From c464ae035d89a17dc9400b28b18baf9a64ec4fa2 Mon Sep 17 00:00:00 2001
From: "Quintino A. G. Souza" <quin@unicamp.br>
Date: Tue, 24 Feb 2026 10:00:56 -0300
Subject: [PATCH] =?UTF-8?q?fix:=20Grava=20false=20para=20campos=20protegid?=
 =?UTF-8?q?os=20ao=20salvar=20configura=C3=A7=C3=B5es?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Campos que retornam forbidden() em fieldAccess() são gravados como
false no submitForm(), evitando que um valor true residual persista
quando um campo passa a ser protegido por outro módulo. Inclui também
o nome do campo no label no formato [módulo:field_name].

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/Form/SiteUsersSettingsForm.php | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/Form/SiteUsersSettingsForm.php b/src/Form/SiteUsersSettingsForm.php
index fc17e35..48e9163 100644
--- a/src/Form/SiteUsersSettingsForm.php
+++ b/src/Form/SiteUsersSettingsForm.php
@@ -25,9 +25,10 @@ class SiteUsersSettingsForm extends ConfigFormBase {
     foreach ($definitions as $field_name => $definition) {
       if ($definition instanceof FieldConfigInterface) {
         $provider = $this->getFieldStorageProvider($field_name);
-        $fields[$field_name] = $this->t('@label [@module]', [
+        $fields[$field_name] = $this->t('@label [@module:@field]', [
           '@label' => $definition->getLabel(),
           '@module' => $provider,
+          '@field' => $field_name,
         ]);
       }
     }
@@ -47,10 +48,11 @@ class SiteUsersSettingsForm extends ConfigFormBase {
   protected function getFieldStorageProvider(string $field_name): string {
     $config_file = 'field.storage.user.' . $field_name . '.yml';
     $module_handler = \Drupal::moduleHandler();
+    $root = \Drupal::root();
 
     foreach ($module_handler->getModuleList() as $module_name => $module) {
       foreach (['config/install', 'config/optional'] as $dir) {
-        if (file_exists($module->getPath() . '/' . $dir . '/' . $config_file)) {
+        if (file_exists($root . '/' . $module->getPath() . '/' . $dir . '/' . $config_file)) {
           return $module_name;
         }
       }
@@ -144,10 +146,20 @@ class SiteUsersSettingsForm extends ConfigFormBase {
       ->set('photos.max_count', $form_state->getValue('photos_max_count'))
       ->set('photos.ldap_attribute', $form_state->getValue('photos_ldap_attribute'));
 
+    $definitions = \Drupal::service('entity_field.manager')
+      ->getFieldDefinitions('user', 'user');
+    $access_handler = \Drupal::entityTypeManager()
+      ->getAccessControlHandler('user');
     $editable = $form_state->getValue('user_editable_fields');
     foreach (array_keys($this->getEditableFields()) as $field_name) {
-      // Disabled fields are not submitted; skip them to preserve current value.
-      if (isset($editable[$field_name])) {
+      $is_protected = $access_handler
+        ->fieldAccess('edit', $definitions[$field_name], NULL, NULL, TRUE)
+        ->isForbidden();
+      if ($is_protected) {
+        // Campos protegidos por outros módulos são sempre não-editáveis.
+        $config->set('user_editable_fields.' . $field_name, FALSE);
+      }
+      elseif (isset($editable[$field_name])) {
         $config->set('user_editable_fields.' . $field_name, (bool) $editable[$field_name]);
       }
     }