On a default Drupal install, users with 'administer permissions' and 'administer users' permissions can go to Administer » User management (/admin/user/user), select multiple users, and then either add or remove roles by using the "Update options" drop down and selecting a role under "Add a role to the selected users" or "Remove a role from the selected users".

However, with Role Delegation this is not possible. Instead, the individual users accounts have to be edited one at a time (on the user edit pages /user/[uid]/edit).

The RoleAssign module is able to implement this functionality, so I assume it must be possible for a module to do. Also, since Role Delegation claims to supersede RoleAssign, implementing this functionality is important in order for that claim to remain true.

I'm happy to provide more info or test patches if needed. Thanks!

CommentFileSizeAuthor
#12 role_delegation_batch_update_D7_2.patch3.42 KBAndrew Schulman
#11 role_delegation_batch_update_D7.patch3.44 KBAndrew Schulman
#8 role_delegation_batch_update.patch2.33 KBAndrew Schulman
#1 role_delegation_batch_update.patch2.09 KBAndrew Schulman
#4 role_delegation_batch_update-2.patch2.36 KBAndrew Schulman

Comments

Andrew Schulman’s picture

Andrew Schulman commented
Status: Needs work » Active
StatusFileSize
new role_delegation_batch_update.patch2.09 KB

shark, I agree that this is an essential feature.

I'm attaching a patch that I believe implements this. Please review and test. After applying the patch, be sure to clear your Drupal cache before going to admin/user/user to see the new batch operations.

Note to role_delegation maintainer(s): I borrowed most of role_delegation_user_operations() from user_user_operations() in user.module.

Andrew Schulman’s picture

Andrew Schulman commented
Status: Active » Needs review
Andrew Schulman’s picture

Andrew Schulman commented
Status: Needs review » Needs work

Hm. Although this works, it causes the user module to emit a 'Detected malicious attempt to alter protected user fields' warning in the log. I'll look into this.

Andrew Schulman’s picture

Andrew Schulman commented
Status: Needs review » Needs work
StatusFileSize
new role_delegation_batch_update-2.patch2.36 KB

OK, here's a revised patch that fixes the log warnings. I had to change the operation names from e.g. add_role to role_delegation_add_role, so that user_user_operations() wouldn't worry about the permissions. Please test.

Andrew Schulman’s picture

Andrew Schulman commented
Status: Needs work » Needs review
shark’s picture

shark commented
Status: Active » Needs review

I tested the patch in #4. Works great!

Thanks Andrew.

Andrew Schulman’s picture

Andrew Schulman commented
Status: Needs review » Reviewed & tested by the community
Andrew Schulman’s picture

Andrew Schulman commented
StatusFileSize
new role_delegation_batch_update.patch2.33 KB

Comment cleanups.

Andrew Schulman’s picture

Andrew Schulman commented

This patch is tested and ready. Can we get it incorporated into a new release? Thanks, Andrew.

David Lesieur’s picture

David Lesieur commented
Version: 6.x-1.2 » 7.x-1.x-dev
Status: Reviewed & tested by the community » Patch (to be ported)

Committed to the DRUPAL-6--1 branch. Thanks for not giving up! :)

This will need to be ported to Drupal 7.

Andrew Schulman’s picture

Andrew Schulman commented
Status: Patch (to be ported) » Needs review
StatusFileSize
new role_delegation_batch_update_D7.patch3.44 KB

Here's a port of this feature to D7.

The approach I used here for providing the operations is a little different than in D6. In the D6 patch I submitted, role_delegation_user_operations() returns a nested array of operations, e.g.

array(
  'Add a role to the selected users' => array(
    'role_delegation_add_role-1' => 'Role 1',
  ),
  'Remove a role from the selected users' => array(
    'role_delegation_remove_role-1' => 'Role 1',
  ), 
)

This is actually not right. The API for hook_user_operations (not available for D7 yet, but it's the same) is clear that hook_user_operations() should only return a simple array of operations, not a nested array. However the above works, because in the form API, form_select_options() does accept nested arrays of options, which it renders as optgroups.

A better approach is to return a simple array, as the API requires, of properly labeled operations, e.g.

array(
  'role_delegation_add_role-1' => 'Add role: Role 1',
  'role_delegation_remove_role-1' => 'Remove role: Role 1',
)

Then separately alter the user bulk update form to present these as nested options, as before. The user sees the same thing, but we follow the API, so the operations can also be used elsewhere (e.g. in VBO) and be properly labeled there.

This is what I did for D7. The correction could also be applied in D6, but it's probably not worth the trouble since the existing code works.

Andrew Schulman’s picture

Andrew Schulman commented
StatusFileSize
new role_delegation_batch_update_D7_2.patch3.42 KB

Here's a slightly corrected patch:

  • Still checks for unauthorized role assignment even if the operation list is empty.
  • Checks array_key_exists() so as not to cause an 'undefined index' error in case of a watchdog warning.
Andrew Schulman’s picture

Andrew Schulman commented
Status: Needs review » Fixed

Fixed committed in 7.x-1.x-dev.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.