Merge pull request #268 - userprotect, roleassign

Updating drupal/userprotect (1.0.0 => 1.1.0)
Updating drupal/roleassign (1.0.0-alpha2 => 1.0.0-beta1)

composer.json

@@ -155,7 +155,7 @@
         "drupal/recaptcha": "2.5",
         "drupal/redirect": "1.6",
         "drupal/redis": "1.0",
-        "drupal/roleassign": "1.0.0-alpha2",
+        "drupal/roleassign": "1.0.0-beta1",
         "drupal/scheduler": "1.3",
         "drupal/search_api": "1.17",
         "drupal/search_api_db": "1.17",
@@ -171,7 +171,7 @@
         "drupal/token": "1.7",
         "drupal/twig_tweak": "2.6",
         "drupal/twitter_block": "3.0-alpha0",
-        "drupal/userprotect": "1.0",
+        "drupal/userprotect": "1.1",
         "drupal/video_embed_field": "2.4",
         "drupal/view_unpublished": "1.0-rc1",
         "drupal/views_accordion": "1.1",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "b9be0e811209c12590dacc555ae9d6b5",
+    "content-hash": "c2365ed43ba16f074102a0f462effe00",
     "packages": [
         {
             "name": "alchemy/zippy",
@@ -6913,38 +6913,35 @@
         },
         {
             "name": "drupal/roleassign",
-            "version": "1.0.0-alpha2",
+            "version": "1.0.0-beta1",
             "source": {
                 "type": "git",
                 "url": "https://git.drupalcode.org/project/roleassign.git",
-                "reference": "8.x-1.0-alpha2"
+                "reference": "8.x-1.0-beta1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://ftp.drupal.org/files/projects/roleassign-8.x-1.0-alpha2.zip",
-                "reference": "8.x-1.0-alpha2",
-                "shasum": "e2c4cb24dd1bce59f4edcb3488377d2b12769136"
+                "url": "https://ftp.drupal.org/files/projects/roleassign-8.x-1.0-beta1.zip",
+                "reference": "8.x-1.0-beta1",
+                "shasum": "54848544164fdd7abcdb21b192eaf9788dc2da6d"
             },
             "require": {
-                "drupal/core": "~8.0"
+                "drupal/core": "^8 || ^9"
             },
             "type": "drupal-module",
             "extra": {
-                "branch-alias": {
-                    "dev-1.x": "1.x-dev"
-                },
                 "drupal": {
-                    "version": "8.x-1.0-alpha2",
-                    "datestamp": "1454394539",
+                    "version": "8.x-1.0-beta1",
+                    "datestamp": "1582204691",
                     "security-coverage": {
                         "status": "not-covered",
-                        "message": "Alpha releases are not covered by Drupal security advisories."
+                        "message": "Beta releases are not covered by Drupal security advisories."
                     }
                 }
             },
             "notification-url": "https://packages.drupal.org/8/downloads",
             "license": [
-                "GPL-2.0-or-later"
+                "GPL-2.0+"
             ],
             "authors": [
                 {
@@ -6952,10 +6949,11 @@
                     "homepage": "https://www.drupal.org/user/82964"
                 }
             ],
-            "description": "Allows site administrators to further delegate the task of managing user's roles.",
-            "homepage": "https://www.drupal.org/project/roleassign",
+            "description": "Allows site administrators to further delegate the task of managing user''s roles.",
+            "homepage": "http://drupal.org/project/roleassign",
             "support": {
-                "source": "http://cgit.drupalcode.org/roleassign"
+                "source": "https://git.drupalcode.org/project/roleassign",
+                "issues": "https://www.drupal.org/project/issues/roleassign"
             }
         },
         {
@@ -7824,29 +7822,29 @@
         },
         {
             "name": "drupal/userprotect",
-            "version": "1.0.0",
+            "version": "1.1.0",
             "source": {
                 "type": "git",
                 "url": "https://git.drupalcode.org/project/userprotect.git",
-                "reference": "8.x-1.0"
+                "reference": "8.x-1.1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://ftp.drupal.org/files/projects/userprotect-8.x-1.0.zip",
-                "reference": "8.x-1.0",
-                "shasum": "addff8ed82e8cdb77073e2a8b023a7e9809f856b"
+                "url": "https://ftp.drupal.org/files/projects/userprotect-8.x-1.1.zip",
+                "reference": "8.x-1.1",
+                "shasum": "485e240317a7fc1c0523b082f333c983ea3ca639"
             },
             "require": {
-                "drupal/core": "*"
+                "drupal/core": "^8 || ^9"
+            },
+            "require-dev": {
+                "drupal/role_delegation": "^1.0"
             },
             "type": "drupal-module",
             "extra": {
-                "branch-alias": {
-                    "dev-1.x": "1.x-dev"
-                },
                 "drupal": {
-                    "version": "8.x-1.0",
-                    "datestamp": "1477741139",
+                    "version": "8.x-1.1",
+                    "datestamp": "1578341583",
                     "security-coverage": {
                         "status": "covered",
                         "message": "Covered by Drupal's security advisory policy"

