From b46283f146fdfcb68e034a1694c11bd4f48a34c0 Mon Sep 17 00:00:00 2001
From: Alex Ellison <alex.ellison@thinkshout.com>
Date: Sat, 21 May 2016 16:34:19 -0700
Subject: [PATCH] Add admin setting to "Disable user-specific logout
 thresholds" that, if TRUE, hides the autologout threshold text field from the
 user edit form and does not set a autologout.user.uid configuration item on
 form submit.

---
 autologout.module                   | 10 ++++++----
 src/Form/AutologoutSettingsForm.php |  9 +++++++++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/autologout.module b/autologout.module
index 033d8cc..29b38f3 100644
--- a/autologout.module
+++ b/autologout.module
@@ -33,9 +33,10 @@ function autologout_form_user_form_alter(&$form, FormStateInterface $form_state)
   $user_id = $form_state->getFormObject()->getEntity()->id();
   $access = FALSE;
 
-  // If user has access to change, and they are changing their own and only
-  // their own timeout. Or they are an admin.
-  if (($user->hasPermission('change own logout threshold') && $user->id() == $user_id) || $user->hasPermission('administer autologout')) {
+  // If user-specific thresholds are enabled (the default), and user has access
+  // to change and they are changing their own and only
+  // their own timeout, or they are an admin.
+  if (!\Drupal::config('autologout.settings')->get('no_individual_logout_threshold') && (($user->hasPermission('change own logout threshold') && $user->id() == $user_id) || $user->hasPermission('administer autologout'))) {
     $access = TRUE;
   }
 
@@ -83,7 +84,8 @@ function autologout_user_profile_submit(&$form, FormStateInterface $form_state)
 
   // Access is reused here as a security measure. Not only will the element not
   // display but wont submit without access.
-  if ($access) {
+  // Do not store config if setting to not store config for every user is TRUE.
+  if ($access && !\Drupal::config('autologout.settings')->get('no_individual_logout_threshold')) {
     \Drupal::configFactory()->getEditable('autologout.user.' . $user_id)
       ->set('enabled', $enabled)
       ->set('timeout', $timeout)
diff --git a/src/Form/AutologoutSettingsForm.php b/src/Form/AutologoutSettingsForm.php
index 4b64ecb..7b5a325 100644
--- a/src/Form/AutologoutSettingsForm.php
+++ b/src/Form/AutologoutSettingsForm.php
@@ -95,6 +95,14 @@ public function buildForm(array $form, FormStateInterface $form_state) {
       '#description' => $this->t('How many seconds to give a user to respond to the logout dialog before ending their session.'),
     );
 
+    $form['no_individual_logout_threshold'] = array(
+      '#type' => 'checkbox',
+      '#title' => $this->t('Disable user-specific logout thresholds'),
+      '#default_value' => $config->get('no_individual_logout_threshold'),
+      '#weight' => -5,
+      '#description' => $this->t('Enable to only allow autologout thresholds to be set globally on this form. You may want to do this if...<br>1.) You don\'t plan on allowing users to set their own logout threshold.<br>2.) You don\'t allow writing to the config directory in your production environment and still want autologout admins to be able to create or edit users.'),
+    );
+
     $form['role_logout'] = array(
       '#type' => 'checkbox',
       '#title' => $this->t('Role Timeout'),
@@ -289,6 +297,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
     $autologout_settings->set('timeout', $values['timeout'])
       ->set('max_timeout', $values['max_timeout'])
       ->set('padding', $values['padding'])
+      ->set('no_individual_logout_threshold', $values['no_individual_logout_threshold'])
       ->set('role_logout', $values['role_logout'])
       ->set('redirect_url', $values['redirect_url'])
       ->set('no_dialog', $values['no_dialog'])