탐색 도움말
로그인
bachir
/
materio-base-d7
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 9adc940a67
브랜치 태그
materio-base...
/
sites
/
all
/
modules
/
contrib
/
admin
/
permission_report
/
permission_report.module

permission_report.module 11 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Drupal module to calculate the resultant set of permissions for a user.
    5. 

  5.  *
    6. 

  6.  * @author Nicholas Vahalik <nick@nickvahalik.com>
    7. 

  7.  * @copyright Nicholas Vahalik 2013
    8. 

  8.  * @package permission_report
    9. 

  9.  **/
    10. 

  10. 

  11. /**
    12. 

  12.  * Implements hook_menu().
    13. 

  13.  */
    14. 

  14. function permission_report_menu() {
    15. 

  15.   $items = array();
    16. 

  16. 

  17.   $items['admin/reports/permissions'] = array(
    18. 

  18.     'title' => 'Permissions (role report)',
    19. 

  19.     'page callback' => 'permission_report_role_list',
    20. 

  20.     'access arguments' => array('view permission report'),
    21. 

  21.     'description' => 'View roles and the users in them.',
    22. 

  22.   );
    23. 

  23. 

  24.   $items['admin/reports/permissions/roles'] = array(
    25. 

  25.     'title' => 'Roles',
    26. 

  26.     'page callback' => 'permission_report_role_list',
    27. 

  27.     'type' => MENU_DEFAULT_LOCAL_TASK,
    28. 

  28.     'access arguments' => array('view permission report'),
    29. 

  29.     'weight' => -5,
    30. 

  30.   );
    31. 

  31. 

  32.   $items['admin/reports/permissions/perms'] = array(
    33. 

  33.     'title' => 'Permissions',
    34. 

  34.     'page callback' => 'permission_report_permission_list',
    35. 

  35.     'type' => MENU_LOCAL_TASK,
    36. 

  36.     'access arguments' => array('view permission report'),
    37. 

  37.   );
    38. 

  38. 

  39.   $items['admin/reports/permissions/perms/%'] = array(
    40. 

  40.     'title' => 'Permissions',
    41. 

  41.     'type' => MENU_CALLBACK,
    42. 

  42.     'page arguments' => array(4),
    43. 

  43.     'page callback' => 'permission_report_user_having_perm',
    44. 

  44.     'access arguments' => array('view permission report'),
    45. 

  45.   );
    46. 

  46. 

  47.   $items['admin/reports/permissions/roles/%'] = array(
    48. 

  48.     'title' => 'Roles',
    49. 

  49.     'type' => MENU_CALLBACK,
    50. 

  50.     'page callback' => 'permission_report_users_having_role',
    51. 

  51.     'page arguments' => array(4),
    52. 

  52.     'access arguments' => array('view permission report'),
    53. 

  53.   );
    54. 

  54. 

  55.   $items['user/%user/permission_report'] = array(
    56. 

  56.     'title' => 'Permission Report',
    57. 

  57.     'page callback' => 'permission_report_user_report',
    58. 

  58.     'page arguments' => array(1),
    59. 

  59.     'type' => MENU_LOCAL_TASK,
    60. 

  60.     'access arguments' => array('view permission report'),
    61. 

  61.     'weight' => 2,
    62. 

  62.   );
    63. 

  63. 

  64.   return $items;
    65. 

  65. }
    66. 

  66. 

  67. /**
    68. 

  68.  * Implements hook_admin_paths().
    69. 

  69.  */
    70. 

  70. function permission_report_admin_paths() {
    71. 

  71.   $paths = array(
    72. 

  72.     'user/*/permission_report' => TRUE,
    73. 

  73.   );
    74. 

  74.   return $paths;
    75. 

  75. }
    76. 

  76. 

  77. /**
    78. 

  78.  * Implements hook_user_view().
    79. 

  79.  */
    80. 

  80. function permission_report_user_view($account, $view_mode, $langcode) {
    81. 

  81.   if (user_access('view permission report', $account)) {
    82. 

  82.     $account->content['summary']['rsop'] = array(
    83. 

  83.       '#type' => 'user_profile_item',
    84. 

  84.       '#title' => t('Resultant Set of Permissions'),
    85. 

  85.       '#markup' => l(t('View permission report report for !s', array('!s' => $account->name)), "user/$account->uid/permission_report"),
    86. 

  86.       '#attributes' => array('class' => 'permission_report'),
    87. 