vendor/composer/installed.json

@@ -7124,40 +7124,37 @@
     },
     {
         "name": "drupal/roleassign",
-        "version": "1.0.0-alpha2",
-        "version_normalized": "1.0.0.0-alpha2",
+        "version": "1.0.0-beta1",
+        "version_normalized": "1.0.0.0-beta1",
         "source": {
             "type": "git",
             "url": "https://git.drupalcode.org/project/roleassign.git",
-            "reference": "8.x-1.0-alpha2"
+            "reference": "8.x-1.0-beta1"
         },
         "dist": {
             "type": "zip",
-            "url": "https://ftp.drupal.org/files/projects/roleassign-8.x-1.0-alpha2.zip",
-            "reference": "8.x-1.0-alpha2",
-            "shasum": "e2c4cb24dd1bce59f4edcb3488377d2b12769136"
+            "url": "https://ftp.drupal.org/files/projects/roleassign-8.x-1.0-beta1.zip",
+            "reference": "8.x-1.0-beta1",
+            "shasum": "54848544164fdd7abcdb21b192eaf9788dc2da6d"
         },
         "require": {
-            "drupal/core": "~8.0"
+            "drupal/core": "^8 || ^9"
         },
         "type": "drupal-module",
         "extra": {
-            "branch-alias": {
-                "dev-1.x": "1.x-dev"
-            },
             "drupal": {
-                "version": "8.x-1.0-alpha2",
-                "datestamp": "1454394539",
+                "version": "8.x-1.0-beta1",
+                "datestamp": "1582204691",
                 "security-coverage": {
                     "status": "not-covered",
-                    "message": "Alpha releases are not covered by Drupal security advisories."
+                    "message": "Beta releases are not covered by Drupal security advisories."
                 }
             }
         },
         "installation-source": "dist",
         "notification-url": "https://packages.drupal.org/8/downloads",
         "license": [
-            "GPL-2.0-or-later"
+            "GPL-2.0+"
         ],
         "authors": [
             {
@@ -7165,10 +7162,11 @@
                 "homepage": "https://www.drupal.org/user/82964"
             }
         ],
-        "description": "Allows site administrators to further delegate the task of managing user's roles.",
-        "homepage": "https://www.drupal.org/project/roleassign",
+        "description": "Allows site administrators to further delegate the task of managing user''s roles.",
+        "homepage": "http://drupal.org/project/roleassign",
         "support": {
-            "source": "http://cgit.drupalcode.org/roleassign"
+            "source": "https://git.drupalcode.org/project/roleassign",
+            "issues": "https://www.drupal.org/project/issues/roleassign"
         }
     },
     {
@@ -8066,30 +8064,30 @@
     },
     {
         "name": "drupal/userprotect",
-        "version": "1.0.0",
-        "version_normalized": "1.0.0.0",
+        "version": "1.1.0",
+        "version_normalized": "1.1.0.0",
         "source": {
             "type": "git",
             "url": "https://git.drupalcode.org/project/userprotect.git",
-            "reference": "8.x-1.0"
+            "reference": "8.x-1.1"
         },
         "dist": {
             "type": "zip",
-            "url": "https://ftp.drupal.org/files/projects/userprotect-8.x-1.0.zip",
-            "reference": "8.x-1.0",
-            "shasum": "addff8ed82e8cdb77073e2a8b023a7e9809f856b"
+            "url": "https://ftp.drupal.org/files/projects/userprotect-8.x-1.1.zip",
+            "reference": "8.x-1.1",
+            "shasum": "485e240317a7fc1c0523b082f333c983ea3ca639"
         },
         "require": {
-            "drupal/core": "*"
+            "drupal/core": "^8 || ^9"
+        },
+        "require-dev": {
+            "drupal/role_delegation": "^1.0"
         },
         "type": "drupal-module",
         "extra": {
-            "branch-alias": {
-                "dev-1.x": "1.x-dev"
-            },
             "drupal": {
-                "version": "8.x-1.0",
-                "datestamp": "1477741139",
+                "version": "8.x-1.1",
+                "datestamp": "1578341583",
                 "security-coverage": {
                     "status": "covered",
                     "message": "Covered by Drupal's security advisory policy"

