From 551cc7489698c0219d1902b78cc47d0dbdb2a77e Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Thu, 4 Jun 2009 09:52:33 +0000
Subject: [PATCH] - Patch #480660 by catch, brianV, et al: add an administrator
 role to core.

---
 modules/user/user.admin.inc      | 41 ++++++++++++++++++++++++++++++++
 modules/user/user.test           | 22 ++++++++++++++++-
 profiles/default/default.profile | 19 +++++++++++++++
 3 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc
index b53f9b9279b8..303d2ff0a07e 100644
--- a/modules/user/user.admin.inc
+++ b/modules/user/user.admin.inc
@@ -251,6 +251,26 @@ function user_admin_settings() {
     '#required' => TRUE,
   );
 
+  // Administrative role option.
+  $form['admin_role'] = array(
+    '#type' => 'fieldset',
+    '#title' => t ('Administrator role'),
+  );
+
+  // Don't allow users to set the anonymous or authenticated user roles as the
+  // administrator role.
+  $roles = user_roles();
+  $roles = array_slice($roles, 2, NULL, TRUE);
+  $roles[0] = t('disabled');
+
+  $form['admin_role']['user_admin_role'] = array(
+    '#type' => 'select',
+    '#title' => t('Administrator role'),
+    '#default_value' => variable_get('user_admin_role', 0),
+    '#options' => $roles,
+    '#description' => t('This role will be automatically assigned new permissions whenever a module is enabled. Changing this setting will not affect existing permissions.'),
+  );
+
   // User registration settings.
   $form['registration_cancellation'] = array(
     '#type' => 'fieldset',
@@ -910,3 +930,24 @@ function theme_user_filters($form) {
 
   return $output;
 }
+
+/**
+ * Implementation of hook_modules_installed().
+ */
+function user_modules_installed($modules) {
+  // Assign all available permissions to the administrator role.
+  $rid = variable_get('user_admin_role', 0);
+  if ($rid) {
+    foreach ($modules as $module) {
+      if ($permissions = module_invoke($module, 'perm')) {
+        foreach (array_keys($permissions) as $permission) {
+          db_insert('role_permission')
+            ->fields(array(
+              'rid' => $rid,
+               'permission' => $permission,
+            ))->execute();
+        }
+      }
+    }
+  }
+}
diff --git a/modules/user/user.test b/modules/user/user.test
index 9b5e6d471fe6..e12294a3a389 100644
--- a/modules/user/user.test
+++ b/modules/user/user.test
@@ -733,7 +733,7 @@ class UserPermissionsTestCase extends DrupalWebTestCase {
   function setUp() {
     parent::setUp();
 
-    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles'));
+    $this->admin_user = $this->drupalCreateUser(array('administer permissions', 'access user profiles', 'administer site configuration', 'administer users'));
 
     // Find the new role ID - it must be the maximum.
     $all_rids = array_keys($this->admin_user->roles);
@@ -766,6 +766,26 @@ class UserPermissionsTestCase extends DrupalWebTestCase {
     $this->assertFalse(user_access('access user profiles', $account, TRUE), t('User no longer has "access user profiles" permission.'));
   }
 
+  /**
+   * Test assigning of permissions for the administrator role.
+   */
+  function testAdministratorRole() {
+    $this->drupalLogin($this->admin_user);
+    $this->drupalGet('admin/user/settings');
+
+    // Set the user's role to be the administrator role.
+    $edit = array();
+    $edit['user_admin_role'] = $this->rid;
+    $this->drupalPost('admin/user/settings', $edit, t('Save configuration'));
+
+    // Enable aggregator module and ensure the 'administer news feeds'
+    // permission is assigned by default.
+    $edit = array();
+    $edit['modules[Core][aggregator][enable]'] = TRUE;
+    $this->drupalPost('admin/build/modules', $edit, t('Save configuration'));
+
+    $this->assertTrue(user_access('administer news feeds', $this->admin_user, TRUE), t('The permission was automatically assigned to the administrator role'));
+  }
 }
 
 class UserAdminTestCase extends DrupalWebTestCase {
diff --git a/profiles/default/default.profile b/profiles/default/default.profile
index c12e36ad12ee..d75e878c4ebb 100644
--- a/profiles/default/default.profile
+++ b/profiles/default/default.profile
@@ -214,6 +214,25 @@ function default_profile_tasks(&$task, $url) {
   ))->execute();
   db_insert('taxonomy_vocabulary_node_type')->fields(array('vid' => $vid, 'type' => 'article'))->execute();
 
+  // Create a default role for site administrators.
+  $rid = db_insert('role')->fields(array('name' => 'administrator'))->execute();
+
+  // Set this as the administrator role.
+  variable_set('user_admin_role', $rid);
+
+  // Assign all available permissions to this role.
+  foreach (module_implements('perm') as $module) {
+    if ($permissions = module_invoke($module, 'perm')) {
+      foreach (array_keys($permissions) as $permission) {
+        db_insert('role_permission')
+          ->fields(array(
+            'rid' => $rid,
+             'permission' => $permission,
+          ))->execute();
+      }
+    }
+  }
+
   // Update the menu router information.
   menu_rebuild();
 
-- 
GitLab