From 1b2885e1a4a28c6763c1e831456c76002abb8fe3 Mon Sep 17 00:00:00 2001
From: Santeri Hurnanen <santeri.hurnanen@fame.fi>
Date: Mon, 26 Aug 2024 08:18:28 +0300
Subject: [PATCH] UHF-10045: Improve instructions

---
 README.md                                     |  1 +
 helfi_platform_config.module                  | 25 ---------
 modules/helfi_users/Readme.md                 |  7 +++
 modules/helfi_users/helfi_users.info.yml      |  2 +
 modules/helfi_users/helfi_users.module        | 51 +++++++++++++++++--
 .../helfi_users/helfi_users.permissions.yml   |  4 +-
 modules/helfi_users/translations/fi.po        | 14 +++++
 7 files changed, 72 insertions(+), 32 deletions(-)
 create mode 100644 modules/helfi_users/Readme.md
 create mode 100644 modules/helfi_users/translations/fi.po

diff --git a/README.md b/README.md
index 4649a7c28..c63e5927f 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ This repository holds configuration for the Hel.fi platform.
 - [Update instructions (2.x to 3.x)](documentation/update.md)
 - [Two-factor authentication/TFA/MFA](/modules/helfi_tfa/README.md)
 - [JSON:API remote entities](/modules/helfi_etusivu_entities/README.md)
+- [Users](/modules/helfi_users/README.md)
 
 ## Contact
 
diff --git a/helfi_platform_config.module b/helfi_platform_config.module
index 2f9a32dc7..22c7ee45b 100644
--- a/helfi_platform_config.module
+++ b/helfi_platform_config.module
@@ -496,31 +496,6 @@ function helfi_platform_config_config_ignore_settings_alter(array &$settings) {
   }
 }
 
-/**
- * Implements hook_user_cancel_methods_alter().
- */
-function helfi_platform_config_user_cancel_methods_alter(array &$methods): void {
-  /** @var \Drupal\Core\Session\AccountInterface $account */
-  $account = \Drupal::currentUser();
-
-  // Only allow user to disable user accounts if the user doesn't have
-  // a permission to delete user accounts.
-  $white_listed_methods = [
-    'user_cancel_block',
-    'user_cancel_block_unpublish',
-  ];
-
-  // Deny access to all non-whitelisted methods if user doesn't have
-  // the 'delete user accounts' permission.
-  if (!$account->hasPermission('delete user accounts')) {
-    foreach ($methods as $name => &$method) {
-      if (!in_array($name, $white_listed_methods)) {
-        $method['access'] = FALSE;
-      }
-    }
-  }
-}
-
 /**
  * Implements hook_config_schema_info_alter().
  */
diff --git a/modules/helfi_users/Readme.md b/modules/helfi_users/Readme.md
new file mode 100644
index 000000000..4643be34b
--- /dev/null
+++ b/modules/helfi_users/Readme.md
@@ -0,0 +1,7 @@
+# HELfi users
+
+Fixes related to deleting or banning users.
+
+Other user account related fixes and features:
+ - [Expired users](https://github.com/City-of-Helsinki/drupal-module-helfi-api-base/blob/main/documentation/user-expire.md)
+ - [Infofinland user sanitization](https://github.com/City-of-Helsinki/drupal-infofinland/blob/dev/public/modules/custom/infofinland_user_cancel/README.md)
diff --git a/modules/helfi_users/helfi_users.info.yml b/modules/helfi_users/helfi_users.info.yml
index 9d502a1e2..79569281f 100644
--- a/modules/helfi_users/helfi_users.info.yml
+++ b/modules/helfi_users/helfi_users.info.yml
@@ -3,3 +3,5 @@ description: 'Fixes related to deleting or canceling users.'
 package: HELfi
 type: module
 core_version_requirement: ^10 || ^11
+'interface translation project': helfi_users
+'interface translation server pattern': modules/contrib/helfi_platform_config/modules/helfi_users/translations/%language.po
diff --git a/modules/helfi_users/helfi_users.module b/modules/helfi_users/helfi_users.module
index 7bf64e337..1b5390e31 100644
--- a/modules/helfi_users/helfi_users.module
+++ b/modules/helfi_users/helfi_users.module
@@ -10,7 +10,9 @@ declare(strict_types=1);
  * and we can reassign module weights / run order if necessary.
  */
 
