feat: Configuração de campos editáveis pelo próprio usuário

Adiciona seção na tela de configurações do módulo que permite ao
administrador controlar quais campos do perfil cada usuário pode
editar no próprio perfil, independentemente das permissões de papel.

- site_users.settings.yml: novo grupo user_editable_fields (todos
  habilitados por padrão)
- SiteUsersSettingsForm: fieldset com checkboxes por campo
- site_users.module: site_users_check_profile_field_access() e
  site_users_check_photo_field_access() recebem field_name e
  consultam a config ao verificar 'edit own'; resultado inclui
  cache tag config:site_users.settings
- translations/site_users.pt-br.po: novas strings traduzidas

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

config/install/site_users.settings.yml

@@ -1,3 +1,9 @@
 photos:
   max_count: 5
   ldap_attribute: 'jpegPhoto'
+user_editable_fields:
+  field_user_name: true
+  field_user_phone: true
+  field_user_bio: true
+  field_user_social_links: true
+  field_user_photos: true

site_users.module

@@ -67,12 +67,12 @@ function site_users_entity_field_access($operation, FieldDefinitionInterface $fi
 
   // Verificar se é um campo de perfil.
   if (in_array($field_name, $profile_fields)) {
-    return site_users_check_profile_field_access($operation, $account, $items);
+    return site_users_check_profile_field_access($operation, $account, $items, $field_name);
   }
 
   // Verificar se é um campo de fotos.
   if (in_array($field_name, $photo_fields)) {
-    return site_users_check_photo_field_access($operation, $account, $items);
+    return site_users_check_photo_field_access($operation, $account, $items, $field_name);
   }
 
   return AccessResult::neutral();
@@ -81,7 +81,7 @@ function site_users_entity_field_access($operation, FieldDefinitionInterface $fi
 /**
  * Verifica acesso aos campos de perfil.
  */
-function site_users_check_profile_field_access($operation, AccountInterface $account, ?FieldItemListInterface $items = NULL) {
+function site_users_check_profile_field_access($operation, AccountInterface $account, ?FieldItemListInterface $items = NULL, string $field_name = '') {
   // Administradores têm acesso total.
   if ($account->hasPermission('administer site_users settings')) {
     return AccessResult::allowed()->cachePerPermissions();
@@ -111,9 +111,14 @@ function site_users_check_profile_field_access($operation, AccountInterface $acc
     if ($account->hasPermission('edit any user profile fields')) {
       return AccessResult::allowed()->cachePerPermissions();
     }
-    // Pode editar apenas o próprio perfil.
+    // Pode editar apenas o próprio perfil, se o campo estiver habilitado na config.
     if ($is_own && $account->hasPermission('edit own user profile fields')) {
-      return AccessResult::allowed()->cachePerPermissions()->cachePerUser();
+      $config = \Drupal::config('site_users.settings');
+      $field_enabled = $config->get('user_editable_fields.' . $field_name) ?? TRUE;
+      if ($field_enabled) {
+        return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheTags(['config:site_users.settings']);
+      }
+      return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->addCacheTags(['config:site_users.settings']);
     }
     return AccessResult::forbidden()->cachePerPermissions()->cachePerUser();
   }
@@ -124,7 +129,7 @@ function site_users_check_profile_field_access($operation, AccountInterface $acc
 /**
  * Verifica acesso ao campo de fotos.
  */
-function site_users_check_photo_field_access($operation, AccountInterface $account, ?FieldItemListInterface $items = NULL) {
+function site_users_check_photo_field_access($operation, AccountInterface $account, ?FieldItemListInterface $items = NULL, string $field_name = '') {
   // Administradores têm acesso total.
   if ($account->hasPermission('administer site_users settings')) {
     return AccessResult::allowed()->cachePerPermissions();
@@ -153,9 +158,14 @@ function site_users_check_photo_field_access($operation, AccountInterface $accou
     if ($account->hasPermission('manage user photos')) {
       return AccessResult::allowed()->cachePerPermissions();
     }
-    // Pode gerenciar apenas as próprias fotos.
+    // Pode gerenciar apenas as próprias fotos, se o campo estiver habilitado na config.
     if ($is_own && $account->hasPermission('manage own user photos')) {
-      return AccessResult::allowed()->cachePerPermissions()->cachePerUser();
+      $config = \Drupal::config('site_users.settings');
+      $field_enabled = $config->get('user_editable_fields.' . $field_name) ?? TRUE;
+      if ($field_enabled) {
+        return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheTags(['config:site_users.settings']);
+      }
+      return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->addCacheTags(['config:site_users.settings']);
     }
     return AccessResult::forbidden()->cachePerPermissions()->cachePerUser();
   }

