From e970ebea9bbe8da611d36e0164a38cbed5a78cd2 Mon Sep 17 00:00:00 2001
From: Tim Steiner <tsteiner2@unl.edu>
Date: Wed, 27 Oct 2010 22:02:57 +0000
Subject: [PATCH] On new site creation, create a role named "Site Admin", and
 give it nearly all permissions.

git-svn-id: file:///tmp/wdn_thm_drupal/trunk@268 20a16fea-79d4-4915-8869-1ea9d5ebf173
---
 profiles/unl_profile/unl_profile.install | 27 ++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/profiles/unl_profile/unl_profile.install b/profiles/unl_profile/unl_profile.install
index 70224d08..9e89c719 100644
--- a/profiles/unl_profile/unl_profile.install
+++ b/profiles/unl_profile/unl_profile.install
@@ -260,10 +260,29 @@ EOF;
         // Only enable CAS on subsites until we get some sort of bootstrap setup.
         module_enable(array('unl_cas'));
         
-        // Copy permissions from the parent site to the new site.
-        db_query("TRUNCATE {$new_prefix}role_permission")->execute();
-        // I'm using REPLACE because I keep getting duplicate entry errors, despite inserting into what should be an empty table.
-        db_query("REPLACE INTO {$new_prefix}role_permission (rid, permission, module) SELECT rid, permission, module FROM {$shared_prefix}role_permission")->execute();
+        
+        // Copy the authenticated user role's permissions for text formats from the default site.
+        db_query("REPLACE INTO {$new_prefix}role_permission (rid, permission, module) SELECT rid, permission, module FROM {$shared_prefix}role_permission WHERE rid=:rid AND module='filter'", array(':rid' => DRUPAL_AUTHENTICATED_RID));
+        
+        // Create the Site Admin role
+        $site_admin_role = new stdClass();
+        $site_admin_role->name = 'Site Admin';
+        $site_admin_role->weight = 2;
+        user_role_save($site_admin_role);
+        
+        // Assign most permissions to the Site Admin role.
+        $all_permissions = module_invoke_all('permission');
+        unset($all_permissions['unl administer administrator permissions']);
+        unset($all_permissions['unl site creation']);
+        unset($all_permissions['administer modules']);
+        unset($all_permissions['administer themes']);
+        unset($all_permissions['administer software updates']);
+        unset($all_permissions['administer imce']);
+        unset($all_permissions['administer filters']);
+        foreach (array_keys(module_invoke('filter', 'permission')) as $permission) {
+          unset($all_permissions[$permission]);
+        }
+        user_role_grant_permissions($site_admin_role->rid, array_keys($all_permissions));
     }
     
     
-- 
GitLab