EICNET-2979: Filter sensitive groups when the user doesn't have the s…

…ensitive role

lib/modules/eic_admin/eic_admin.module

@@ -7,6 +7,40 @@
 
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Entity\EntityFormInterface;
+use Drupal\views\Plugin\views\query\QueryPluginBase;
+use Drupal\views\ViewExecutable;
+
+/**
+ * Implements hook_views_query_alter().
+ */
+function eic_admin_views_query_alter(ViewExecutable $view, QueryPluginBase $query) {
+  if ($view->id() === 'admin_groups' && $view->current_display === 'page_admin_groups') {
+    $current_user_roles = \Drupal::currentUser()->getRoles(TRUE);
+    if (!in_array('sensitive', $current_user_roles, TRUE)) {
+      /** @var \Drupal\views\Plugin\views\query\Sql $query */
+      $group = count($query->where);
+
+      while (isset($query->where[$group])) {
+        $group++;
+      }
+
+      $definition = [
+        'table' => 'oec_group_visibility',
+        'field' => 'gid',
+        'left_table' => 'groups_field_data',
+        'left_field' => 'id',
+      ];
+      // Instantiates the join plugin.
+      $join = \Drupal::service('plugin.manager.views.join')->createInstance('standard', $definition);
+      // Adds the join relationship to the query.
+      $query->addRelationship('oec_group_visibility', $join, 'oec_group_visibility');
+      // Filters out the query by the selected group visibilities.
+      $query->addWhere($group, 'oec_group_visibility.type', ['sensitive'], 'NOT IN');
+    }
+
+  }
+
+}
 
 /**
  * Implements template_preprocess_views_view_field().