From f32039848b1a07417c6c257a023e39b096c65091 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9s=20D=C3=ADaz=20Soto?=
 <andres.diaz.soto@gmail.com>
Date: Mon, 2 Dec 2024 17:53:06 -0600
Subject: [PATCH] SHS:5892: Site managers can perform actions on user accounts
 that don't make sense with SSO (#1682)

* feat(shs-5892): remove actions from people view

* feat(shs-5892): remove elements from used edit form

* fix(shs-5892): fix issues in user edit form alter

* fix(shs-5892): remove delete actions only for non admin users
---
 config/default/views.view.user_admin_people.yml     |  5 +++++
 .../su_humsci_profile/su_humsci_profile.profile     | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/config/default/views.view.user_admin_people.yml b/config/default/views.view.user_admin_people.yml
index 58f3c8ead..d122f711a 100644
--- a/config/default/views.view.user_admin_people.yml
+++ b/config/default/views.view.user_admin_people.yml
@@ -71,6 +71,11 @@ display:
           hide_empty: false
           empty_zero: false
           hide_alter_empty: true
+          action_title: Action
+          include_exclude: exclude
+          selected_actions:
+            - pathauto_update_alias_user
+            - user_cancel_user_action
         name:
           id: name
           table: users_field_data
diff --git a/docroot/profiles/humsci/su_humsci_profile/su_humsci_profile.profile b/docroot/profiles/humsci/su_humsci_profile/su_humsci_profile.profile
index f338801f2..4e1445a66 100644
--- a/docroot/profiles/humsci/su_humsci_profile/su_humsci_profile.profile
+++ b/docroot/profiles/humsci/su_humsci_profile/su_humsci_profile.profile
@@ -910,3 +910,16 @@ function su_humsci_profile_ckeditor5_plugin_info_alter(array &$plugin_definition
     $plugin_definitions['ckeditor5_table'] = new CKEditor5PluginDefinition($tableDefinition);
   }
 }
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+function su_humsci_profile_form_user_form_alter(&$form, FormStateInterface $form_state) {
+  // Get current user roles and determine if has the 'administrator' role.
+  $roles = \Drupal::currentUser()->getRoles();
+  $is_admin = in_array('administrator', $roles);
+  // Remove unnecessary URL alias fields from the user edit form for all users.
+  $form['path']['#access'] = FALSE;
+  // Remove Delete account button for all roles expect 'administrator'.
+  $form['actions']['delete']['#access'] = $is_admin;
+}