From 39e6a0783d899b92c56bb20ee0f04dc192c14447 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Wed, 24 Mar 2021 22:25:08 +0200 Subject: [PATCH 01/25] ISAICP-6194: Test that no superfluous notifications are sent out when a collection containing a discussion with subscribers is deleted. --- ...fication.post_moderated.discussion.feature | 36 ++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/tests/features/community_content/notification.post_moderated.discussion.feature b/tests/features/community_content/notification.post_moderated.discussion.feature index 8b939baa8b..6519cc488c 100644 --- a/tests/features/community_content/notification.post_moderated.discussion.feature +++ b/tests/features/community_content/notification.post_moderated.discussion.feature @@ -112,4 +112,38 @@ Feature: Notification test for the discussion transitions on a post moderated pa Examples: | moderation | roles | | no | | - | yes | author | \ No newline at end of file + | yes | author | + + Scenario: No notifications should be sent when a discussion is orphaned + Given collections: + | title | state | + | Event Horizon Telescope | validated | + And discussion content: + | title | collection | state | + | How do the jets fire into space? | Event Horizon Telescope | validated | + And users: + | Username | + | Lindsey McCray | + | Cambria Falconer | + | Monroe Fearchar | + And collection user memberships: + | collection | user | roles | + | Event Horizon Telescope | Lindsey McCray | owner, facilitator | + And discussion subscriptions: + | username | title | + | Cambria Falconer | How do the jets fire into space? | + And comments: + | message | author | parent | + | Huge magnetic fields | Monroe Fearchar | How do the jets fire into space? | + + When all e-mails have been sent + And I am logged in as a moderator + And I go to the homepage of the "Event Horizon Telescope" collection + And I click "Edit" in the "Entity actions" region + And I click "Delete" + And I press "Delete" + Then the following email should have been sent: + | recipient | Lindsey McCray | + | subject | Joinup: Your collection has been deleted by the moderation team | + | body | The Joinup moderation team deleted the collection Event Horizon Telescope | + And 1 e-mail should have been sent From 008e2fe4b6b60067d06c2b1ac32f3d4946b5935f Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Wed, 24 Mar 2021 22:27:53 +0200 Subject: [PATCH 02/25] ISAICP-6194: Fix 'argument 3 must be of the type array, null given' when viewing unsaved content. --- .../src/CommunityContentWorkflowAccessControlHandler.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php b/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php index bc9737fa24..fc1ef28acd 100644 --- a/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php +++ b/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php @@ -199,12 +199,13 @@ protected function entityViewAccess(CommunityContentInterface $content, AccountI $view_scheme = $this->getPermissionScheme('view'); $workflow_id = $content->getWorkflow()->getId(); $state = $content->getWorkflowState(); + $roles = $view_scheme[$workflow_id][$state] ?? []; // @todo Shouldn't we return AccessResult::neutral() instead of // AccessResult::allowed() and only AccessResult::forbidden() should have // cacheable metadata? Neutral means we don't make any opinion but the // default view access on node is to allow. // @see https://citnet.tech.ec.europa.eu/CITnet/jira/browse/ISAICP-6007 - $result = $this->workflowHelper->userHasOwnAnyRoles($content, $account, $view_scheme[$workflow_id][$state]) ? AccessResult::allowed() : AccessResult::forbidden(); + $result = !empty($roles) && $this->workflowHelper->userHasOwnAnyRoles($content, $account, $roles) ? AccessResult::allowed() : AccessResult::forbidden(); return $result->addCacheableDependency($content); } From 46c4bafd0ac8b59ebaf67016f4a1abaa6e045878 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Wed, 24 Mar 2021 22:29:14 +0200 Subject: [PATCH 03/25] ISAICP-6194: Provide a more descriptive interface when we know we are dealing with discussions. --- .../joinup_discussion/src/DiscussionObserver.php | 3 ++- .../src/Event/DiscussionEventBase.php | 12 ++++++------ .../src/Event/DiscussionUpdateEvent.php | 6 +++--- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/web/modules/custom/joinup_discussion/src/DiscussionObserver.php b/web/modules/custom/joinup_discussion/src/DiscussionObserver.php index de10c4d1e7..cc4149a125 100644 --- a/web/modules/custom/joinup_discussion/src/DiscussionObserver.php +++ b/web/modules/custom/joinup_discussion/src/DiscussionObserver.php @@ -6,6 +6,7 @@ use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher; use Drupal\changed_fields\ObserverInterface; +use Drupal\joinup_discussion\Entity\DiscussionInterface; use Drupal\joinup_discussion\Event\DiscussionEvents; use Drupal\joinup_discussion\Event\DiscussionUpdateEvent; @@ -61,7 +62,7 @@ public function update(\SplSubject $entity_subject): void { $changed_fields = $entity_subject->getChangedFields(); // Dispatch the update event only if there are changes of relevant fields // and the discussion is in the 'validated' state. - if ($changed_fields && $discussion->get('field_state')->value === 'validated') { + if ($discussion instanceof DiscussionInterface && $changed_fields && $discussion->get('field_state')->value === 'validated') { $event = new DiscussionUpdateEvent($discussion, $changed_fields); $this->eventDispatcher->dispatch(DiscussionEvents::UPDATE, $event); } diff --git a/web/modules/custom/joinup_discussion/src/Event/DiscussionEventBase.php b/web/modules/custom/joinup_discussion/src/Event/DiscussionEventBase.php index 9aef2ac1f4..f99e78ae3c 100644 --- a/web/modules/custom/joinup_discussion/src/Event/DiscussionEventBase.php +++ b/web/modules/custom/joinup_discussion/src/Event/DiscussionEventBase.php @@ -4,7 +4,7 @@ namespace Drupal\joinup_discussion\Event; -use Drupal\node\NodeInterface; +use Drupal\joinup_discussion\Entity\DiscussionInterface; use Symfony\Component\EventDispatcher\Event; /** @@ -15,27 +15,27 @@ abstract class DiscussionEventBase extends Event { /** * The discussion node. * - * @var \Drupal\node\NodeInterface + * @var \Drupal\joinup_discussion\Entity\DiscussionInterface */ protected $node; /** * Creates a new discussion event object. * - * @param \Drupal\node\NodeInterface $node + * @param \Drupal\joinup_discussion\Entity\DiscussionInterface $node * The discussion node subject of event. */ - public function __construct(NodeInterface $node) { + public function __construct(DiscussionInterface $node) { $this->node = $node; } /** * Returns the discussion node. * - * @return \Drupal\node\NodeInterface + * @return \Drupal\joinup_discussion\Entity\DiscussionInterface * The discussion node. */ - public function getNode(): NodeInterface { + public function getNode(): DiscussionInterface { return $this->node; } diff --git a/web/modules/custom/joinup_discussion/src/Event/DiscussionUpdateEvent.php b/web/modules/custom/joinup_discussion/src/Event/DiscussionUpdateEvent.php index 55b6942dd8..8675d2c9fc 100644 --- a/web/modules/custom/joinup_discussion/src/Event/DiscussionUpdateEvent.php +++ b/web/modules/custom/joinup_discussion/src/Event/DiscussionUpdateEvent.php @@ -4,7 +4,7 @@ namespace Drupal\joinup_discussion\Event; -use Drupal\node\NodeInterface; +use Drupal\joinup_discussion\Entity\DiscussionInterface; /** * An event to fire whenever a discussion is updated. @@ -21,12 +21,12 @@ class DiscussionUpdateEvent extends DiscussionEventBase { /** * Creates a new discussion event object. * - * @param \Drupal\node\NodeInterface $node + * @param \Drupal\joinup_discussion\Entity\DiscussionInterface $node * The discussion node subject of event. * @param array $changed_fields * A list of changed fields, keyed by field name. */ - public function __construct(NodeInterface $node, array $changed_fields) { + public function __construct(DiscussionInterface $node, array $changed_fields) { parent::__construct($node); $this->changedFields = $changed_fields; } From 7874dc8035cebef060194f8f8fab27e0e700c79b Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Wed, 24 Mar 2021 22:29:50 +0200 Subject: [PATCH 04/25] ISAICP-6194: Do not send out notifications when orphaned discussions are deleted. --- .../EventSubscriber/SubscribedDiscussionSubscriber.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/web/modules/custom/joinup_discussion/src/EventSubscriber/SubscribedDiscussionSubscriber.php b/web/modules/custom/joinup_discussion/src/EventSubscriber/SubscribedDiscussionSubscriber.php index 3b6a6e3cb9..d09737204a 100644 --- a/web/modules/custom/joinup_discussion/src/EventSubscriber/SubscribedDiscussionSubscriber.php +++ b/web/modules/custom/joinup_discussion/src/EventSubscriber/SubscribedDiscussionSubscriber.php @@ -14,6 +14,7 @@ use Drupal\joinup_discussion\Event\DiscussionDeleteEvent; use Drupal\joinup_discussion\Event\DiscussionEvents; use Drupal\joinup_discussion\Event\DiscussionUpdateEvent; +use Drupal\joinup_group\Exception\MissingGroupException; use Drupal\joinup_notification\JoinupMessageDeliveryInterface; use Drupal\joinup_notification\MessageArgumentGenerator; use Drupal\joinup_subscription\JoinupDiscussionSubscriptionInterface; @@ -127,6 +128,14 @@ public function notifyOnDiscussionDeletion(DiscussionDeleteEvent $event): void { return; } + // Don't send out notifications for orphaned discussions. + try { + $discussion->getGroup(); + } + catch (MissingGroupException $e) { + return; + } + $this->sendMessage($discussion, 'discussion_delete'); } From 581322c306c4670f37e15ea1c65fe1e658e8af07 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Thu, 25 Mar 2021 11:54:48 +0200 Subject: [PATCH 05/25] ISAICP-6194: Fix typo. --- tests/features/collection/notification.collection.