web/modules/roleassign/CHANGELOG.txt

@@ -5,11 +5,23 @@ CHANGELOG for RoleAssign for Drupal 8
 roleassign 8.x-1.x-dev:
 
 
+roleassign 8.x-1.0-beta1 (2020-02-20):
+  Issue #2882158 by Munavijayalakshmi, salvis, amit.drupal: Convert module to use short array syntax (new coding standard).
+  Issue #3114240 by emek: Restrict roles when adding users with the CAS module.
+  Issue #3042823 by franskuipers, Berdir: Drupal 9 Deprecated Code Report.
+  Issue #3065871 by AkashkumarOSL, AmandeepKaur, Berdir: Adding Composer.json File.
+  Issue #2964630 by salvis: Move the Role Assign settings from "Configuration" to "People" where it's more easily found.
+  Issue #2935117 by idebr: Can't uninstall with Drush.
+  Issue by salvis: Add self-evident warning to the README.txt file.
+  Issue #2766347 by Vinay15, Dane Powell: Remove @file tag docblock from all the .php files.
+  Issue #2661864 by heykarthikwithu: Remove unused imports in the code base.
+  Issue #2758855 by Alan-H: Fix Hard-sets the Authenticated User role.
+
+
 roleassign 8.x-1.0-alpha2 (2016-02-02):
   Issue #2657668 by salvis, svendecabooter: Avoid uninitialized $assigned_roles variable.
   Issue #2658028 by svendecabooter: Provide default values for config entity.
 
-
 roleassign 8.x-1.0-alpha1 (2015-11-25):
   Issue #2405341 by svendecabooter, tkuldeep17, salvis: Initial port to D8.
   Issue #2405341: Branch to port to D8.

web/modules/roleassign/README.txt

@@ -82,3 +82,13 @@ permissions.
 assignable roles and change them as necessary.
 
 
+BEWARE
+------
+
+'Administer users' is and remains a security-critical permission that must NOT
+be given to untrusted users! RoleAssign will keep your assistant admins within
+their limits, but if you introduce alternative ways to edit users, assign roles,
+or give permissions (like the "Administration: Users" view in the popular
+Administration Views module), then you may be opening up ways for your
+assistant admins to gain additional privileges.
+

web/modules/roleassign/composer.json

+{
+  "name": "drupal/roleassign",
+  "description": "Allows site administrators to further delegate the task of managing user''s roles.",
+  "type": "drupal-module",
+  "homepage": "http://drupal.org/project/roleassign",
+  "support": {
+    "issues": "https://www.drupal.org/project/issues/roleassign"
+  },
+  "license": "GPL-2.0+",
+  "require": {
+    "drupal/core": "^8 || ^9"
+  }
+}

web/modules/roleassign/roleassign.info.yml

 name: RoleAssign
 description: 'Allows site administrators to further delegate the task of managing user''s roles.'
-# core: 8.x
+core: 8.x
+core_version_requirement: ^8 || ^9
 type: module
 configure: roleassign.settings
 