  87.     );
    88. 

  88.   }
    89. 

  89. }
    90. 

  90. 

  91. /**
    92. 

  92.  * Displays a permission report for a given user.
    93. 

  93.  *
    94. 

  94.  * @param $user User object.
    95. 

  95.  *
    96. 

  96.  * @return string
    97. 

  97.  */
    98. 

  98. function permission_report_user_report($user) {
    99. 

  99. 

  100.   // Render role/permission overview:
    101. 

  101.   $options = array();
    102. 

  102.   $row = array();
    103. 

  103.   $can_admin_access = user_access('administer access control');
    104. 

  104. 

  105.   foreach (module_implements('permission') as $module) {
    106. 

  106.     if ($permissions = module_invoke($module, 'permission')) {
    107. 

  107.       $rows[] = array(array(
    108. 

  108.           'data' => t('@module module', array('@module' => $module)),
    109. 

  109.           'class' => 'module',
    110. 

  110.           'id' => 'module-' . $module,
    111. 

  111.           'colspan' => 3,
    112. 

  112.         ));
    113. 

  113.       asort($permissions);
    114. 

  114.       foreach ($permissions as $perm => $meta) {
    115. 

  115.         $options = array();
    116. 

  116.         $display_roles = array();
    117. 

  117. 

  118.         $roles = _permission_report_roles_having_perm($perm, $user);
    119. 

  119. 

  120.         if (array_key_exists('description', $meta)) {
    121. 

  121.           $options = array('attributes' => array('alt' => $meta['description']));
    122. 

  122.         }
    123. 

  123. 

  124.         foreach ($roles as $rid => $name) {
    125. 

  125.           $display_roles[] = $can_admin_access ? l($name, "admin/reports/permissions/roles/$rid") : t($name);
    126. 

  126.         }
    127. 

  127.         $rows[] = array(
    128. 

  128.           array('data' => l(strip_tags($meta['title']), "admin/reports/permissions/perms/$perm", $options)),
    129. 

  129.           array('data' => user_access($perm, $user) ? 'Yes' : 'No'),
    130. 

  130.           array('data' => implode(', ', $display_roles)),
    131. 

  131.         );
    132. 

  132.       }
    133. 

  133.     }
    134. 

  134.   }
    135. 

  135. 

  136.   return theme('table', array('header' => array('Permission', 'Access', 'Roles'), 'rows' => $rows, 'attributes' => array('id' => 'permissions')));
    137. 

  137. }
    138. 

  138. 

  139. /**
    140. 

  140.  * Return an array of users keyed by IDs that have access to a specific permission.
    141. 

  141.  *
    142. 

  142.  * @param $permission Permission string.
    143. 

  143.  *
    144. 

  144.  * @return array
    145. 

  145.  **/
    146. 

  146. function _permission_report_users_having_perm($permission) {
    147. 

  147.   $roles = _permission_report_roles_having_perm($permission);
    148. 

  148. 

  149.   if (count($roles) > 0) {
    150. 

  150.     $query = db_select('users', 'u');
    151. 

  151.     $query->innerJoin('users_roles', 'ur', 'ur.uid = u.uid');
    152. 

  152.     $query->addField('u', 'uid');
    153. 

  153.     $query->addField('u', 'name');
    154. 

  154.     $query->condition('ur.rid', array_keys($roles), 'IN');
    155. 

  155.     $users = $query->execute()->fetchAllKeyed();
    156. 

  156.     return $users;
    157. 

  157.   }
    158. 

  158. 

  159.   return array();
    160. 

  160. }
    161. 

  161. 

  162. /**
    163. 

  163.  * Gets a list of roles that have a permission, optionally limited
    164. 

  164.  * to a specific role.
    165. 

  165.  */
    166. 

  166. function _permission_report_roles_having_perm($permission, $user = NULL) {
    167. 

  167.   $query = db_select('role', 'r');
    168. 

  168.   $query->addField('r', 'rid');
    169. 

  169.   $query->addField('r', 'name');
    170. 

  170.   $query->innerJoin('role_permission', 'p', 'r.rid = p.rid');
    171. 

  171.   $query->condition('p.permission', $permission);
    172. 

  172. 

  173.   if ($user) {
    174. 

  174.     $query->innerJoin('users_roles', 'ur', 'r.rid = ur.rid');
    175. 