src/Form/SiteUsersSettingsForm.php

@@ -10,6 +10,22 @@ use Drupal\Core\Form\FormStateInterface;
  */
 class SiteUsersSettingsForm extends ConfigFormBase {
 
+  /**
+   * Returns the list of fields controllable by the admin.
+   *
+   * @return array
+   *   Associative array of field_name => label.
+   */
+  protected function getEditableFields(): array {
+    return [
+      'field_user_name' => $this->t('Full Name'),
+      'field_user_phone' => $this->t('Phone'),
+      'field_user_bio' => $this->t('Biography'),
+      'field_user_social_links' => $this->t('Social Links'),
+      'field_user_photos' => $this->t('Photos'),
+    ];
+  }
+
   /**
    * {@inheritdoc}
    */
@@ -55,6 +71,22 @@ class SiteUsersSettingsForm extends ConfigFormBase {
       '#maxlength' => 255,
     ];
 
+    // Fieldset para campos editáveis pelo próprio usuário.
+    $form['user_editable_fields'] = [
+      '#type' => 'fieldset',
+      '#title' => $this->t('User-editable profile fields'),
+      '#description' => $this->t('Select which fields users with the "Edit own user profile fields" or "Manage own user photos" permission can edit on their own profile.'),
+      '#tree' => TRUE,
+    ];
+
+    foreach ($this->getEditableFields() as $field_name => $label) {
+      $form['user_editable_fields'][$field_name] = [
+        '#type' => 'checkbox',
+        '#title' => $label,
+        '#default_value' => $config->get('user_editable_fields.' . $field_name) ?? TRUE,
+      ];
+    }
+
     return parent::buildForm($form, $form_state);
   }
 
@@ -62,10 +94,18 @@ class SiteUsersSettingsForm extends ConfigFormBase {
    * {@inheritdoc}
    */
   public function submitForm(array &$form, FormStateInterface $form_state) {
-    $this->config('site_users.settings')
+    $config = $this->config('site_users.settings');
+
+    $config
       ->set('photos.max_count', $form_state->getValue('photos_max_count'))
-      ->set('photos.ldap_attribute', $form_state->getValue('photos_ldap_attribute'))
-      ->save();
+      ->set('photos.ldap_attribute', $form_state->getValue('photos_ldap_attribute'));
+
+    $editable = $form_state->getValue('user_editable_fields');
+    foreach (array_keys($this->getEditableFields()) as $field_name) {
+      $config->set('user_editable_fields.' . $field_name, (bool) ($editable[$field_name] ?? FALSE));
+    }
+
+    $config->save();
 
     parent::submitForm($form, $form_state);
   }

translations/site_users.pt-br.po

@@ -128,6 +128,13 @@ msgstr "Redes Sociais"
 msgid "Social network profile links."
 msgstr "Links de perfil em redes sociais."
 
+# Settings form - user editable fields
+msgid "User-editable profile fields"
+msgstr "Campos do perfil editáveis pelo usuário"
+
+msgid "Select which fields users with the \"Edit own user profile fields\" or \"Manage own user photos\" permission can edit on their own profile."
+msgstr "Selecione quais campos os usuários com a permissão \"Editar campos do próprio perfil\" ou \"Gerenciar próprias fotos\" podem editar no próprio perfil."
+
 # Template
 msgid "Phone:"
 msgstr "Telefone:"