-# Information added by Drupal.org packaging script on 2016-02-02
-version: '8.x-1.0-alpha2'
-core: '8.x'
+# Information added by Drupal.org packaging script on 2020-02-20
+version: '8.x-1.0-beta1'
 project: 'roleassign'
-datestamp: 1454396974
+datestamp: 1582203773

web/modules/roleassign/roleassign.links.menu.yml

 roleassign.settings:
-  title: 'RoleAssign settings'
-  parent: user.admin_index
-  description: "Configuration settings to further delegate the task of managing user's roles."
-  weight: -8
+  title: 'Role assign'
+  parent: entity.user.collection
+  description: "Define the roles that can be assigned via the 'Assign roles' permission."
+  weight: 10
   route_name: roleassign.settings
-  menu_name: admin

web/modules/roleassign/roleassign.links.task.yml

+roleassign.settings:
+  title: 'Role assign'
+  route_name: roleassign.settings
+  base_route: entity.user.collection
+  weight: 15

web/modules/roleassign/roleassign.module

@@ -8,6 +8,7 @@
 
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Routing\RouteMatchInterface;
+use Drupal\Core\Url;
 use Drupal\user\RoleInterface;
 
 /**
@@ -37,12 +38,12 @@ function roleassign_help($route_name, RouteMatchInterface $route_match) {
       <ol>
         <li>Log in as a user with both the Assign roles and the Administer users permissions.</li>
         <li>To change the roles of a user, go to the user\'s account and review the assignable roles and change them as necessary.</li>
-      </ol>', array(
+      </ol>', [
         ':user_protect' => 'http://drupal.org/project/userprotect',
-      )
+      ]
     );
     case 'roleassign.settings':
-      return t('Users with both %administer_users and %assign_roles permissions are allowed to assign the roles selected below. For more information, see the <a href=":help">help page</a>.', array('%administer_users' => $permissions['administer users']['title'], '%assign_roles' => $permissions['assign roles']['title'], ':help' => \Drupal::url('help.page', array ('name' => 'roleassign'))));
+      return t('Users with both %administer_users and %assign_roles permissions are allowed to assign the roles selected below. For more information, see the <a href=":help">help page</a>.', ['%administer_users' => $permissions['administer users']['title'], '%assign_roles' => $permissions['assign roles']['title'], ':help' => Url::fromRoute('help.page', ['name' => 'roleassign'])->toString()]);
   }
 }
 
@@ -99,16 +100,16 @@ function roleassign_form_alter(&$form, FormStateInterface $form_state, $form_id)
       $sticky_roles[RoleInterface::AUTHENTICATED_ID] = $roles[RoleInterface::AUTHENTICATED_ID];
 
       // Store sticky roles in form values.
-      $form['sticky_roles'] = array('#type' => 'value', '#value' => $sticky_roles);
+      $form['sticky_roles'] = ['#type' => 'value', '#value' => $sticky_roles];
 
       // Build the assign roles checkboxes.
-      $roles_field = array(
+      $roles_field = [
         '#type' => 'checkboxes',
         '#title' => t('Assignable roles'),
         '#options' => $assignable_roles,
-        '#default_value' => empty($assigned_roles) ? array() : array_keys($assigned_roles),
-        '#description' => t('The user receives the combined permissions of all roles selected here and the following roles: %roles.', array('%roles' => implode(', ', $sticky_roles))),
-      );
+        '#default_value' => empty($assigned_roles) ? [] : array_keys($assigned_roles),
+        '#description' => t('The user receives the combined permissions of all roles selected here and the following roles: %roles.', ['%roles' => implode(', ', $sticky_roles)]),
+      ];
       // The user form is sometimes within an 'account' fieldset.
       if (isset($form['account'])) {
         $user_form =&$form['account'];
@@ -129,6 +130,15 @@ function roleassign_form_alter(&$form, FormStateInterface $form_state, $form_id)
         $user_form['roles'] = $roles_field;
       }
     }
+    elseif (\Drupal::moduleHandler()->moduleExists('cas') && $form_id == 'bulk_add_cas_users') {
+      // Get all roles that are available.
+      $roles = user_role_names(TRUE);
+
+      // Get roles that are available for assignment.
+      $assignable_roles = array_intersect_key($roles, array_filter(\Drupal::config('roleassign.settings')->get('roleassign_roles')));
+
+      $form['roles']['#options'] = $assignable_roles;
+    }
   }
 }
 