  175.     $query->condition('ur.uid', $user->uid);
    176. 

  176.   }
    177. 

  177. 

  178.   return $query->execute()->fetchAllKeyed();
    179. 

  179. }
    180. 

  180. 

  181. /**
    182. 

  182.  * Generates a report of users having a particular role.
    183. 

  183.  **/
    184. 

  184. function permission_report_users_having_role($rid) {
    185. 

  185.   $users_having_roles = $rows = array();
    186. 

  186. 

  187.   $query = db_select('users', 'u');
    188. 

  188.   $query->addField('u', 'uid');
    189. 

  189.   $query->addField('u', 'name');
    190. 

  190.   $query->innerJoin('users_roles', 'ur', 'ur.uid = u.uid');
    191. 

  191.   $query->condition('ur.rid', $rid);
    192. 

  192.   $query->condition('u.status', 1);
    193. 

  193. 

  194.   $users_having_role = $query->execute()->fetchAll();
    195. 

  195. 

  196.   $query = db_select('role', 'r');
    197. 

  197.   $query->addField('r', 'name');
    198. 

  198.   $query->condition('rid', $rid);
    199. 

  199. 

  200.   $role_name = $query->execute()->fetchField();
    201. 

  201. 

  202.   $view_users = user_access('access user profiles');
    203. 

  203.   drupal_set_title(t('Users in "!name" role', array('!name' => $role_name)));
    204. 

  204. 

  205.   $users_header = array(array(
    206. 

  206.       'data' => 'User',
    207. 

  207.       'colspan' => 2,
    208. 

  208.     ));
    209. 

  209. 

  210.   foreach ($users_having_role as $user) {
    211. 

  211.     $rows[] = array(
    212. 

  212.       array('data' => ($user->uid !== 0) ? ($view_users ? l($user->name, "user/$user->uid") : $user->name) : variable_get('anonymous', t('Anonymous')))
    213. 

  213.       ,
    214. 

  214.       array('data' => l('Permission report', "user/$user->uid/permission_report")),
    215. 

  215.     );
    216. 

  216.   }
    217. 

  217. 

  218.   return theme('table', array('header' => $users_header, 'rows' => $rows));
    219. 

  219. }
    220. 

  220. 

  221. /**
    222. 

  222.  * List of roles with the number of users in each role.
    223. 

  223.  */
    224. 

  224. function permission_report_role_list() {
    225. 

  225.   $user_in_roles = db_query('SELECT r.rid rid, r.name name, COUNT(ur.uid) as user_count FROM {role} r INNER JOIN {users_roles} ur USING (rid) INNER JOIN {users} u USING(uid) WHERE u.status = :u_status GROUP BY r.rid ORDER BY r.name', array(':u_status' => 1))->fetchAllAssoc('rid');
    226. 

  226.   $can_admin_access = user_access('administer access control');
    227. 

  227.   $all_users = user_roles();
    228. 

  228.   // Remove 'authenticated user' and 'anonymous user'.
    229. 

  229.   unset($all_users[1], $all_users[2]);
    230. 

  230.   $rows = array();
    231. 

  231.   foreach ($all_users as $rid => $name) {
    232. 

  232.     $count = (isset($user_in_roles[$rid])) ? $user_in_roles[$rid]->user_count : 0;
    233. 

  233.     $rows[] = array(
    234. 

  234.       $can_admin_access ? l($name, "admin/people/permissions/$rid") : t($name),
    235. 

  235.       l(format_plural($count, '1 user', '@count users'), "admin/reports/permissions/roles/$rid"),
    236. 

  236.     );
    237. 

  237.   }
    238. 

  238. 

  239.   $roles_header = array(
    240. 

  240.     array(
    241. 

  241.       'data' => 'Role',
    242. 

  242.       'colspan' => 2,
    243. 

  243.     ),
    244. 

  244.   );
    245. 

  245. 

  246.   return theme('table', array('header' => $roles_header, 'rows' => $rows));
    247. 

  247. }
    248. 

  248. 

  249. /**
    250. 

  250.  * Creates a report showing which users have a specific permission.
    251. 

  251.  */
    252. 

  252. function permission_report_user_having_perm($permission) {
    253. 

  253. 

  254.   $view_users = user_access('access user profiles');
    255. 

  255.   $can_admin_access = user_access('administer access control');
    256. 

  256.   $output = '';
    257. 

  257. 