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/features/collection/notification.collection.feature b/tests/features/collection/notification.collection.feature index 2ce284d4d4..c20eab6379 100644 --- a/tests/features/collection/notification.collection.feature +++ b/tests/features/collection/notification.collection.feature @@ -2,7 +2,7 @@ Feature: Notification test for the collection transitions. In order to manage my collections As an user that is related to the collection - I want to receive a notification an event occurs. + I want to receive a notification when an event occurs Scenario: Notifications should be sent whenever an event is occurring related to a collection. Given the following owner: From a3fa1f400f3bf3a02e9da1315b9672e0a006dfa0 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Thu, 25 Mar 2021 12:06:12 +0200 Subject: [PATCH 06/25] ISAICP-6222: Not all scenarios in this feature send out email. --- .../collection/collection.member_administration.feature | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/features/collection/collection.member_administration.feature b/tests/features/collection/collection.member_administration.feature index 48f3cf0529..aa4ede7193 100644 --- a/tests/features/collection/collection.member_administration.feature +++ b/tests/features/collection/collection.member_administration.feature @@ -1,4 +1,4 @@ -@api @email @group-a @terms +@api @group-a @terms Feature: Collection membership administration In order to build a community As a collection facilitator @@ -37,6 +37,7 @@ Feature: Collection membership administration Then I should see the button "Apply to selected items" in the "Members admin form header" region But I should not see the button "Apply to selected items" in the "Members admin form actions" region + @email Scenario: Request a membership When I am logged in as "Donald Duck" And all e-mails have been sent @@ -54,6 +55,7 @@ Feature: Collection membership administration | subject | Joinup: A user has requested to join your collection | | body | Donald Duck has requested to join your collection "Medical diagnosis" as a member. | + @email Scenario: Approve a membership # Check that a member with pending state does not have access to add new content. Given I am logged in as "Kathie Cumbershot" From 624447c72bf6059627e2679ab6093b65645d9562 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Thu, 25 Mar 2021 12:47:50 +0200 Subject: [PATCH 07/25] ISAICP-6222: Fix typo. --- tests/features/solution/related_solution.feature | 2 +- .../features/solution/solution.member_administration.feature | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/features/solution/related_solution.feature b/tests/features/solution/related_solution.feature index 3e4b8b8abb..3b2d6d4a26 100644 --- a/tests/features/solution/related_solution.feature +++ b/tests/features/solution/related_solution.feature @@ -12,7 +12,7 @@ Feature: Related solution | Kalikatoures | Company, Industry consortium | And solutions: | title | related solutions | description | documentation | related by type | moderation | logo | banner | policy domain | state | solution type | owner | contact information | - | C | | Blazing fast segmetation faults. | text.pdf | yes | no | logo.png | banner.jpg | Demography | validated | | Kalikatoures | Kalikatoura | + | C | | Blazing fast segmentation faults. | text.pdf | yes | no | logo.png | banner.jpg | Demography | validated | | Kalikatoures | Kalikatoura | | Java | C | Because inheritance is cool. | text.pdf | yes | no | logo.png | banner.jpg | Demography | validated | Citizen | Kalikatoures | Kalikatoura | | PHP | | Make a site. | text.pdf | yes | yes | logo.png | banner.jpg | Demography | validated | Citizen | Kalikatoures | Kalikatoura | | Golang | | Concurrency for the masses | text.pdf | yes | yes | logo.png | banner.jpg | Demography | proposed | Citizen | Kalikatoures | Kalikatoura | diff --git a/tests/features/solution/solution.member_administration.feature b/tests/features/solution/solution.member_administration.feature index 2957c550f2..fbf5f08e89 100644 --- a/tests/features/solution/solution.member_administration.feature +++ b/tests/features/solution/solution.member_administration.feature @@ -17,8 +17,8 @@ Feature: Solution membership administration | Guadalupe Norman | | guadalupe_norman@example.com | Guadalupe | Norman | | Marcia Garcia | | marcia_garcia@example.com | Marcia | Garcia | And the following solutions: - | title | related solutions | description | documentation | moderation | logo | banner | policy domain | state | solution type | owner | contact information | - | The Missing Sons | | Blazing fast segmetation faults. | text.pdf | no | logo.png | banner.jpg | Demography | validated | | James Wilson the 2nd | Princeton-Plainsboro Teaching University | + | title | related solutions | description | documentation | moderation | logo | banner | policy domain | state | solution type | owner | contact information | + | The Missing Sons | | Blazing fast segmentation faults. | text.pdf | no | logo.png | banner.jpg | Demography | validated | | James Wilson the 2nd | Princeton-Plainsboro Teaching University | And the following solution user memberships: | solution | user | roles | | The Missing Sons | Guadalupe Norman | facilitator | From 4b68fec3cc749d8b1aa7377a9cfe7ee9dc99649d Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Thu, 25 Mar 2021 13:40:42 +0200 Subject: [PATCH 08/25] ISAICP-6222: Create the skeleton of the member permissions information table. --- .../solution.member_administration.feature | 16 ++++++++++ tests/src/Context/JoinupGroupContext.php | 17 ++++++++++ .../joinup_group/joinup_group.routing.yml | 15 +++++++++ ...ershipPermissionsInformationController.php | 32 +++++++++++++++++++ 4 files changed, 80 insertions(+) create mode 100644 web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php diff --git a/tests/features/solution/solution.member_administration.feature b/tests/features/solution/solution.member_administration.feature index fbf5f08e89..505c95f4dd 100644 --- a/tests/features/solution/solution.member_administration.feature +++ b/tests/features/solution/solution.member_administration.feature @@ -144,3 +144,19 @@ Feature: Solution membership administration And I should see the link "Invite members" When I click "Invite members" Then I should see the heading "Invite members" + + # The permissions table should not be accessible for non-public solutions. + Scenario: Access the membership permissions information table + Given the following solutions: + | title | state | + | The Draft Sons | draft | + | The Proposed Sons | proposed | + | The Sons of Darkness | blacklisted | + When I go to the member permissions table of "The Draft Sons" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "The Proposed Sons" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "The Sons of Darkness" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "The Missing Sons" + Then I should see the heading "Member permissions" diff --git a/tests/src/Context/JoinupGroupContext.php b/tests/src/Context/JoinupGroupContext.php index 6660e20cfd..8590a6c6cd 100644 --- a/tests/src/Context/JoinupGroupContext.php +++ b/tests/src/Context/JoinupGroupContext.php @@ -5,6 +5,7 @@ namespace Drupal\joinup\Context; use Behat\Mink\Exception\ElementNotFoundException; +use Drupal\Core\Url; use Drupal\DrupalExtension\Context\RawDrupalContext; use Drupal\joinup\Traits\NodeTrait; use Drupal\joinup\Traits\RdfEntityTrait; @@ -19,6 +20,22 @@ class JoinupGroupContext extends RawDrupalContext { use NodeTrait; use RdfEntityTrait; + /** + * Navigates to the membership permissions table of the given group. + * + * @param string $label + * The name of the group. + * + * @When I go to the member(ship) permissions table of :label + */ + public function visitMembershipPermissionsTable(string $label): void { + $group = $this->getRdfEntityByLabel($label); + $url = Url::fromRoute('joinup_group.membership_permissions_info', [ + 'rdf_entity' => $group->id(), + ]); + $this->visitPath($url->toString()); + } + /** * Checks if the given node belongs to the given group. * diff --git a/web/modules/custom/joinup_group/joinup_group.routing.yml b/web/modules/custom/joinup_group/joinup_group.routing.yml index 1bbedae870..070a6a936c 100644 --- a/web/modules/custom/joinup_group/joinup_group.routing.yml +++ b/web/modules/custom/joinup_group/joinup_group.routing.yml @@ -36,6 +36,21 @@ joinup_group.membership_delete_action.confirm: requirements: _custom_access: 'Drupal\joinup_group\Form\DeleteGroupMembershipConfirmForm::access' +joinup_group.membership_permissions_info: + path: '/rdf_entity/{rdf_entity}/permissions-info' + defaults: + _title: 'Member permissions' + _controller: '\Drupal\joinup_group\Controller\GroupMembershipPermissionsInformationController::build' + requirements: + _entity_access: 'rdf_entity.view' + options: + parameters: + rdf_entity: + type: entity:rdf_entity + bundle: + - collection + - solution + joinup_group.reports: path: '/rdf_entity/{rdf_entity}/reports' defaults: diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php new file mode 100644 index 0000000000..e75d310ccb --- /dev/null +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -0,0 +1,32 @@ + 'item', + '#markup' => $this->t('The dragon swooped once more lower than ever, and as he turned and dived down his belly glittered white with sparkling fires of gems in the moon.'), + ]; + + return $build; + } + +} From 5a8dfc724b790bc7bc99dd1984c53a58949728ea Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Thu, 25 Mar 2021 18:27:32 +0200 Subject: [PATCH 09/25] ISAICP-6222: Show a link on the members page that opens the member permissions in a modal. --- .../custom/joinup_group/joinup_group.module | 20 +++++++++++++++++++ web/themes/joinup/joinup_theme.theme | 14 +++++++++++++ web/themes/joinup/scss/components/_form.scss | 9 +++++++++ ...xposed-form--og-members-overview.html.twig | 5 ++++- 4 files changed, 47 insertions(+), 1 deletion(-) diff --git a/web/modules/custom/joinup_group/joinup_group.module b/web/modules/custom/joinup_group/joinup_group.module index 865be1c255..1c4ec02bc6 100644 --- a/web/modules/custom/joinup_group/joinup_group.module +++ b/web/modules/custom/joinup_group/joinup_group.module @@ -437,6 +437,26 @@ function joinup_group_form_views_exposed_form_alter(&$form, FormStateInterface $ $form['roles_target_id']['#options'][$key] = "$option_text ($count)"; } } + + // Insert a link to the table showing member permissions. + $url = Url::fromRoute('joinup_group.membership_permissions_info', [ + 'rdf_entity' => $group->id(), + ]); + $form['member_permissions_link'] = [ + '#type' => 'link', + '#title' => t('Member permissions'), + '#url' => $url, + '#attributes' => [ + 'class' => ['use-ajax'], + 'data-dialog-type' => 'modal', + 'data-dialog-options' => Json::encode([ + 'width' => 'auto', + 'height' => 'auto', + ]), + ], + '#access' => $url->access(), + '#attached' => ['library' => ['core/drupal.dialog.ajax']], + ]; } /** diff --git a/web/themes/joinup/joinup_theme.theme b/web/themes/joinup/joinup_theme.theme index 1893a8d47a..40367ebe28 100644 --- a/web/themes/joinup/joinup_theme.theme +++ b/web/themes/joinup/joinup_theme.theme @@ -766,6 +766,20 @@ function joinup_theme_preprocess_field_multiple_value_form(&$variables) { } } +/** + * Implements hook_preprocess_HOOK() for views-exposed-form.html.twig. + */ +function joinup_theme_preprocess_views_exposed_form__og_members_overview(&$variables) { + // Append a help icon to the member permissions link on the members page. + if (!empty($variables['form']['member_permissions_link']['#title'])) { + $link = &$variables['form']['member_permissions_link']; + $title = $link['#title']; + $link['#title'] = [ + '#markup' => $title . ' ', + ]; + } +} + /** * Implements hook_preprocess_HOOK() for field--comma-separated.html.twig. */ diff --git a/web/themes/joinup/scss/components/_form.scss b/web/themes/joinup/scss/components/_form.scss index 8e8017d153..86497b91c0 100644 --- a/web/themes/joinup/scss/components/_form.scss +++ b/web/themes/joinup/scss/components/_form.scss @@ -169,6 +169,15 @@ } // Styling for members overview +.views-exposed-form { + .form__content { + .listing__item--membership-permissions { + display: flex; + justify-content: end; + align-self: center; + } + } +} .form__member-actions { .form-wrapper { .form-item, diff --git a/web/themes/joinup/templates/form/views-exposed-form--og-members-overview.html.twig b/web/themes/joinup/templates/form/views-exposed-form--og-members-overview.html.twig index 7b47d5aaed..b8c2fabd69 100644 --- a/web/themes/joinup/templates/form/views-exposed-form--og-members-overview.html.twig +++ b/web/themes/joinup/templates/form/views-exposed-form--og-members-overview.html.twig @@ -23,8 +23,11 @@
{{ form.actions }}
+
+ {{ form.member_permissions_link }} +
