Jump to content

Hiding system user role


pjg
 Share

Recommended Posts

Morning all,

I've had a bit of a strange request from a client and was wondering whether anybody has had any experience with this:

"At the end of each year our member list will be purged and we would like all members to be moved to be grouped so they can be identified as previous members for communications and other purposes.

This process should be fully automated and no manual alteration or intervention should be necessary or allowed once the members have been moved.

We cannot move the accounts themselves as all returning members would still be members of the 'alumni' group(s) as well as the current membership."

While I have no issues with automation of this etc I am slightly puzzled by the "no manual alteration" part as using roles does not allow me to prevent superusers (or the membership admin or the generic admin) from altering the roles and therefore adding or removing a custom role that satisfies the requirement.

Creating a page somewhere that stores the information about the members of that year seems counterproductive since a role would do exactly that.

So I guess my question is - can I create a "system" role that can be hidden or deactivated in the user edit screen and therefore prevent alteration at the user level. (At code level I'm not worried about any alterations being possible.)

Any thoughts or comments are greatly appreciated including (but not limited to) ridicule for completely missing a point here.

PS: Membership is added on an automated basis each year through a backend process, but a manual override has to remain in case of errors with their payment system. Hence why this had not been requested for the other roles.

Link to comment
Share on other sites

After some significant head scratching and frequent application of forehead to desk I might have found a solution for this - in theory at least. The idea came when I realised the system already hides the superuser role from non-superusers. Since this is achieved in a hookable function (my life saver on many occasions) within ProcessUser.module I should be able to add some form of check for role pages that have status hidden applied and remove them from view for non-superusers. In the long run I can then move to ensure the hidden roles are shown to superusers differently and possibly prevent them from being selectable, but for now this should work. Will confirm for anybody interested once I've had a chance to spin up the dev environment.

Link to comment
Share on other sites

After some more testing I have now discovered that the following hook called at line 107 in ProcessUser.module is in fact not doing anything and the superuser role is shown to all users who are able to assign roles to users. The hook is defined from line 115 in the same module file.

	public function ___executeEdit() {
		
		if(!$this->wire('user')->isSuperuser()) { 
			// prevent showing superuser role at all
			$this->addHookAfter('InputfieldPage::getSelectablePages', $this, 'hookGetSelectablePages'); 
		}
		
		$this->addHookAfter('ProcessPageEdit::buildForm', $this, 'hookPageEditBuildForm'); 
		
		return parent::___executeEdit();
	}
	
	public function hookGetSelectablePages($event) {
		if($event->object->attr('name') != 'roles') return;
		$suRoleID = $this->wire('config')->superUserRolePageID;
		foreach($event->return as $role) {
			if($role->id == $suRoleID) $event->return->remove($role);
		}
	}
	
	public function hookPageEditBuildForm(HookEvent $event) {
		$form = $event->return;
		$theme = $form->getChildByName('admin_theme');
		if(!$theme) return;
		if(!$theme->attr('value')) {
			$theme->attr('value', $this->wire('config')->defaultAdminTheme); 
		}
	}

Any ideas anybody? I work with hooks a fair bit, but this one has me stumped completely.

EDIT: I know the hook is never called, but I don't get why since InputfieldPage::getSelectablePages as far as I can gather is in fact called to create the list of roles.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...