3 namespace Drupal\user\Form;
5 use Drupal\Core\Extension\ModuleHandlerInterface;
6 use Drupal\Core\Form\FormBase;
7 use Drupal\Core\Form\FormStateInterface;
8 use Drupal\user\PermissionHandlerInterface;
9 use Drupal\user\RoleStorageInterface;
10 use Symfony\Component\DependencyInjection\ContainerInterface;
13 * Provides the user permissions administration form.
15 class UserPermissionsForm extends FormBase {
18 * The permission handler.
20 * @var \Drupal\user\PermissionHandlerInterface
22 protected $permissionHandler;
27 * @var \Drupal\user\RoleStorageInterface
29 protected $roleStorage;
34 * @var \Drupal\Core\Extension\ModuleHandlerInterface
36 protected $moduleHandler;
39 * Constructs a new UserPermissionsForm.
41 * @param \Drupal\user\PermissionHandlerInterface $permission_handler
42 * The permission handler.
43 * @param \Drupal\user\RoleStorageInterface $role_storage
45 * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
48 public function __construct(PermissionHandlerInterface $permission_handler, RoleStorageInterface $role_storage, ModuleHandlerInterface $module_handler) {
49 $this->permissionHandler = $permission_handler;
50 $this->roleStorage = $role_storage;
51 $this->moduleHandler = $module_handler;
57 public static function create(ContainerInterface $container) {
59 $container->get('user.permissions'),
60 $container->get('entity.manager')->getStorage('user_role'),
61 $container->get('module_handler')
68 public function getFormId() {
69 return 'user_admin_permissions';
73 * Gets the roles to display in this form.
75 * @return \Drupal\user\RoleInterface[]
76 * An array of role objects.
78 protected function getRoles() {
79 return $this->roleStorage->loadMultiple();
85 public function buildForm(array $form, FormStateInterface $form_state) {
87 $role_permissions = [];
89 foreach ($this->getRoles() as $role_name => $role) {
90 // Retrieve role names for columns.
91 $role_names[$role_name] = $role->label();
92 // Fetch permissions for the roles.
93 $role_permissions[$role_name] = $role->getPermissions();
94 $admin_roles[$role_name] = $role->isAdmin();
97 // Store $role_names for use when saving the data.
98 $form['role_names'] = [
100 '#value' => $role_names,
102 // Render role/permission overview:
103 $hide_descriptions = system_admin_compact_mode();
105 $form['system_compact_link'] = [
107 '#type' => 'system_compact_link',
110 $form['permissions'] = [
112 '#header' => [$this->t('Permission')],
113 '#id' => 'permissions',
114 '#attributes' => ['class' => ['permissions', 'js-permissions']],
117 foreach ($role_names as $name) {
118 $form['permissions']['#header'][] = [
120 'class' => ['checkbox'],
124 $permissions = $this->permissionHandler->getPermissions();
125 $permissions_by_provider = [];
126 foreach ($permissions as $permission_name => $permission) {
127 $permissions_by_provider[$permission['provider']][$permission_name] = $permission;
130 foreach ($permissions_by_provider as $provider => $permissions) {
132 $form['permissions'][$provider] = [
134 '#wrapper_attributes' => [
135 'colspan' => count($role_names) + 1,
136 'class' => ['module'],
137 'id' => 'module-' . $provider,
139 '#markup' => $this->moduleHandler->getName($provider),
142 foreach ($permissions as $perm => $perm_item) {
143 // Fill in default values for the permission.
146 'restrict access' => FALSE,
147 'warning' => !empty($perm_item['restrict access']) ? $this->t('Warning: Give to trusted roles only; this permission has security implications.') : '',
149 $form['permissions'][$perm]['description'] = [
150 '#type' => 'inline_template',
151 '#template' => '<div class="permission"><span class="title">{{ title }}</span>{% if description or warning %}<div class="description">{% if warning %}<em class="permission-warning">{{ warning }}</em> {% endif %}{{ description }}</div>{% endif %}</div>',
153 'title' => $perm_item['title'],
156 // Show the permission description.
157 if (!$hide_descriptions) {
158 $form['permissions'][$perm]['description']['#context']['description'] = $perm_item['description'];
159 $form['permissions'][$perm]['description']['#context']['warning'] = $perm_item['warning'];
161 foreach ($role_names as $rid => $name) {
162 $form['permissions'][$perm][$rid] = [
163 '#title' => $name . ': ' . $perm_item['title'],
164 '#title_display' => 'invisible',
165 '#wrapper_attributes' => [
166 'class' => ['checkbox'],
168 '#type' => 'checkbox',
169 '#default_value' => in_array($perm, $role_permissions[$rid]) ? 1 : 0,
170 '#attributes' => ['class' => ['rid-' . $rid, 'js-rid-' . $rid]],
171 '#parents' => [$rid, $perm],
173 // Show a column of disabled but checked checkboxes.
174 if ($admin_roles[$rid]) {
175 $form['permissions'][$perm][$rid]['#disabled'] = TRUE;
176 $form['permissions'][$perm][$rid]['#default_value'] = TRUE;
182 $form['actions'] = ['#type' => 'actions'];
183 $form['actions']['submit'] = [
185 '#value' => $this->t('Save permissions'),
186 '#button_type' => 'primary',
189 $form['#attached']['library'][] = 'user/drupal.user.permissions';
197 public function submitForm(array &$form, FormStateInterface $form_state) {
198 foreach ($form_state->getValue('role_names') as $role_name => $name) {
199 user_role_change_permissions($role_name, (array) $form_state->getValue($role_name));
202 drupal_set_message($this->t('The changes have been saved.'));