@@ -181,6 +191,8 @@ function roleassign_user_presave($account) {
  */
 function roleassign_get_unassignable_roles() {
   $all_roles = user_role_names(TRUE);
+  // Ignore Authenticated user as this is not required.
+  unset($all_roles[RoleInterface::AUTHENTICATED_ID]);
   $assignable_roles = array_filter(\Drupal::config('roleassign.settings')->get('roleassign_roles'));
   $unassignable_roles = array_diff(array_keys($all_roles), $assignable_roles);
   return $unassignable_roles;

web/modules/roleassign/roleassign.permissions.yml

 assign roles:
   title: 'Assign roles'
-  description: 'Allow users with the Administer users permission to assign a restricted set of roles.'
+  description: 'Allow users with the "Administer users" permission to assign a <a href="/admin/people/roleassign">restricted set of roles</a>.'
   restrict access: true

web/modules/roleassign/roleassign.routing.yml

 roleassign.settings:
-  path: '/admin/config/people/roleassign'
+  path: '/admin/people/roleassign'
   defaults:
     _form: '\Drupal\roleassign\Form\RoleAssignAdminForm'
     _title: 'Role assign'

web/modules/roleassign/src/Form/RoleAssignAdminForm.php

 <?php
 
-/**
- * @file
- * Contains \Drupal\roleassign\Form\RoleAssignAdminForm.
- */
-
 namespace Drupal\roleassign\Form;
 
 use Drupal\Core\Form\ConfigFormBase;
@@ -42,13 +37,13 @@ public function buildForm(array $form, FormStateInterface $form_state) {
     // Show checkboxes with roles that can be delegated if any.
     if ($roles) {
       $config = $this->config('roleassign.settings');
-      $form['roleassign_roles'] = array(
+      $form['roleassign_roles'] = [
         '#type' => 'checkboxes',
         '#title' => $this->t('Roles'),
         '#default_value' => $config->get('roleassign_roles'),
         '#options' => $roles,
         '#description' => $this->t('Select roles that should be available for assignment.'),
-      );
+      ];
     }
 
     return parent::buildForm($form, $form_state);

web/modules/roleassign/src/Plugin/views/field/RoleAssignUserBulkForm.php

 <?php
 
-/**
- * @file
- * Contains \Drupal\roleassign\Plugin\views\field\RoleAssignUserBulkForm.
- */
-
 namespace Drupal\roleassign\Plugin\views\field;
 
 use Drupal\views\Plugin\views\display\DisplayPluginBase;
@@ -27,7 +22,7 @@ public function init(ViewExecutable $view, DisplayPluginBase $display, array &$o
       // Remove actions that are not allowed based on RoleAssign settings.
       $assignable_roles = array_filter(\Drupal::config('roleassign.settings')->get('roleassign_roles'));
       foreach ($this->actions as $action_key => $action) {
-        if (in_array($action->get('plugin'), array('user_add_role_action', 'user_remove_role_action'))) {
+        if (in_array($action->get('plugin'), ['user_add_role_action', 'user_remove_role_action'])) {
           $config = $action->get('configuration');
           if (!in_array($config['rid'], $assignable_roles)) {
             unset($this->actions[$action_key]);

web/modules/roleassign/src/ProxyClass/RoleAssignUninstallValidator.php

 <?php
-
-/**
- * @file
- * Contains \Drupal\roleassign\ProxyClass\RoleAssignUninstallValidator.
- */
+// @codingStandardsIgnoreFile
 
 /**
  * This file was generated via php core/scripts/generate-proxy-class.php 'Drupal\roleassign\RoleAssignUninstallValidator' "modules/roleassign/src".

