Just like you can restrict node types for a nodereference field,
it would be useful to specify "referenceable" profiles for a userreference field

CommentFileSizeAuthor
#2 userref_role.patch.txt1.85 KBedrex

Comments

edrex’s picture

edrex commented

+1 This is clearly a necessary feature in order for userrefs to be fully usable.

edrex’s picture

edrex commented
Title: usereeference : restrict to given role(s) » User Refs: Restrict by role
Assigned: Unassigned » edrex
Status: Active » Needs review
StatusFileSize
new userref_role.patch.txt1.85 KB

Ok, I've implemented this.

I had to make some behavioral decisions, others should discuss if the behavior is appropriate.

Anonymous isn't shown in the role list. Currently, making a field optional and selecting the empty value results in the anonymous user being associated with the node. This needs to be resolved, but for now I'm just leaving out the Anon role.

Selecting Authenticated User as an allowed role results in the current behavior: all users (except Anon) are available. If Auth User isn't allowed, then only users with the allowed roles are available.

This feature needs testing.

Changed functions:

function userreference_field_settings($op, $field) {
  switch ($op) {
    case 'form':
      $form = array();
      $form['referenceable_roles'] = array(
        '#type' => 'checkboxes',
        '#title' => t('User roles that can be referenced'),
        '#multiple' => TRUE,
        '#default_value' => isset($field['referenceable_roles']) ? $field['referenceable_roles'] : array(),
        '#options' => user_roles(1),
      );
      return $form;

    case 'save':
      return array('referenceable_roles');

    case 'database columns':
      $columns = array(
        'uid' => array('type' => 'int', 'not null' => TRUE, 'default' => '0'),
      );
      return $columns;
  }
}

function _userreference_potential_references($field) {
  $related_roles = array();

  if (!isset($field['referenceable_roles'])){
    $field['referenceable_roles'] = user_roles(1);
  }

  if (in_array(2, $field['referenceable_roles'])) {
    $result = db_query("SELECT u.name, u.uid FROM {users} u WHERE uid > 0 ORDER BY u.name ASC");
  } else {
    foreach ($field['referenceable_roles'] as $related_role) {
      if ($related_role) {
        $related_roles[] = $related_role;
      }
    }
    $result = db_query("SELECT u.name, u.uid FROM {users} u LEFT JOIN {users_roles} r ON u.uid = r.uid WHERE u.uid > 0 AND r.rid IN (" . implode($related_roles, ',') . ')');
  }

  if (!$field['required']) {
    $rows = array(0 => '');
  } else {
    $rows = array();
  }

  while ($user = db_fetch_object($result)) {
    $rows[$user->uid] = $user->name;
  }

  return $rows;
}
edrex’s picture

edrex commented

I thought about this afterward, and I wonder if this feature hasn't been deferred until work commences on per-field access control. I know there's a horrendous amount of traffic, but if one of the Joh?ns could indicate a preference for this patch?

Also, anyone interested in this feature should test it and indicate problems or lack of problems.

hutch’s picture

hutch commented

Using version 4.7.1 of drupal and userreference.module,v 1.24

I have applied the userref_role.patch and it's working so far, only limited testing but it's just what I was looking for, a great improvement.

Thanks!

jonbob’s picture

jonbob commented
Status: Needs review » Fixed

Committed with bugfixes.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)