-
Notifications
You must be signed in to change notification settings - Fork 0
/
pwn.module
108 lines (102 loc) · 3.33 KB
/
pwn.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?php
// $Id: pwn.module,v 1.1 2009/07/20 13:44:57 agaric Exp $
/**
* @file
* Permits privileged users to control any owned permission for all roles.
*
* Allows the delegation of delegation. Users in roles granted 'share
* permissions' permission can access the permissions administration page the
* same way a user with 'administer permissions' can, but they can only see
* permissions that exist in one of their roles. This module relies on
* menu_alter and form_alter.
*/
/**
* Implements hook_perm().
*/
function pwn_perm() {
return array('share permissions');
}
/**
* Implements hook_menu_alter().
*/
function pwn_menu_alter(&$items) {
$items['admin/user/permissions']['access callback'] = 'pwn_user_access_any';
$items['admin/user/permissions']['access arguments'][] = 'share permissions';
}
/**
* Implements hook_form_FORM_ID_alter() for user_admin_perm form.
*/
function pwn_form_user_admin_perm_alter(&$form, &$form_state) {
// If user does not have 'share permissions' or DOES have 'administer
// permissions', bail right away
if (!user_access('share permissions')
|| user_access('administer permissions')) {
return;
}
$form['#validate'][] = 'pwn_form_user_admin_perm_validate';
$rolecount = count($form['checkboxes']);
// Place to save the default values of the options we will delete.
$form['pwnd'] = array();
$form['pwnd']['#type'] = 'value';
$form['pwnd']['#value'] = array();
for ($i = 1; $i <= $rolecount; $i++) {
$form['pwnd']['#value'][$i] = array();
foreach ($form['checkboxes'][$i]['#options'] as $perm => $permval) {
// If the user doesn't have this permission, don't let em set it.
if (!user_access($perm)) {
// Remove it from the main form.
unset($form['checkboxes'][$i]['#options'][$perm]);
// Add it to our hidden form values set to the existing value.
$form['pwnd']['#value'][$i][$perm] =
(in_array($perm, $form['checkboxes'][$i]['#default_value']))
? $perm
: 0;
// Cosmetic: Get rid of listing.
unset($form['permission'][$perm]);
}
}
}
// If two keys in a row are numeric (title rows) delete first (empty) one.
$prevkey = NULL;
foreach ($form['permission'] as $key => $value) {
if (is_numeric($key)) {
if ($prevkey !== NULL) {
unset($form['permission'][$prevkey]);
}
$prevkey = $key;
}
else {
$prevkey = NULL;
}
}
if ($prevkey !== NULL) {
unset($form['permission'][$prevkey]);
}
}
/**
* Abuse the validation opportunity to throw values back into form_state.
*/
function pwn_form_user_admin_perm_validate(&$form, &$form_state) {
foreach ($form_state['values']['pwnd'] as $i => $pwnd) {
$form_state['values'][$i] = array_merge($form_state['values'][$i], $pwnd);
}
}
/**
* Returns true if a user has any of the passed-in permissions.
*
* A replacement for the default user_access callback, this function takes any
* number of strings as passed in by the 'access arguments' menu.
*
* Potential Agaric Utility (_au_) function, although this could just as easily
* be hard-coded in the function and nothing passed in.
*/
function pwn_user_access_any() {
$perms = func_get_args();
foreach ($perms as $perm) {
if (user_access($perm)) {
return TRUE;
}
}
// The current user had none of the permissions.
return FALSE;
}