From 8245acede57ecc62a90aa0f19ff3b29e5f11f971 Mon Sep 17 00:00:00 2001
From: Sascha Grossenbacher <saschagros@gmail.com>
Date: Thu, 16 Nov 2023 23:57:24 +0100
Subject: [PATCH] New implementation for 12.x, based on PR #4725 (#5808)

---
 .../sql/SanitizeUserTableCommands.php         | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/Drupal/Commands/sql/SanitizeUserTableCommands.php b/src/Drupal/Commands/sql/SanitizeUserTableCommands.php
index ea94caf5f0..b896047715 100644
--- a/src/Drupal/Commands/sql/SanitizeUserTableCommands.php
+++ b/src/Drupal/Commands/sql/SanitizeUserTableCommands.php
@@ -74,6 +74,22 @@ public function sanitize($result, CommandData $commandData): void
             $messages[] = dt('User emails sanitized.');
         }
 
+        if (!empty($options['ignored-roles'])) {
+            $roles = explode(',', $options['ignored-roles']);
+            /** @var \Drupal\Core\Database\Query\SelectInterface $roles_query */
+            $roles_query = $this->database->select('user__roles', 'ur');
+            $roles_query
+                ->condition('roles_target_id', $roles, 'IN')
+                ->fields('ur', ['entity_id']);
+            $roles_query_results = $roles_query->execute();
+            $ignored_users = $roles_query_results->fetchCol();
+
+            if (!empty($ignored_users)) {
+                $query->condition('uid', $ignored_users, 'NOT IN');
+                $messages[] = dt('User emails and passwords for the specified roles preserved.');
+            }
+        }
+
         if ($messages) {
             $query->execute();
             $this->entityTypeManager->getStorage('user')->resetCache();
@@ -86,7 +102,8 @@ public function sanitize($result, CommandData $commandData): void
     #[CLI\Hook(type: HookManager::OPTION_HOOK, target: SanitizeCommands::SANITIZE)]
     #[CLI\Option(name: 'sanitize-email', description: 'The pattern for test email addresses in the sanitization operation, or <info>no</info> to keep email addresses unchanged. May contain replacement patterns <info>%uid</info>, <info>%mail</info> or <info>%name</info>.')]
     #[CLI\Option(name: 'sanitize-password', description: 'By default, passwords are randomized. Specify <info>no</info> to disable that. Specify any other value to set all passwords to that value.')]
-    public function options($options = ['sanitize-email' => 'user+%uid@localhost.localdomain', 'sanitize-password' => null]): void
+    #[CLI\Option(name: 'ignored-roles', description: 'A comma delimited list of roles. Users with at least one of the roles will be exempt from sanitization.')]
+    public function options($options = ['sanitize-email' => 'user+%uid@localhost.localdomain', 'sanitize-password' => null, 'ignored-roles' => null]): void
     {
     }
 
@@ -100,6 +117,9 @@ public function messages(&$messages, InputInterface $input): void
         if ($this->isEnabled($options['sanitize-email'])) {
             $messages[] = dt('Sanitize user emails.');
         }
+        if (in_array('ignored-roles', $options)) {
+            $messages[] = dt('Preserve user emails and passwords for the specified roles.');
+        }
     }
 
     /**