Skip to content
This repository has been archived by the owner on Aug 18, 2024. It is now read-only.

Provide "delete" entity operation access check on group entities #681

Merged
merged 13 commits into from
Aug 4, 2020
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/EventSubscriber/OgEventSubscriber.php
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,12 @@ public function provideDefaultOgPermissions(PermissionEventInterface $event) {
'description' => $this->t('Edit the group entity.'),
'default roles' => [OgRoleInterface::ADMINISTRATOR],
]),
new GroupPermission([
'name' => OgAccess::DELETE_GROUP_PERMISSION,
pfrenssen marked this conversation as resolved.
Show resolved Hide resolved
'title' => $this->t('Delete group'),
'description' => $this->t('Delete the group.'),
pfrenssen marked this conversation as resolved.
Show resolved Hide resolved
'default roles' => [OgRoleInterface::ADMINISTRATOR],
]),
new GroupPermission([
'name' => OgAccess::ADMINISTER_GROUP_PERMISSION,
'title' => $this->t('Administer group'),
Expand Down
6 changes: 6 additions & 0 deletions src/OgAccess.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ class OgAccess implements OgAccessInterface {
*/
const ADMINISTER_GROUP_PERMISSION = 'administer group';

/**
* Group level permission that allows the user to delete the group entity.
*/
const DELETE_GROUP_PERMISSION = 'delete group';

/**
* Group level permission that allows the user to update the group entity.
*/
Expand All @@ -38,6 +43,7 @@ class OgAccess implements OgAccessInterface {
* Maps entity operations performed on groups to group level permissions.
*/
const OPERATION_GROUP_PERMISSION_MAPPING = [
'delete' => self::DELETE_GROUP_PERMISSION,
'update' => self::UPDATE_GROUP_PERMISSION,
];

Expand Down
30 changes: 25 additions & 5 deletions src/PermissionManagerInterface.php
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
<?php

declare(strict_types = 1);

namespace Drupal\og;

/**
Expand All @@ -21,7 +23,7 @@ interface PermissionManagerInterface {
* @param array $group_content_bundle_ids
* An array of group content bundle IDs, keyed by group content entity type
* ID.
* @param string $role_name
* @param string|null $role_name
* Optional default role name to filter the permissions on. If omitted, all
* permissions will be returned.
*
Expand All @@ -33,19 +35,28 @@ public function getDefaultPermissions($group_entity_type_id, $group_bundle_id, a
/**
* Returns permissions that are enabled by default for the given role.
*
* This returns group level permissions such as 'subscribe without approval'
* and 'administer group'.
* This returns the group level permissions that are populated by default when
* a new group is created. For example the 'manage members' permission is
* granted by default to the administrator role, and the 'subscribe'
* permission to the anonymous role.
*
* New default permissions can be added by creating an event listener for the
* PermissionEvent. The default permissions that ship with Organic Groups can
* be found in OgEventSubscriber::provideDefaultOgPermissions().
*
* @param string $group_entity_type_id
* The entity type ID of the group for which to return permissions.
* @param string $group_bundle_id
* The bundle ID of the group for which to return permissions.
* @param string $role_name
* @param string|null $role_name
* Optional default role name to filter the permissions on. If omitted, all
* permissions will be returned.
*
* @return \Drupal\og\GroupPermission[]
* An array of permissions that are enabled by default for the given role.
*
* @see \Drupal\og\Event\PermissionEventInterface
* @see \Drupal\og\EventSubscriber\OgEventSubscriber::provideDefaultOgPermissions()
*/
public function getDefaultGroupPermissions($group_entity_type_id, $group_bundle_id, $role_name = NULL);

Expand All @@ -55,19 +66,28 @@ public function getDefaultGroupPermissions($group_entity_type_id, $group_bundle_
* This returns group content entity operation permissions such as 'edit own
* article content'.
*
* New default group content entity operation permissions can be added by
* creating an event listener for the PermissionEvent. The default group
* content operation permissions that ship with Organic Groups can be found in
* OgEventSubscriber.
*
* @param string $group_entity_type_id
* The entity type ID of the group for which to return permissions.
* @param string $group_bundle_id
* The bundle ID of the group for which to return permissions.
* @param array $group_content_bundle_ids
* An array of group content bundle IDs, keyed by group content entity type
* ID.
* @param string $role_name
* @param string|null $role_name
* Optional default role name to filter the permissions on. If omitted, all
* permissions will be returned.
*
* @return \Drupal\og\GroupContentOperationPermission[]
* The array of permissions.
*
* @see \Drupal\og\Event\PermissionEventInterface
* @see \Drupal\og\EventSubscriber\OgEventSubscriber::provideDefaultNodePermissions()
* @see \Drupal\og\EventSubscriber\OgEventSubscriber::getDefaultEntityOperationPermissions()
*/
public function getDefaultEntityOperationPermissions($group_entity_type_id, $group_bundle_id, array $group_content_bundle_ids, $role_name = NULL);

Expand Down
Loading