web/modules/roleassign/src/RoleAssignUninstallValidator.php

 <?php
 
-/**
- * @file
- * Contains \Drupal\roleassign\RoleAssignUninstallValidator.
- */
-
 namespace Drupal\roleassign;
 
-use Drupal\Core\Entity\EntityManagerInterface;
 use Drupal\Core\Extension\ModuleUninstallValidatorInterface;
 use Drupal\Core\StringTranslation\StringTranslationTrait;
 use Drupal\Core\StringTranslation\TranslationInterface;
@@ -34,6 +28,10 @@ public function __construct(TranslationInterface $string_translation) {
    */
   public function validate($module) {
     $reasons = [];
+    if ($this->isCli()) {
+      return $reasons;
+    }
+
     if ($module == "roleassign") {
       if (!\Drupal::currentUser()->hasPermission('administer roles')) {
         $reasons[] = $this->t('You are not allowed to disable this module.');
@@ -42,4 +40,14 @@ public function validate($module) {
     return $reasons;
   }
 
+  /**
+   * Indicates whether this is a CLI request.
+   *
+   * @return bool
+   *   TRUE for a cli request, or FALSE.
+   */
+  public function isCli() {
+    return PHP_SAPI === 'cli';
+  }
+
 }

web/modules/roleassign/src/Tests/RoleAssignPermissionTest.php → web/modules/roleassign/tests/src/Functional/RoleAssignPermissionTest.php

 <?php
 
-/**
- * @file
- * Contains \Drupal\roleassign\Tests\RoleAssignPermissionTest.
- */
-
-namespace Drupal\roleassign\Tests;
+namespace Drupal\Tests\roleassign\Functional;
 
-use Drupal\simpletest\WebTestBase;
+use Drupal\Tests\BrowserTestBase;
 use Drupal\user\Entity\User;
 use Drupal\user\RoleInterface;
 
@@ -16,7 +11,7 @@
  *
  * @group roleassign
  */
-class RoleAssignPermissionTest extends WebTestBase {
+class RoleAssignPermissionTest extends BrowserTestBase {
 
   /**
    * The user object to test (un)assigning roles to.
@@ -40,6 +35,11 @@ class RoleAssignPermissionTest extends WebTestBase {
    */
   protected $admin_user;
 
+  /**
+   * {@inheritdoc}
+   */
+  protected $defaultTheme = 'stark';
+
   /**
    * Modules to install.
    *
@@ -51,16 +51,16 @@ protected function setUp() {
     parent::setUp();
 
     // Add Editor role
-    $this->drupalCreateRole(array(), 'editor', 'Editor');
+    $this->drupalCreateRole([], 'editor', 'Editor');
     // Add Webmaster role
-    $this->drupalCreateRole(array('administer users', 'assign roles'), 'webmaster', 'Webmaster');
+    $this->drupalCreateRole(['administer users', 'assign roles'], 'webmaster', 'Webmaster');
     // Add 'protected' SiteAdmin role
-    $this->drupalCreateRole(array('administer users', 'administer permissions'), 'siteadmin', 'SiteAdmin');
+    $this->drupalCreateRole(['administer users', 'administer permissions'], 'siteadmin', 'SiteAdmin');
 
     // Configure RoleAssign module - only editor & webmaster roles are
     // assignable by restricted users (i.e. webmasters)
     $this->config('roleassign.settings')
-      ->set('roleassign_roles', array('editor' => 'editor', 'webmaster' => 'webmaster'))
+      ->set('roleassign_roles', ['editor' => 'editor', 'webmaster' => 'webmaster'])
       ->save();
 
     // Create a testaccount that we will be trying to assign roles.
@@ -68,12 +68,12 @@ protected function setUp() {
 
     // Create a test restricted user without "administer permissions" permission
     // but with "assign roles" permission provided by RoleAssign.
-    $this->restricted_user = $this->drupalCreateUser(array('administer users', 'assign roles'));
+    $this->restricted_user = $this->drupalCreateUser(['administer users', 'assign roles']);
 
     // Create a test admin user with "administer users " &
     // "administer permissions" permissions, where RoleAssign will have no
     // effect on.
-    $this->admin_user = $this->drupalCreateUser(array('administer users', 'administer permissions'));
+    $this->admin_user = $this->drupalCreateUser(['administer users', 'administer permissions']);
   }
 
