'user_multiple_delete_confirm':
$form['#validate'] = userprotect_add_validation($form['#validate'], array(
'userprotect_user_admin_account_validate' => array(
$form,
),
));
break;
}
}