+use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Session\AccountInterface;
+use Drupal\Core\StringTranslation\TranslatableMarkup;
 use Drupal\user\Entity\User;
 use Drupal\user\UserInterface;
 
@@ -28,6 +30,47 @@ function helfi_users_module_implements_alter(&$implementations, $hook) : void {
   }
 }
 
+/**
+ * Implements hook_form_alter().
+ */
+function helfi_users_form_alter(&$form, FormStateInterface $form_state, $form_id): void {
+  if (!in_array($form_id, ["user_multiple_cancel_confirm", "user_cancel_form"])) {
+    return;
+  }
+
+  // Hide email confirmation checkbox.
+  $form['user_cancel_confirm']['#access'] = FALSE;
+  $form['user_cancel_method']['#description'] = new TranslatableMarkup(
+    "Banning accounts prevents them from logging in. If the account is no longer needed, it should be deleted."
+  );
+}
+
+/**
+ * Implements hook_user_cancel_methods_alter().
+ */
+function helfi_users_user_cancel_methods_alter(array &$methods): void {
+  // User can only access allowed methods. User must also have
+  // 'administer users' permission from core to be able to cancel users.
+  $allowed_methods = [
+    'user_cancel_block' => new TranslatableMarkup("Ban the account and keep their content."),
+    'user_cancel_block_unpublish' => new TranslatableMarkup("Ban the account and unpublish their content."),
+    'user_cancel_reassign' => new TranslatableMarkup("Delete the account and make their content belong to %uid1. This action cannot be undone.", [
+      '%uid1' => User::load(1)->getAccountName(),
+    ]),
+  ];
+
+  foreach ($allowed_methods as $name => $title) {
+    $methods[$name]['title'] = $title;
+  }
+
+  // Without special permission, user is not allowed to access all methods.
+  if (!\Drupal::currentUser()->hasPermission('allow all user cancel methods')) {
+    foreach ($methods as $name => &$method) {
+      $method['access'] = array_key_exists($name, $allowed_methods);
+    }
+  }
+}
+
 /**
  * Implements hook_user_cancel().
  *
@@ -38,11 +81,9 @@ function helfi_users_module_implements_alter(&$implementations, $hook) : void {
  * This has to run before node module's user_cancel hook.
  */
 function helfi_users_user_cancel($edit, UserInterface $account, $method): void {
-  switch ($method) {
-    case 'user_cancel_reassign':
-      // Anonymize all the nodes for this old account.
-      _helfi_users_reassign_nodes($account, User::load(1));
-      break;
+  // Reassign nodes for the old account.
+  if ($method === 'user_cancel_reassign') {
+    _helfi_users_reassign_nodes($account, User::load(1));
   }
 }
 
diff --git a/modules/helfi_users/helfi_users.permissions.yml b/modules/helfi_users/helfi_users.permissions.yml
index 65cb8132e..d605b1dad 100644
--- a/modules/helfi_users/helfi_users.permissions.yml
+++ b/modules/helfi_users/helfi_users.permissions.yml
@@ -1,2 +1,2 @@
-delete user accounts:
-  title: Delete user accounts
+allow all user cancel methods:
+  title: All access to all user cancel methods
diff --git a/modules/helfi_users/translations/fi.po b/modules/helfi_users/translations/fi.po
new file mode 100644
index 000000000..bf1eb9146
--- /dev/null
+++ b/modules/helfi_users/translations/fi.po
@@ -0,0 +1,14 @@
+msgid ""
+msgstr ""
+
+msgid "Ban the account and keep their content."
+msgstr "Estä käyttäjä ja säilytä luotu sisältö."
+
+msgid "Ban the account and unpublish their content."
+msgstr "Estä käyttäjä ja piilota luotu sisältö."
+
+msgid "Delete the account and make their content belong to %uid1. This action cannot be undone."
+msgstr "Poista käyttäjä ja siirrä luotu sisältö käyttäjälle %uid1. Tätä toimintoa ei voi peruuttaa."
+
+msgid "Banning accounts prevents them from logging in. If the account is no longer needed, it should be deleted."
+msgstr "Käyttäjän estäminen estää kirjautumisen käyttäjällä. Käyttäjä tulisi poistaa jos sitä ei enää tarvita."