   /**
@@ -81,7 +81,7 @@ protected function setUp() {
    */
   function testRoleAssignSettings()  {
     $assignable_roles = array_filter(\Drupal::config('roleassign.settings')->get('roleassign_roles'));
-    $this->assertIdentical(array('editor' => 'editor', 'webmaster' => 'webmaster'), $assignable_roles);
+    $this->assertIdentical(['editor' => 'editor', 'webmaster' => 'webmaster'], $assignable_roles);
   }
 
   /**
@@ -101,7 +101,7 @@ function testRoleAssignRestrictedUser()  {
     $this->assertNoField('edit-roles-siteadmin');
 
     // Assign the role "editor" to the account.
-    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', array("roles[editor]" => "editor"), t('Save'));
+    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', ["roles[editor]" => "editor"], t('Save'));
     $this->assertText(t('The changes have been saved.'));
     $this->assertFieldChecked('edit-roles-editor', 'Role editor is assigned.');
     $this->assertNoFieldChecked('edit-roles-webmaster');
@@ -110,7 +110,7 @@ function testRoleAssignRestrictedUser()  {
     $this->userLoadAndCheckRoleAssigned($this->testaccount, RoleInterface::AUTHENTICATED_ID);
 
     // Remove the role "editor" from the account.
-    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', array("roles[editor]" => FALSE), t('Save'));
+    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', ["roles[editor]" => FALSE], t('Save'));
     $this->assertText(t('The changes have been saved.'));
     $this->assertNoFieldChecked('edit-roles-editor', 'Role editor is removed.');
     $this->assertNoFieldChecked('edit-roles-webmaster');
@@ -119,10 +119,10 @@ function testRoleAssignRestrictedUser()  {
     $this->userLoadAndCheckRoleAssigned($this->testaccount, RoleInterface::AUTHENTICATED_ID);
 
     // Try to assign a restricted role programmatically to a new user.
-    $values = array(
+    $values = [
       'name' => $this->randomString(),
-      'roles' => array('editor', 'siteadmin'),
-    );
+      'roles' => ['editor', 'siteadmin'],
+    ];
     $code_account = User::create($values);
     $code_account->save();
 
@@ -148,7 +148,7 @@ function testRoleAssignAdminUser()  {
     $this->assertNoFieldChecked('edit-roles-siteadmin');
 
     // Assign the role "SiteAdmin" to the account.
-    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', array("roles[siteadmin]" => "siteadmin"), t('Save'));
+    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', ["roles[siteadmin]" => "siteadmin"], t('Save'));
     $this->assertText(t('The changes have been saved.'));
     $this->assertFieldChecked('edit-roles-siteadmin', 'Role siteadmin is assigned.');
     $this->userLoadAndCheckRoleAssigned($this->testaccount, 'siteadmin');
@@ -159,7 +159,7 @@ function testRoleAssignAdminUser()  {
 
     // Assign the role "editor" to the account, and test that the assigned
     // "siteadmin" role doesn't get lost.
-    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', array("roles[editor]" => "editor"), t('Save'));
+    $this->drupalPostForm('user/' . $this->testaccount->id() . '/edit', ["roles[editor]" => "editor"], t('Save'));
     $this->assertText(t('The changes have been saved.'));
     $this->assertFieldChecked('edit-roles-editor', 'Role editor is assigned.');
     $this->assertNoField('edit-roles-siteadmin');
@@ -180,8 +180,8 @@ function testRoleAssignAdminUser()  {
    *   Defaults to TRUE.
    */
   private function userLoadAndCheckRoleAssigned($account, $rid, $is_assigned = TRUE) {
-    $user_storage = $this->container->get('entity.manager')->getStorage('user');
-    $user_storage->resetCache(array($account->id()));
+    $user_storage = \Drupal::entityTypeManager()->getStorage('user');
+    $user_storage->resetCache([$account->id()]);
     $account = $user_storage->load($account->id());
     if ($is_assigned) {
       $this->assertFalse(array_search($rid, $account->getRoles()) === FALSE, 'The role is present in the user object.');