  258.   drupal_set_title(t('Permissions report for "!permission"', array('!permission' => $permission)));
    259. 

  259. 

  260.   foreach (_permission_report_users_having_perm($permission) as $uid => $name) {
    261. 

  261.     $users_rows[] = array(
    262. 

  262.       array('data' => ($uid !== 0) ? ($view_users ? l($name, "user/$uid") : $name) : variable_get('anonymous', t('Anonymous'))),
    263. 

  263.       array('data' => l('Permission report', 'user/' . $uid . '/permission_report')),
    264. 

  264.     );
    265. 

  265.   }
    266. 

  266. 

  267.   $users_header = array(
    268. 

  268.     array(
    269. 

  269.       'data' => 'User',
    270. 

  270.       'colspan' => 2,
    271. 

  271.     ),
    272. 

  272.   );
    273. 

  273. 

  274.   foreach (_permission_report_roles_having_perm($permission) as $rid => $name) {
    275. 

  275.     $roles_rows[] = array(
    276. 

  276.       array('data' => $can_admin_access ? l($name, "admin/reports/permissions/roles/$rid") : t($name)),
    277. 

  277.       array('data' => l('Permission report', "admin/reports/permissions/roles/$rid")),
    278. 

  278.     );
    279. 

  279.   }
    280. 

  280. 

  281.   $roles_header = array(
    282. 

  282.     array(
    283. 

  283.       'data' => 'Role',
    284. 

  284.       'colspan' => 2,
    285. 

  285.     ),
    286. 

  286.   );
    287. 

  287. 

  288.   $output .= '<h2 class="title"><a name="permission-report-users">Users</a></h2>';
    289. 

  289.   $output .= theme('table', array('header' => $users_header, 'rows' => $users_rows));
    290. 

  290.   $output .= '<h2 class="title"><a name="permission-report-roles">Roles</a></h2>';
    291. 

  291.   $output .= theme('table', array('header' => $roles_header, 'rows' => $roles_rows));
    292. 

  292. 

  293.   return $output;
    294. 

  294. }
    295. 

  295. 

  296. /**
    297. 

  297.  * Creates a report which lists all permissions and the number of users which
    298. 

  298.  * have those permissions.
    299. 

  299.  */
    300. 

  300. function permission_report_permission_list() {
    301. 

  301.   $can_admin_access = user_access('administer access control');
    302. 

  302. 

  303.   foreach (module_implements('permission') as $module) {
    304. 

  304.     if ($permissions = module_invoke($module, 'permission')) {
    305. 

  305.       $rows[] = array(array(
    306. 

  306.           'data' => t('@module module', array('@module' => $module)),
    307. 

  307.           'class' => 'module',
    308. 

  308.           'id' => 'module-' . $module,
    309. 

  309.           'colspan' => 3,
    310. 

  310.         ));
    311. 

  311. 

  312.       asort($permissions);
    313. 

  313. 

  314.       foreach ($permissions as $perm => $meta) {
    315. 

  315.         $display_roles = array();
    316. 

  316. 

  317.         $roles = _permission_report_roles_having_perm($perm);
    318. 

  318.         foreach ($roles as $rid => $name) {
    319. 

  319.           $display_roles[] = $can_admin_access ? l($name, "admin/reports/permissions/roles/$rid") : t($name);
    320. 

  320.         }
    321. 

  321.         $rows[] = array(
    322. 

  322.           array('data' => $meta['title']),
    323. 

  323.           array('data' => l(format_plural(count(_permission_report_users_having_perm($perm)), '1 user', '@count users'), "admin/reports/permissions/perms/$perm")),
    324. 

  324.         );
    325. 

  325.       }
    326. 

  326.     }
    327. 

  327.   }
    328. 

  328.   return theme('table', array('header' => array('Permission', 'Users'), 'rows' => $rows, 'attributes' => array('id' => 'permissions', 'sticky' => TRUE)));
    329. 

  329. }
    330. 

  330. 

  331. /**
    332. 

  332.  * Implements hook_permission().
    333. 

  333.  */
    334. 

  334. function permission_report_permission() {
    335. 

  335.   return array(
    336. 

  336.     'view permission report' => array(
    337. 

  337.       'title' => t('View permission report'),
    338. 

  338.       'description' => t('Allows a user to view permission reports.'),
    339. 

  339.     ),
    340. 

  340.   );
    341. 

  341. }
    342. 

  342.