You are here

Home » API reference » User protect 6 » userprotect.module

function userprotect_form_alter in User protect 6

Same name and namespace in other branches
  1. 5 userprotect.module \userprotect_form_alter()
  2. 7 userprotect.module \userprotect_form_alter()

Alters forms for user protection.

Parameters

$form_id The form ID.:

$form The form.:

File

./userprotect.module, line 178

Code

function userprotect_form_alter(&$form, &$form_state, $form_id) {
  switch ($form_id) {

    // For each of the fields, first check if any of the user's roles are protecting
    // it, then check if the user themselves is protected from it.  if either is TRUE,
    // then disable the field, and mark a fixed form value so it will be properly submitted.
    case 'user_profile_form':
      $account = $form['_account']['#value'];
      $protected = array();
      if (isset($form['account']['name']) && !userprotect_check_bypass('up_name') && userprotect_get_user_protection($account, 'up_name')) {

        // If for some reason this field has no initial value, then don't protect it.
        if ($account->name) {
          $form['account']['name']['#disabled'] = TRUE;
          $form['account']['name']['#value'] = $account->name;
          $protected['up_name'] = TRUE;
        }
      }
      if (isset($form['account']['mail']) && !userprotect_check_bypass('up_mail') && userprotect_get_user_protection($account, 'up_mail')) {

        // If for some reason this field has no initial value, then don't protect it.
        if ($account->mail) {
          $form['account']['mail']['#disabled'] = TRUE;
          $form['account']['mail']['#value'] = $account->mail;
          $protected['up_mail'] = TRUE;
        }
      }

      // Password is an exception, as it needs no value, Just unset it, as
      // there's no need to display two empty boxes that are disabled.
      if (isset($form['account']['pass']) && !userprotect_check_bypass('up_pass') && userprotect_get_user_protection($account, 'up_pass')) {
        unset($form['account']['pass']);
        $protected['up_pass'] = TRUE;
      }
      if (isset($form['account']['status']) && !userprotect_check_bypass('up_status') && userprotect_get_user_protection($account, 'up_status')) {
        $form['account']['status']['#disabled'] = TRUE;
        $form['account']['status']['#value'] = $account->status;
        $protected['up_status'] = TRUE;
      }

      // Special hack for RoleAssign module compatibility.
      if (isset($form['account']['roleassign_roles'])) {
        $roles = 'roleassign_roles';
      }
      else {
        $roles = 'roles';
      }

      // Roles is a special case, since it's a tree'd item that needs values.
      // We'll handle that in a custom validation function. Also here we slip
      // the user's account info into the form so it's available to gleen the role
      // info from.
      if (isset($form['account'][$roles]) && !userprotect_check_bypass('up_roles') && userprotect_get_user_protection($account, 'up_roles')) {
        $form['account'][$roles]['#disabled'] = TRUE;
        $validate = isset($form['account'][$roles]['#element_validate']) ? $form['account'][$roles]['#element_validate'] : NULL;
        $form['account'][$roles]['#element_validate'] = userprotect_add_validation($validate, array(
          'userprotect_user_edit_fields_validate',
        ));
        $form_state['userprotect']['account'] = $account;
        $form_state['userprotect']['field'] = 'roles';
        $protected['up_roles'] = TRUE;
      }

      // Nothing special for delete--just disable.
      if (isset($form['delete']) && !userprotect_check_bypass('up_delete') && userprotect_get_user_protection($account, 'up_delete')) {
        $form['delete']['#disabled'] = TRUE;
        $protected['up_delete'] = TRUE;
      }
      userprotect_form_display_protections($account, $protected);
      break;

    // These are complex cases, and are best handled by manipulating the form values
    // in a custom validate function.
    case 'user_admin_account':
    case 'user_multiple_delete_confirm':
      $validate = isset($form['#validate']) ? $form['#validate'] : NULL;
      $form['#validate'] = userprotect_add_validation($validate, array(
        'userprotect_user_admin_account_validate',
      ));
      break;
    case 'openid_user_add':
    case 'openid_user_delete_form':
      $account = menu_get_object('user');
      $protected = array();
      if (!userprotect_check_bypass('up_openid') && userprotect_get_user_protection($account, 'up_openid')) {
        switch ($form_id) {
          case 'openid_user_add':
            if (isset($form['openid_identifier'])) {
              $form['openid_identifier']['#disabled'] = TRUE;
              $form['submit']['#disabled'] = TRUE;
            }
            break;
          case 'openid_user_delete_form':
            if (isset($form['actions']['submit'])) {
              $form['actions']['submit']['#disabled'] = TRUE;
              $form['confirm']['#value'] = 0;
            }
            break;
        }
        $protected['up_openid'] = TRUE;
      }
      userprotect_form_display_protections($account, $protected);
      break;
  }
}