Skip to content

Add admin setting to disable user-specific logout thresholds #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
alexellison wants to merge 1 commit into
base: 8.x-1.x
Choose a base branch
from
Open

Add admin setting to disable user-specific logout thresholds #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions autologout.module
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,10 @@ function autologout_form_user_form_alter(&$form, FormStateInterface $form_state)
$user_id = $form_state->getFormObject()->getEntity()->id();
$access = FALSE;

// If user has access to change, and they are changing their own and only
// their own timeout. Or they are an admin.
if (($user->hasPermission('change own logout threshold') && $user->id() == $user_id) || $user->hasPermission('administer autologout')) {
// If user-specific thresholds are enabled (the default), and user has access
// to change and they are changing their own and only
// their own timeout, or they are an admin.
if (!\Drupal::config('autologout.settings')->get('no_individual_logout_threshold') && (($user->hasPermission('change own logout threshold') && $user->id() == $user_id) || $user->hasPermission('administer autologout'))) {
$access = TRUE;
}

Expand Down Expand Up @@ -83,7 +84,8 @@ function autologout_user_profile_submit(&$form, FormStateInterface $form_state)

// Access is reused here as a security measure. Not only will the element not
// display but wont submit without access.
if ($access) {
// Do not store config if setting to not store config for every user is TRUE.
if ($access && !\Drupal::config('autologout.settings')->get('no_individual_logout_threshold')) {
\Drupal::configFactory()->getEditable('autologout.user.' . $user_id)
->set('enabled', $enabled)
->set('timeout', $timeout)
Expand Down
9 changes: 9 additions & 0 deletions src/Form/AutologoutSettingsForm.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,14 @@ public function buildForm(array $form, FormStateInterface $form_state) {
'#description' => $this->t('How many seconds to give a user to respond to the logout dialog before ending their session.'),
);

$form['no_individual_logout_threshold'] = array(
'#type' => 'checkbox',
'#title' => $this->t('Disable user-specific logout thresholds'),
'#default_value' => $config->get('no_individual_logout_threshold'),
'#weight' => -5,
'#description' => $this->t('Enable to only allow autologout thresholds to be set globally on this form. You may want to do this if...<br>1.) You don\'t plan on allowing users to set their own logout threshold.<br>2.) You don\'t allow writing to the config directory in your production environment and still want autologout admins to be able to create or edit users.'),
);

$form['role_logout'] = array(
'#type' => 'checkbox',
'#title' => $this->t('Role Timeout'),
Expand Down Expand Up @@ -289,6 +297,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
$autologout_settings->set('timeout', $values['timeout'])
->set('max_timeout', $values['max_timeout'])
->set('padding', $values['padding'])
->set('no_individual_logout_threshold', $values['no_individual_logout_threshold'])
->set('role_logout', $values['role_logout'])
->set('redirect_url', $values['redirect_url'])
->set('no_dialog', $values['no_dialog'])
Expand Down