Skip to content
Snippets Groups Projects
Commit f94dceda authored by Tim Steiner's avatar Tim Steiner
Browse files

Add a permision for the ability to administer the administrator role's permissions. 

git-svn-id: file:///tmp/wdn_thm_drupal/trunk@256 20a16fea-79d4-4915-8869-1ea9d5ebf173
parent 6363fa59
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
sites/all/modules/unl/unl.module
+ 42
24
View file @ f94dceda
......@@ -70,11 +70,19 @@ function unl_permission() {
'unl site creation' => array(
'title' => t('Site Creation'),
'description' => t('Create new drupal sites using the UNL profile'),
'restrict access' => TRUE,
),
'unl grant all permissions' => array(
'title' => t('Grant All Permissions'),
'description' => t('If this is not checked, a user can only grant permissions that they themselves have. Requires the "Administer permissions" permission.'),
'restrict access' => TRUE,
),
'unl administer administrator permissions' => array(
'title' => t('Administer Administrator\'s Permissions'),
'description' => t('If this is not checked, a user can not change the permissions of the administrator role. Requires the "Administer permissions" permission.'),
'restrict access' => TRUE,
),
);
}
......@@ -140,37 +148,47 @@ function unl_form_alter(&$form, $form_state, $form_id) {
$form['#submit'][] = 'unl_system_settings_form_submit';
}
if ($form_id == 'user_admin_permissions' && !user_access('unl grant all permissions') && !in_array(variable_get('user_admin_role', -1), array_keys($GLOBALS['user']->roles))) {
// Remove permissions this user doesn't have from the headings list.
foreach ($form['permission'] as $permission => $sub_form) {
if (is_int($permission)) {
continue;
}
if (!user_access($permission)) {
unset($form['permission'][$permission]);
}
}
if ($form_id == 'user_admin_permissions' && !in_array(variable_get('user_admin_role', -1), array_keys($GLOBALS['user']->roles))) {
// Remove any empty permission section headings.
$permission_sections = array_keys($form['permission']);
foreach ($permission_sections as $index => $permission_section) {
if (!is_int($permission_section)) {
continue;
}
if (!isset($permission_sections[$index + 1]) || is_int($permission_sections[$index + 1])) {
unset($form['permission'][$permission_section]);
if (!user_access('unl grant all permissions')) {
// Remove permissions this user doesn't have from the headings list.
foreach ($form['permission'] as $permission => $sub_form) {
if (is_int($permission)) {
continue;
}
if (!user_access($permission)) {
unset($form['permission'][$permission]);
}
}
}
// Remove any empty permission section headings.
$permission_sections = array_keys($form['permission']);
foreach ($permission_sections as $index => $permission_section) {
if (!is_int($permission_section)) {
continue;
}
if (!isset($permission_sections[$index + 1]) || is_int($permission_sections[$index + 1])) {
unset($form['permission'][$permission_section]);
}
}
// Remove the permissions this user doesn't have from the checkboxes list.
foreach ($form['checkboxes'] as $role_id => $sub_form) {
foreach ($sub_form['#options'] as $permission => $value) {
if (!user_access($permission)) {
unset($form['checkboxes'][$role_id]['#options'][$permission]);
// Remove the permissions this user doesn't have from the checkboxes list.
foreach ($form['checkboxes'] as $role_id => $sub_form) {
foreach ($sub_form['#options'] as $permission => $value) {
if (!user_access($permission)) {
unset($form['checkboxes'][$role_id]['#options'][$permission]);
}
}
}
}
if (!user_access('unl administer administrator permissions')) {
$role_id = variable_get('user_admin_role', -1);
unset($form['role_names'][$role_id]);
unset($form['role_names']['#value'][$role_id]);
unset($form['checkboxes'][$role_id]);
}
}
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment