Merge branch 'feature/ISTWCMS-4632-lkmorlan-config-access' into '8.x-1.x'

ISTWCMS-4632: Config access See merge request !67

Merge branch 'feature/ISTWCMS-4632-lkmorlan-config-access' into '8.x-1.x'
dc3a5c8b · Kevin Paxman · ac0cdc42 · e1d43f51 · dc3a5c8b · dc3a5c8b
Commit dc3a5c8b authored 4 years ago by Kevin Paxman
--- a/config/install/user.role.uw_role_site_manager.yml
+++ b/config/install/user.role.uw_role_site_manager.yml
@@ -71,7 +71,6 @@ permissions:
  - 'delete any uw_ct_site_footer content'
  - 'delete any uw_ct_web_page content'
  - 'delete any uw_news_item content'
-  - 'delete orphan revisions'
  - 'delete own uw_ct_blog content'
  - 'delete own uw_ct_catalog_item content'
  - 'delete own uw_ct_event content'

--- a/config/install/user.role.uw_role_site_owner.yml
+++ b/config/install/user.role.uw_role_site_owner.yml
@@ -24,4 +24,3 @@ permissions:
  - 'can view my_dashboard dashboard'
  - 'create and edit custom blocks'
  - 'customize shortcut links'
-  - 'delete orphan revisions'
--- a/src/Access/UwNodeAccessCheck.php
+++ b/src/Access/UwNodeAccessCheck.php
@@ -55,6 +55,16 @@ class UwNodeAccessCheck implements AccessInterface {
      }
    }

+    // Role Expire config: admin/config/system/role-expire.
+    if ($route_name === 'role_expire.config') {
+      return $account->hasPermission('administer role expire configuration') ? AccessResult::allowed() : AccessResult::forbidden();
+    }
+
+    // Dashboard config: admin/config/dashboards/dashboardssettings.
+    if ($route_name === 'dashboards.dashboards_settings_form') {
+      return $account->hasPermission('access dashboard config') ? AccessResult::allowed() : AccessResult::forbidden();
+    }
+
    // Get the node object, which is in the route match variable.
    $node = $route_match->getParameter('node');


--- a/src/Routing/UwNodeAccessRouteSubscriber.php
+++ b/src/Routing/UwNodeAccessRouteSubscriber.php
@@ -16,12 +16,16 @@ class UwNodeAccessRouteSubscriber extends RouteSubscriberBase {
   */
  protected function alterRoutes(RouteCollection $collection) {
    $access_route_names = [
+      // Dashboard config: admin/config/dashboards/dashboardssettings.
+      'dashboards.dashboards_settings_form',
      // Node pages (/node/{nid}).
      'entity.node.canonical',
-      // Menu link edit pages.
-      'menu_ui.link_edit',
      // Node delete pages.
      'entity.node.delete_form',
+      // Menu link edit pages.
+      'menu_ui.link_edit',
+      // Role Expire config: admin/config/system/role-expire.
+      'role_expire.config',
    ];
    foreach ($access_route_names as $route_name) {
      if ($route = $collection->get($route_name)) {

--- a/uw_cfg_common.permissions.yml
+++ b/uw_cfg_common.permissions.yml
 'access content access form':
  title: 'Access content access form'
  description: 'Allows access to the content access form.'
+'access dashboard config':
+  title: 'Access dashboard configuration'
+  description: 'Allows access to admin/config/dashboards/dashboardssettings.'
+'administer role expire configuration':
+  title: 'Administer role expire configuration'
+  description: 'Allows access to admin/config/system/role-expire.'
+  restrict access: true
 'bypass home page protection':
  title: 'Bypass home page protection'
  description: 'Allows taking actions that are not normally allowed for the home page, such as unpublishing.'