Add dedicated permission for tools

Created MR to add this functionality.
Attached is a patch file for composer based patching workflow.

Updated patch file.

Thanks for working on this. It looks great. I just wonder should we be making the permissions more granular, so that users could be given access to some functions but not all?

I have updated the MR with split permissions.
Through permissions you can now decide whether to give a user access to:
- clear caches
- run cron
- run updates (no extra permission added for this, since it is managed by core routing)

I don't think individual cache flush actions don't need their own specific permissions?

I have also added a specific `/admin/tools` route that just lists the children menu items. This is so the "Tools" heading in the navigation bar points to that page, instead of the frontpage. This also avoids the "Tools" menu being shown in the navigation toolbar, when a user does not have any of the new permissions assigned to them.

Attached also a .patch version of the full MR, for composer patch workflows.

Any chance to get this reviewed?

Sorry, will get reviewed today.

I've done some manual testing and this looks good to me.

Rebased to 1.1.x.

Merged into 1.1 branch. I will get a release out soon.

Hello,

In the update hook:

    if ($role->hasPermission('administer site configuration')) {
      $role->grantPermission('access navigation extra tools')->save();
    }

The permission "access navigation extra tools" does not exist.

The introduced permissions are:
- access navigation extra tools cache flushing
- access navigation extra tools cron

Thanks. I missed that, and somehow didn't notice there was an update hook.
I'll revise the hook to add the new permissions, though I'm in two minds about whether an update hook is needed at all. Will make sure to include in release notes so admins can adjust their permissions if required.
As a side note, I'm switching to object oriented hooks, but as far as I know, update hooks have to remain procedural (for now).

I've fixed the issue with the invalid permission being added.

I also noticed that the permission for the Tools menu was only the module's own permissions, but that wouldn't allow access to other functions such as run database updates, or devel menu options. I'm also aiming to have other options under the tools menu if other modules are enabled in future. For now I'm making the Tools menu available to anyone with access navigation permission. We can look at tightening that up in a follow up issue.

Also some improvements to tests.

Hello,

MR 23 is ok for me.

Merged !23.

Thanks for the followup, and sorry for the wrong permission logic.

Automatically closed - issue fixed for 2 weeks with no activity.