web/modules/userprotect/README.txt

-User protect
+User Protect
+============
+
+CONTENTS OF THIS FILE
+---------------------
+
+ * Introduction
+ * Requirements
+ * Installation
+ * Configuration
+ * Maintainers
+
+
+INTRODUCTION
+------------
+
+The User Protect module allows fine-grained access control of user
+administrators, by providing various editing protection for users. The
+protections can be specific to a user, or applied to all users in a role.
+
+The following protections are supported:
+
+ * Username
+ * E-mail address
+ * Password
+ * Status
+ * Roles
+ * Edit operation (user/X/edit)
+ * Delete operation (user/X/cancel)
+
+ * For a full description of the module visit:
+   https://www.drupal.org/project/userprotect
+
+ * To submit bug reports and feature suggestions, or to track changes visit:
+   https://www.drupal.org/project/issues/userprotect
+
+
+REQUIREMENTS
+------------
+
+This module requires no modules outside of Drupal core.
+
+
+INSTALLATION
 ------------
-by MegaChriz
-Previously (Drupal 7 and before) written by Chad Philips.
 
-This module provides various editing protection for users.
+ * Install the User Protect module as you would normally install a contributed
+   Drupal module. Visit https://www.drupal.org/node/1897420 for further
+   information.
+
+
+CONFIGURATION
+-------------
+
+    1. Navigate to Administration > Extend and enable the module.
+    2. Navigate to Administration > Configuration > People > User protect for
+       configurations.
+
+There are two types of protection rules:
+
+ * User based protection rules:
+   This user will be protected for all users except: "User 1" (admin), the
+   protected user itself, and users with the permissions to "Bypass all user
+   protections".
+ * Role based protection rules:
+   This role will be protected for all users except: "User 1" (admin), and users
+   with the permissions to "Bypass all user protections".
+
+A protection rule prevents any user to perform the selected editing operations
+(such as changing password or changing mail address) on the specified user.
+There are two exceptions in which a configured protection rule does not apply:
+
+ * The logged in user has permission to bypass the protection rule.
+
+ * The specified user is the current logged in user.
+   Protection rules don't count for the user itself. Instead, there are
+   permissions available to prevent an user from editing its own account,
+   username, e-mail address, or password.
+
+Protected fields will be disabled or hidden on the form at user/X/edit. The edit
+and delete operations are protected by controlling entity access for the
+operations 'update' and 'delete'.
+
+
+MAINTAINERS
+-----------
+
+ * Youri van Koppen (MegaChriz) - https://www.drupal.org/user/654114

web/modules/userprotect/composer.json

@@ -8,5 +8,8 @@
   "support": {
     "issues": "https://www.drupal.org/project/issues/userprotect",
     "source": "http://cgit.drupalcode.org/userprotect"
+  },
+  "require-dev": {
+    "drupal/role_delegation": "^1.0"
   }
 }

web/modules/userprotect/src/Access/UserProtectRoleAccessCheck.php

+<?php
+
+namespace Drupal\userprotect\Access;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Routing\Access\AccessInterface;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\user\UserInterface;
+
+/**
+ * Class UserProtectRoleAccessCheck.
+ *
+ * @package Drupal\userprotect\Access
+ */
+class UserProtectRoleAccessCheck implements AccessInterface {
+
+  /**
+   * Custom access check for the /user/%/roles.
+   *
+   * This check will only occur when role_delegation is enabled.
+   *
+   * @param \Drupal\Core\Session\AccountInterface $account
+   *   Run access checks for this account.
+   * @param \Drupal\user\UserInterface $user
+   *   The user we are editing.
+   *
+   * @return \Drupal\Core\Access\AccessResultInterface
+   *   The access result.
+   */
+  public function access(AccountInterface $account, UserInterface $user) {
+    $access_result = $user->access('user_roles', $account) ? AccessResult::allowed() : AccessResult::forbidden();
+    return $access_result->cachePerUser()->addCacheableDependency($user);
+  }
+
+}