Update samlauth settings when a role is created or deleted

config/sync/config_ignore.settings.yml

@@ -13,4 +13,5 @@ ignored_config_entities:
   - 'system.action.user_add_role_action.custm_*'
   - 'system.action.user_remove_role_action.custm_*'
   - 'next.next_site.*'
+  - 'samlauth.authentication:map_users_roles'
 enable_export_filtering: false

config/sync/user.role.site_manager.yml

@@ -112,7 +112,6 @@ permissions:
   - 'create terms in basic_page_types'
   - 'create terms in event_audience'
   - 'create terms in media_tags'
-  - 'create terms in media_tags'
   - 'create terms in stanford_event_types'
   - 'create terms in stanford_news_topics'
   - 'create terms in stanford_person_types'
@@ -163,7 +162,6 @@ permissions:
   - 'delete terms in basic_page_types'
   - 'delete terms in event_audience'
   - 'delete terms in media_tags'
-  - 'delete terms in media_tags'
   - 'delete terms in stanford_event_types'
   - 'delete terms in stanford_news_topics'
   - 'delete terms in stanford_person_types'
@@ -215,7 +213,6 @@ permissions:
   - 'edit terms in basic_page_types'
   - 'edit terms in event_audience'
   - 'edit terms in media_tags'
-  - 'edit terms in media_tags'
   - 'edit terms in stanford_event_types'
   - 'edit terms in stanford_news_topics'
   - 'edit terms in stanford_person_types'
@@ -256,16 +253,7 @@ permissions:
   - 'view any unpublished stanford_policy content'
   - 'view any unpublished stanford_publication content'
   - 'view editoria11y checker'
-  - 'view own unpublished content'
-  - 'view own unpublished media'
-  - 'view policy log'
   - 'view scheduled content'
-  - 'view stanford_course revisions'
-  - 'view stanford_event revisions'
-  - 'view stanford_event_series revisions'
-  - 'view stanford_news revisions'
-  - 'view stanford_page revisions'
-  - 'view stanford_person revisions'
   - 'view stanford_policy revisions'
   - 'view stanford_publication revisions'
   - 'view the administration theme'

src/EventSubscriber/EventSubscriber.php

@@ -6,9 +6,13 @@
 use Drupal\Core\File\FileSystemInterface;
 use Drupal\Core\Logger\LoggerChannelFactoryInterface;
 use Drupal\Core\StreamWrapper\StreamWrapperManager;
+use Drupal\core_event_dispatcher\EntityHookEvents;
+use Drupal\core_event_dispatcher\Event\Entity\EntityDeleteEvent;
+use Drupal\core_event_dispatcher\Event\Entity\EntityInsertEvent;
 use Drupal\default_content\Event\DefaultContentEvents;
 use Drupal\default_content\Event\ImportEvent;
 use Drupal\file\FileInterface;
+use Drupal\user\UserInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 
 /**
@@ -31,13 +35,6 @@ class EventSubscriber implements EventSubscriberInterface {
    */
   const FETCH_DIR = '/sites/default/files/';
 
-  /**
-   * File system service.
-   *
-   * @var \Drupal\Core\File\FileSystemInterface
-   */
-  protected $fileSystem;
-
   /**
    * Logger channel service.
    *
@@ -51,26 +48,63 @@ class EventSubscriber implements EventSubscriberInterface {
   public static function getSubscribedEvents() {
     return [
       DefaultContentEvents::IMPORT => 'onContentImport',
+      EntityHookEvents::ENTITY_INSERT => 'onEntityInsert',
+      EntityHookEvents::ENTITY_DELETE => 'onEntityDelete',
     ];
   }
 
   /**
    * EventSubscriber constructor.
    *
-   * @param \Drupal\Core\File\FileSystemInterface $file_system
+   * @param \Drupal\Core\File\FileSystemInterface $fileSystem
    *   File system service.
    * @param \Drupal\Core\Logger\LoggerChannelFactoryInterface $logger_factory
    *   Logger factory service.
    */
-  public function __construct(FileSystemInterface $file_system, LoggerChannelFactoryInterface $logger_factory) {
-    $this->fileSystem = $file_system;
+  public function __construct(protected FileSystemInterface $fileSystem, LoggerChannelFactoryInterface $logger_factory) {
     $this->logger = $logger_factory->get('stanford_profile');
   }
 
   /**
-   * Empty function to avoid errors until cache is cleared.
+   * On entity insert event.
+   *
+   * @param \Drupal\core_event_dispatcher\Event\Entity\EntityInsertEvent $event
+   *   Triggered event.
    */
-  public function preSaveEntity(): void {}
+  public function onEntityInsert(EntityInsertEvent $event) {
+    if ($event->getEntity()->getEntityTypeId() == 'user_role') {
+      self::updateSamlauthRoles();
+    }
+  }
+  /**
+   * On entity delete event.
+   *
+   * @param \Drupal\core_event_dispatcher\Event\Entity\EntityDeleteEvent $event
+   *   Triggered event.
+   */
+  public function onEntityDelete(EntityDeleteEvent $event) {
+    if ($event->getEntity()->getEntityTypeId() == 'user_role') {
+      self::updateSamlauthRoles();
+    }
+  }
+
+  /**
+   * Update samlauth allowed roles settings.
+   */
+  protected static function updateSamlauthRoles() {
+    if (!\Drupal::moduleHandler()->moduleExists('samlauth')) {
+      return;
+    }
+
+    $roles = user_role_names(TRUE);
+    unset($roles[UserInterface::AUTHENTICATED_ROLE]);
+    $config = \Drupal::configFactory()->getEditable('samlauth.authentication');
+    ksort($roles);
+    foreach ($roles as $role_id => &$label) {
+      $label = $role_id;
+    }
+    $config->set('map_users_roles', $roles)->save();
+  }
 
   /**
    * When content is imported, download the images.

stanford_profile.post_update.php

@@ -83,3 +83,18 @@ function stanford_profile_post_update_update_field_defs() {
     }
   }
 }
+
+/**
+ * Enable samlauth.
+ */
+function stanford_profile_post_update_samlauth() {
+  if (\Drupal::moduleHandler()->moduleExists('stanford_samlauth')) {
+    return;
+  }
+  $ignore_settings = \Drupal::configFactory()
+    ->getEditable('config_ignore.settings');
+  $ignored = $ignore_settings->get('ignored_config_entities');
+  $ignored[] = 'samlauth.authentication:map_users_roles';
+  $ignore_settings->set('ignored_config_entities', $ignored)->save();
+  \Drupal::service('module_installer')->install(['stnaford_samlauth']);
+}