Skip to content
This repository has been archived by the owner on Aug 18, 2024. It is now read-only.

Provide "delete" entity operation access check on group entities #681

Merged
merged 13 commits into from
Aug 4, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions src/EventSubscriber/OgEventSubscriber.php
Original file line number Diff line number Diff line change
Expand Up @@ -85,19 +85,25 @@ public static function getSubscribedEvents() {
*/
public function provideDefaultOgPermissions(PermissionEventInterface $event) {
$event->setPermissions([
new GroupPermission([
'name' => OgAccess::UPDATE_GROUP_PERMISSION,
'title' => $this->t('Edit group'),
'description' => $this->t('Edit the group entity.'),
'default roles' => [OgRoleInterface::ADMINISTRATOR],
]),
new GroupPermission([
'name' => OgAccess::ADMINISTER_GROUP_PERMISSION,
'title' => $this->t('Administer group'),
'description' => $this->t('Manage group members and content in the group.'),
'default roles' => [OgRoleInterface::ADMINISTRATOR],
'restrict access' => TRUE,
]),
new GroupPermission([
'name' => OgAccess::DELETE_GROUP_PERMISSION,
pfrenssen marked this conversation as resolved.
Show resolved Hide resolved
'title' => $this->t('Delete group'),
'description' => $this->t('Delete the group entity.'),
'default roles' => [OgRoleInterface::ADMINISTRATOR],
]),
new GroupPermission([
'name' => OgAccess::UPDATE_GROUP_PERMISSION,
'title' => $this->t('Edit group'),
'description' => $this->t('Edit the group entity.'),
'default roles' => [OgRoleInterface::ADMINISTRATOR],
]),
new GroupPermission([
'name' => 'subscribe',
'title' => $this->t('Subscribe to group'),
Expand Down
6 changes: 6 additions & 0 deletions src/OgAccess.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ class OgAccess implements OgAccessInterface {
*/
const ADMINISTER_GROUP_PERMISSION = 'administer group';

/**
* Group level permission that allows the user to delete the group entity.
*/
const DELETE_GROUP_PERMISSION = 'delete group';

/**
* Group level permission that allows the user to update the group entity.
*/
Expand All @@ -38,6 +43,7 @@ class OgAccess implements OgAccessInterface {
* Maps entity operations performed on groups to group level permissions.
*/
const OPERATION_GROUP_PERMISSION_MAPPING = [
'delete' => self::DELETE_GROUP_PERMISSION,
'update' => self::UPDATE_GROUP_PERMISSION,
];

Expand Down
30 changes: 25 additions & 5 deletions src/PermissionManagerInterface.php
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
<?php

declare(strict_types = 1);

namespace Drupal\og;

/**
Expand All @@ -21,7 +23,7 @@ interface PermissionManagerInterface {
* @param array $group_content_bundle_ids
* An array of group content bundle IDs, keyed by group content entity type
* ID.
* @param string $role_name
* @param string|null $role_name
* Optional default role name to filter the permissions on. If omitted, all
* permissions will be returned.
*
Expand All @@ -33,19 +35,28 @@ public function getDefaultPermissions($group_entity_type_id, $group_bundle_id, a
/**
* Returns permissions that are enabled by default for the given role.
*
* This returns group level permissions such as 'subscribe without approval'
* and 'administer group'.
* This returns the group level permissions that are populated by default when
* a new group is created. For example the 'manage members' permission is
* granted by default to the administrator role, and the 'subscribe'
* permission to the anonymous role.
*
* New default permissions can be added by creating an event listener for the
* PermissionEvent. The default permissions that ship with Organic Groups can
* be found in OgEventSubscriber::provideDefaultOgPermissions().
*
* @param string $group_entity_type_id
* The entity type ID of the group for which to return permissions.
* @param string $group_bundle_id
* The bundle ID of the group for which to return permissions.
* @param string $role_name
* @param string|null $role_name
* Optional default role name to filter the permissions on. If omitted, all
* permissions will be returned.
*
* @return \Drupal\og\GroupPermission[]
* An array of permissions that are enabled by default for the given role.
*
* @see \Drupal\og\Event\PermissionEventInterface
* @see \Drupal\og\EventSubscriber\OgEventSubscriber::provideDefaultOgPermissions()
*/
public function getDefaultGroupPermissions($group_entity_type_id, $group_bundle_id, $role_name = NULL);

Expand All @@ -55,19 +66,28 @@ public function getDefaultGroupPermissions($group_entity_type_id, $group_bundle_
* This returns group content entity operation permissions such as 'edit own
* article content'.
*
* New default group content entity operation permissions can be added by
* creating an event listener for the PermissionEvent. The default group
* content operation permissions that ship with Organic Groups can be found in
* OgEventSubscriber.
*
* @param string $group_entity_type_id
* The entity type ID of the group for which to return permissions.
* @param string $group_bundle_id
* The bundle ID of the group for which to return permissions.
* @param array $group_content_bundle_ids
* An array of group content bundle IDs, keyed by group content entity type
* ID.
* @param string $role_name
* @param string|null $role_name
* Optional default role name to filter the permissions on. If omitted, all
* permissions will be returned.
*
* @return \Drupal\og\GroupContentOperationPermission[]
* The array of permissions.
*
* @see \Drupal\og\Event\PermissionEventInterface
* @see \Drupal\og\EventSubscriber\OgEventSubscriber::provideDefaultNodePermissions()
* @see \Drupal\og\EventSubscriber\OgEventSubscriber::getDefaultEntityOperationPermissions()
*/
public function getDefaultEntityOperationPermissions($group_entity_type_id, $group_bundle_id, array $group_content_bundle_ids, $role_name = NULL);

Expand Down
Loading