Add new Patternkit Administration Permission

Created on 9 February 2023, almost 2 years ago
Updated 13 December 2023, about 1 year ago

Problem/Motivation

When user role has permission 'access administration pages', they have access to the patternkit configuration forms. User needs the 'access administration pages' to view menu items/links with the admin toolbar that they have permission. Content authors may not need access to Patternkit configuration and site administrators or site builders may not want content authors to change patternkit configuration.

Steps to reproduce

  • Create a user role with 'access administration pages' and create user with this role
  • Authenticate as this new user
  • Navigate to /admin/config/user-interface/patternkit or /admin/config/user-interface/patternkit/json
  • Confirm access

Proposed resolution

Add new 'Administer Patternkit' permission to grant access to configuration forms and include update hook to grant permission for existing sites to user roles that have the current 'access administration pages' permission

Remaining tasks

  • Introduce new 'Administer Patternkit' permission to grant access to configuration forms
  • Update patternkit.settings, patternkit.settings.json_settings and patternkit.settings.media_library routes to use new permission
  • Use update hook to grant user roles with 'access administration pages' permission the new 'Administer Patternkit' permission to continue functionality for existing sites
  • Fix/Update any impacted tests as a result
  • Evaluate if other tests need 'access administration pages' permission
  • Add any new required tests

User interface changes

Add new permission

API changes

None

Data model changes

None

Feature request
Status

Fixed

Version

9.1

Component

Module Core

Created by

🇺🇸United States jasonawant New Orleans, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @jasonawant
  • 🇺🇸United States jasonawant New Orleans, USA
  • 🇺🇸United States jasonawant New Orleans, USA

    I've created a MR with changes to add this new permission. I've updated one the settings configuration form test within that MR.

    I've attached a patch file representing this MR. I'm not sure if tests are running in the gitlab MR.

  • Status changed to Needs review almost 2 years ago
  • 🇺🇸United States jasonawant New Orleans, USA

    I reviewed all the tests that make use of the 'access administration pages'. I think this permission can be removed from all tests.

    Here's another patch, not included in the MR, with additional changes and an interdiff to call out the changes. I just added this here for my convenience as these may not be directly related to this issue, but I wanted to raise awareness. Let me know what you'd like me to do with these additional changes if anything.

    here are a few notes about my observations with these additional changes.

    DefaultLayoutTest - fails with or without the 'access administration pages' permission with "Invalid permission administer node display." error. I think this is b/c it's missing a module that defines this permission, 'field_ui'. Also, I think this and other patternkit tests declare modules incorrectly as static protected $modules. This patch includes changes to DefaultLayoutTest.

    Running all the patternkit tests, these fail
    * PatternkitTest::testLayoutBuilderBlockPlacementUi: Invalid permission administer node display. Probably b/c of missing field_ui module that provides the permission and the static protected $modules usage as above.

    These failed for the same reason: "Failed asserting that two arrays are equal. This may be due to the environment I ran the tests
    Drupal\Tests\patternkit\Kernel\Asset\LibraryTest::testGetLibraries
    Drupal\Tests\patternkit\Kernel\Asset\LibraryTest::testBuildByExtension

    --- Expected
    +++ Actual
    @@ @@
         'plugin' => 'twig'
         'type' => 'directory'
         'data' => 'modules/contrib/patternkit/mo...it/src'
    -    'version' => '9.5.2'
    +    'version' => '9.1.0-beta6'
     )
  • 🇺🇸United States jasonawant New Orleans, USA

    The previous patch did not apply to latest beta release. Here's a skinny patch of just the permission, no tests.

  • 🇺🇸United States slucero Arkansas
  • Open in Jenkins → Open on Drupal.org →
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update about 1 year ago
    430 pass
  • Open in Jenkins → Open on Drupal.org →
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update about 1 year ago
    430 pass
  • 🇺🇸United States slucero Arkansas

    I've pushed some updates to the MR branch including all the updates from 9.1.x branch and some of the fixes mentioned in #5. The failing tests mentioned in that comment seem to be resolved from the incorporated updates.

    If this round of tests pass, I believe the only other step we'll need to complete is writing up a brief change record about the new permission.

  • 🇺🇸United States slucero Arkansas

    slucero changed the visibility of the branch 3340686-administer-patternkit-permission to hidden.

  • 🇺🇸United States slucero Arkansas

    slucero changed the visibility of the branch 3340686-administer-patternkit-permission to active.

  • Open in Jenkins → Open on Drupal.org →
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update about 1 year ago
    431 pass
  • 🇺🇸United States slucero Arkansas
  • Open in Jenkins → Open on Drupal.org →
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
    last update about 1 year ago
    431 pass
  • 🇮🇳India minsharm India

    Validated the confirmed and denied access to the patternkit setting page with or without new permission.

    Scenario 1:

    • Create a admin user role with new 'Administer Patternkit' permission.
    • Navigate to /admin/config/user-interface/patternkit or /admin/config/user-interface/patternkit/json
    • Confirm access.

    Results : Able to access the patternkit config pages.

    Scenario 2:

    • Create a content editor user role which will NOT have this new 'Administer Patternkit' permission.
    • Navigate to /admin/config/user-interface/patternkit or /admin/config/user-interface/patternkit/json
    • Confirm access.

    Results: Content authors is NOT able to access Patternkit config pages which is expected behaviour. As they may not need access to Patternkit configuration and site administrators or site builders may not want content authors to change patternkit configuration.

    Note : Both the above scenarios has been validated on both D9 as well as on D10

  • Status changed to Fixed about 1 year ago
  • 🇺🇸United States slucero Arkansas

    Merged for inclusion in the Beta 8 release.

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024