Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

D8CORE-4551: updated permissions for contributors and site editors #690

Merged
merged 13 commits into from
Sep 12, 2023
12 changes: 7 additions & 5 deletions config/sync/user.role.contributor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ dependencies:
config:
- filter.format.stanford_html
- filter.format.stanford_minimal_html
- media.type.embeddable
- media.type.file
- media.type.google_form
- media.type.image
Expand All @@ -25,7 +26,6 @@ dependencies:
- editoria11y
- filter
- media
- menu_admin_per_menu
- node
- paragraphs
- pathauto
Expand All @@ -49,21 +49,17 @@ permissions:
- 'access user profiles'
- 'add citation entities'
- 'add content to books'
- 'administer main menu items'
- 'break content lock'
- 'create file media'
- 'create google_form media'
- 'create image media'
- 'create media'
- 'create policy log'
- 'create stanford_course content'
- 'create stanford_event content'
- 'create stanford_event_series content'
- 'create stanford_gallery_images media'
- 'create stanford_news content'
- 'create stanford_page content'
- 'create stanford_person content'
pookmish marked this conversation as resolved.
Show resolved Hide resolved
- 'create stanford_policy content'
- 'create stanford_publication content'
- 'create video media'
- 'delete citation entities'
Expand All @@ -82,6 +78,9 @@ permissions:
- 'delete own stanford_publication content'
- 'delete own video media'
- 'dropzone upload files'
- 'edit any embeddable media'
- 'edit any file media'
- 'edit any google_form media'
- 'edit any image media'
- 'edit any stanford_course content'
- 'edit any stanford_event content'
Expand All @@ -92,8 +91,10 @@ permissions:
- 'edit any stanford_person content'
- 'edit any stanford_policy content'
- 'edit any stanford_publication content'
- 'edit any video media'
- 'edit behavior plugin settings'
- 'edit citation entities'
- 'edit own embeddable media'
- 'edit own file media'
- 'edit own google_form media'
- 'edit own image media'
Expand All @@ -112,6 +113,7 @@ permissions:
- 'mark as ok in editoria11y'
- 'notify of path changes'
- 'schedule publishing of nodes'
- 'update any media'
- 'update media'
- 'use text format stanford_html'
- 'use text format stanford_minimal_html'
Expand Down
5 changes: 5 additions & 0 deletions config/sync/user.role.site_editor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,9 @@ permissions:
- 'delete terms in stanford_publication_topics'
- 'delete terms in su_shared_tags'
- 'dropzone upload files'
- 'edit any embeddable media'
- 'edit any file media'
- 'edit any google_form media'
- 'edit any image media'
- 'edit any stanford_course content'
- 'edit any stanford_event content'
Expand All @@ -149,6 +152,7 @@ permissions:
- 'edit any stanford_person content'
- 'edit any stanford_policy content'
- 'edit any stanford_publication content'
- 'edit any video media'
- 'edit behavior plugin settings'
- 'edit citation entities'
- 'edit field_media_embeddable_code'
Expand Down Expand Up @@ -188,6 +192,7 @@ permissions:
- 'revert stanford_policy revisions'
- 'revert stanford_publication revisions'
- 'schedule publishing of nodes'
- 'update any media'
- 'update media'
- 'use text format stanford_html'
- 'use text format stanford_minimal_html'
Expand Down
14 changes: 14 additions & 0 deletions config/sync/user.role.su_site_embedder.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
uuid: 9dedbe8e-27b6-40de-95fd-29e4efe67be4
langcode: en
status: true
dependencies:
module:
- field_permissions
id: su_site_embedder
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add a couple codeception tests for this role

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can do.

label: 'Site Embedder'
weight: 1
is_admin: false
permissions:
- 'create field_media_embeddable_code'
- 'edit field_media_embeddable_code'
- 'edit own field_media_embeddable_code'
4 changes: 2 additions & 2 deletions tests/codeception/acceptance/Content/EventsSeriesCest.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,9 @@ public function testContentTypeExists(AcceptanceTester $I) {
public function testContributorPerms(AcceptanceTester $I) {
$I->logInWithRole('contributor');

// Can create a node.
// D8CORE-4551: Can NOT create a node.
$I->amOnPage('/node/add/stanford_event_series');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseCodeIs(403);

// Can not delete a node that is not theirs but can edit.
$node = $this->createEventSeriesNode($I);
Expand Down
12 changes: 10 additions & 2 deletions tests/codeception/acceptance/Content/PolicyCest.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,14 @@ public function testPolicyAccess(AcceptanceTester $I) {
$I->logInWithRole('contributor');
$I->amOnPage('/node/add/stanford_policy');
$I->cantSee('Create a new book');
// D8CORE-4551 - removed create policy permission for contributors
$I->canSee('Access Denied');
$book = $I->createEntity([
'type' => 'stanford_policy',
'su_policy_title' => $this->faker->words(2, TRUE) . '-baz-foo',
'su_policy_auto_prefix' => 1,
]);
$I->amOnPage($book->toUrl('edit-form')->toString());
// This indicates they can add to an existing book.
$I->canSeeOptionIsSelected('Book', '- None -');
$I->cantSee('Policy Prefix');
Expand All @@ -63,7 +71,7 @@ public function testPolicyAccess(AcceptanceTester $I) {
/**
* Test book title changes.
*/
public function testPolicyTitle(AcceptanceTester $I){
public function testPolicyTitle(AcceptanceTester $I) {
$title = $this->faker->words(4, TRUE) . ' foo bar';
$I->logInWithRole('administrator');
$I->amOnPage('/node/add/stanford_policy');
Expand Down Expand Up @@ -231,7 +239,7 @@ public function testPolicyHeirarcy(AcceptanceTester $I) {
$I->canSee($chapter_two->label(), '.breadcrumb');
$I->canSee($article_one->label(), '.breadcrumb');

$I->canSee( $data_formatter->format($fifteen_days_ago, 'custom', 'F d, Y', self::getTimezone()));
$I->canSee($data_formatter->format($fifteen_days_ago, 'custom', 'F d, Y', self::getTimezone()));
$I->canSee($data_formatter->format($time, 'custom', 'F d, Y', self::getTimezone()));
$I->canSee($authority);

Expand Down
12 changes: 12 additions & 0 deletions tests/codeception/acceptance/Media/MediaPermissionsCest.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,18 @@ public function testAdminPerms(AcceptanceTester $I) {
$I->canSee('Embed Code');
}

/**
* Test site embedder perms
*/
public function testSiteEmbedderPerms(AcceptanceTester $I) {
$user = $I->createUserWithRoles(['su_site_embedder', 'site_manager']);
$I->logInAs($user->getAccountName());
$I->amOnPage('/media/add/embeddable');
$I->canSeeResponseCodeIs(200);
$I->canSee('oEmbed URL');
$I->canSee('Embed Code');
}

/**
* Test site manager perms
*/
Expand Down
1 change: 1 addition & 0 deletions tests/codeception/acceptance/Users/RolesCest.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ public function testRolesExist(AcceptanceTester $I) {
$I->canSee('Site Builder');
$I->canSee('Site Developer');
$I->canSee('Administrator');
$I->canSee('Site Embedder');
}

/**
Expand Down