- {{ form|without('roles_target_id', 'combine', 'actions') }} + {{ form|without('roles_target_id', 'combine', 'actions', 'member_permissions_link') }} From ab311c38c66d212639e24cf8efa448705e932ffa Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Thu, 25 Mar 2021 18:28:25 +0200 Subject: [PATCH 10/25] ISAICP-6222: Provide a button to easily close the member permissions dialog. --- ...bershipPermissionsInformationController.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index e75d310ccb..4a0004bcde 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -5,6 +5,8 @@ namespace Drupal\joinup_group\Controller; use Drupal\Core\Controller\ControllerBase; +use Drupal\Core\Url; +use Drupal\joinup_group\Entity\GroupInterface; /** * Page controller for the member permissions information table. @@ -17,15 +19,29 @@ class GroupMembershipPermissionsInformationController extends ControllerBase { /** * Builds the table that shows information about member permissions. * + * @param \Drupal\joinup_group\Entity\GroupInterface $rdf_entity + * The group for which the membership permission information is rendered. + * * @return array * A render array containing the table. */ - public function build(): array { + public function build(GroupInterface $rdf_entity): array { $build['content'] = [ '#type' => 'item', '#markup' => $this->t('The dragon swooped once more lower than ever, and as he turned and dived down his belly glittered white with sparkling fires of gems in the moon.'), ]; + $build['close'] = [ + '#type' => 'link', + '#title' => t('Got it'), + '#url' => Url::fromRoute('entity.rdf_entity.member_overview', [ + 'rdf_entity' => $rdf_entity->id(), + ]), + '#attributes' => [ + 'class' => ['dialog-cancel', 'button--blue', 'button-inline', 'mdl-button', 'mdl-button--accent', 'mdl-button--accent', 'mdl-button--raised'], + ], + ]; + return $build; } From d7a29360452ed900cadc0b34a9f9236f2831ac7b Mon Sep 17 00:00:00 2001 From: Pieter Frenssen Date: Fri, 26 Mar 2021 14:29:24 +0200 Subject: [PATCH 11/25] ISAICP-6222: Provide a step to navigate to the members page of a group. --- .../collection.member_administration.feature | 18 ++++------ .../collection.member_count.feature | 3 +- ...llection.member_overview_filtering.feature | 10 +++--- tests/features/collection/join-leave.feature | 3 +- .../joinup_collection/membership.feature | 10 +++--- .../joinup_core/owner_deletion.feature | 3 +- .../transfer_group_ownership.feature | 19 ++++------- .../solution.member_administration.feature | 33 +++++++------------ ...solution.member_overview_filtering.feature | 6 ++-- tests/src/Context/JoinupGroupContext.php | 17 ++++++++++ 10 files changed, 55 insertions(+), 67 deletions(-) diff --git a/tests/features/collection/collection.member_administration.feature b/tests/features/collection/collection.member_administration.feature index aa4ede7193..964d4dc3fe 100644 --- a/tests/features/collection/collection.member_administration.feature +++ b/tests/features/collection/collection.member_administration.feature @@ -31,9 +31,8 @@ Feature: Collection membership administration | Medical diagnosis | Kathie Cumbershot | | pending | Scenario: Only one instance of the "Apply to selected items" should exist. - When I am logged in as a moderator - And I go to the "Medical diagnosis" collection - And I click "Members" in the "Left sidebar" + Given I am logged in as a moderator + And I am on the members page of "Medical diagnosis" Then I should see the button "Apply to selected items" in the "Members admin form header" region But I should not see the button "Apply to selected items" in the "Members admin form actions" region @@ -65,15 +64,13 @@ Feature: Collection membership administration # Check that the facilitator can also see the approve action. Given I am logged in as "Turkey Ham" - And I go to the "Medical diagnosis" collection - Then I click "Members" in the "Left sidebar" + And I am on the members page of "Medical diagnosis" Then I select "Approve the pending membership(s)" from "Action" # Approve a membership. Given I am logged in as "Lisa Cuddy" - When all e-mails have been sent - And I go to the "Medical diagnosis" collection - And I click "Members" in the "Left sidebar" + And all e-mails have been sent + And I am on the members page of "Medical diagnosis" Then the "Action" select should contain the following options: | Approve the pending membership(s) | | Block the selected membership(s) | @@ -147,10 +144,9 @@ Feature: Collection membership administration @email Scenario: Reject a membership - When I am logged in as "Lisa Cuddy" + Given I am logged in as "Lisa Cuddy" And all e-mails have been sent - And I go to the "Medical diagnosis" collection - Then I click "Members" in the "Left sidebar" + And I am on the members page of "Medical diagnosis" # Assert that the user does not see the default OG tab. Then I should not see the link "Group" And I check the box "Update the member Kathie Cumbershot" diff --git a/tests/features/collection/collection.member_count.feature b/tests/features/collection/collection.member_count.feature index ba61e7ab90..4100d0a9d0 100644 --- a/tests/features/collection/collection.member_count.feature +++ b/tests/features/collection/collection.member_count.feature @@ -62,8 +62,7 @@ Feature: Collection homepage # Approve the membership. Given I am logged in as "Thorin" - And I go to the "Exactly the same collection, but closed" collection - And I click "Members" in the "Left sidebar" + And I am on the members page of "Exactly the same collection, but closed" # Assert that the user does not see the default OG tab. Then I should not see the link "Group" And I check the box "Update the member Some goblin" diff --git a/tests/features/collection/collection.member_overview_filtering.feature b/tests/features/collection/collection.member_overview_filtering.feature index 54495d99bb..a8331ad960 100644 --- a/tests/features/collection/collection.member_overview_filtering.feature +++ b/tests/features/collection/collection.member_overview_filtering.feature @@ -29,8 +29,7 @@ Feature: Type something to filter the listing the member list Scenario Outline: All users are allowed to filter the users by a combined search field and the role. Given I am logged in as "" - When I go to the homepage of the "Coffee makers" collection - And I click "Members" in the "Left sidebar" + And I am on the members page of "Coffee makers" Then the following fields should be present "Type something to filter the list, Roles" Examples: @@ -42,10 +41,9 @@ Feature: Type something to filter the listing the member list | queenson | Scenario: Moderators should be able to filter users in the table in the collection members page. - When I am logged in as "séamusline" - And I go to the homepage of the "Coffee makers" collection - And I click "Members" in the "Left sidebar" - And I fill in "Type something to filter the list" with "bro" + Given I am logged in as "séamusline" + And I am on the members page of "Coffee makers" + When I fill in "Type something to filter the list" with "bro" And I press "Apply" Then the "member administration" table should contain the following columns: diff --git a/tests/features/collection/join-leave.feature b/tests/features/collection/join-leave.feature index 9312ba8865..a4e80f00af 100644 --- a/tests/features/collection/join-leave.feature +++ b/tests/features/collection/join-leave.feature @@ -119,8 +119,7 @@ Feature: Joining and leaving collections through the web interface Then I should see the text "You are owner of this collection. Before you leave this collection, you should transfer the ownership to another member." And I should not see the button "Confirm" - When I go to the homepage of the "Insectarium" collection - And I click "Members" + When I go to the members page of "Insectarium" And I select the "newcomer researcher" row And I select "Transfer the ownership of the collection to the selected member" from "Action" And I press "Apply to selected items" diff --git a/tests/features/joinup_collection/membership.feature b/tests/features/joinup_collection/membership.feature index 4bda3e8fa8..0c1f851899 100644 --- a/tests/features/joinup_collection/membership.feature +++ b/tests/features/joinup_collection/membership.feature @@ -36,12 +36,11 @@ Feature: Tests membership to Joinup collection. And user "jane" is member of "Joinup" collection Given I am logged in as a user with the moderator role - And I go to the homepage of the "An arbitrary collection" collection - And I click "Members" - And I check "edit-og-membership-bulk-form-0" + And I am on the members page of "An arbitrary collection" + When I check "edit-og-membership-bulk-form-0" And I select "Delete the selected membership(s)" from "Action" - When I press "Apply to selected items" + And I press "Apply to selected items" Then I should see the heading "Are you sure you want to delete the selected membership from the 'An arbitrary collection' collection?" And I should see "The member joe will be deleted from the 'An arbitrary collection' collection." And I should see "This action cannot be undone." @@ -49,6 +48,5 @@ Feature: Tests membership to Joinup collection. When I press "Confirm" Then I should see the success message "The member joe has been deleted from the 'An arbitrary collection' collection." - Given I go to the homepage of the "Joinup" collection - And I click "Members" + Given I am on the members page of "Joinup" Then the available options in the "Action" select should not include the "Delete the selected membership(s)" options diff --git a/tests/features/joinup_core/owner_deletion.feature b/tests/features/joinup_core/owner_deletion.feature index b8aff758e3..efbc36c9af 100644 --- a/tests/features/joinup_core/owner_deletion.feature +++ b/tests/features/joinup_core/owner_deletion.feature @@ -20,8 +20,7 @@ Feature: Deletion of collection and solution owners | An owned group | Group owner 2 | owner | | An owned group | Group member | | And I am logged in as "Site moderator" - And I go to the homepage of the "An owned group" - And I click "Members" + And I am on the members page of "An owned group" And I select the "Group owner 1" row And I select the "Group owner 2" row diff --git a/tests/features/joinup_core/transfer_group_ownership.feature b/tests/features/joinup_core/transfer_group_ownership.feature index 47af993a58..eb6e92d211 100644 --- a/tests/features/joinup_core/transfer_group_ownership.feature +++ b/tests/features/joinup_core/transfer_group_ownership.feature @@ -34,8 +34,7 @@ Feature: As a group (collection or solution) owner or site moderator @email Scenario Outline: Administrators, moderators and owners can transfer the group ownership. Given I am logged in as "" - And I go to the homepage of the "" <type> - And I click "Members" + And I am on the members page of "<title>" # Try to transfer the ownership to the current owner. Given I select the "cruel" row @@ -97,8 +96,7 @@ Feature: As a group (collection or solution) owner or site moderator Scenario Outline: Group facilitators do not have access to transfer ownership. Given I am logged in as "shy" - And I go to the homepage of the "<title>" <type> - Given I click "Members" + And I am on the members page of "<title>" Then the available options in the "Action" select should not include the "Transfer the ownership of the <type> to the selected member" options Examples: @@ -124,24 +122,21 @@ Feature: As a group (collection or solution) owner or site moderator | Rivers Of Babylon | shy | facilitator | Given I am logged in as "shy" - And I go to the homepage of the "Rivers Of Babylon" solution - Given I click "Members" + And I am on the members page of "Rivers Of Babylon" Then the available options in the "Action" select should not include the "Transfer the ownership of the solution to the selected member" options Given I am logged in as "loner" - And I go to the homepage of the "Babylon" collection - Given I click "Members" + And I am on the members page of "Babylon" Then the available options in the "Action" select should not include the "Transfer the ownership of the solution to the selected member" options # In Joinup every owner is also a facilitator, so if a normal member is # promoted to owner, they should also become a facilitator. Scenario Outline: If ownership is transferred to a normal member, it should also include the facilitator role Given I am logged in as "light" - And I go to the homepage of the "<title>" <group type> - And I click "Members" - And I select the "loner" row + And I am on the members page of "<title>" + When I select the "loner" row And I select "Transfer the ownership of the <group type> to the selected member" from "Action" - When I press "Apply to selected items" + And I press "Apply to selected items" Then I should see "Are you sure you want to transfer the ownership of <title> <group type> to Freyja Stefánsdóttir?" When I press "Confirm" Then I should see "Ownership of <title> <group type> transferred from users Finnur Robertsson, Edda Agnarsdóttir to Freyja Stefánsdóttir." diff --git a/tests/features/solution/solution.member_administration.feature b/tests/features/solution/solution.member_administration.feature index 505c95f4dd..ac9b589b55 100644 --- a/tests/features/solution/solution.member_administration.feature +++ b/tests/features/solution/solution.member_administration.feature @@ -26,23 +26,19 @@ Feature: Solution membership administration Scenario: Only privileged members should be able to add members When I am not logged in - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should not see the link "Add members" When I am logged in as an authenticated - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should not see the link "Add members" When I am logged in as "Marcia Garcia" - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should not see the link "Add members" When I am logged in as "Guadalupe Norman" - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should see the link "Add members" # Add a facilitator. @@ -59,8 +55,7 @@ Feature: Solution membership administration # Try new privileges. When I am logged in as "Marcia Garcia" - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should see the link "Add members" When I click "Add members" Then I should see the heading "Add members" @@ -68,8 +63,7 @@ Feature: Solution membership administration @email Scenario: Assign and remove new role to a member When I am logged in as "Guadalupe Norman" - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should see the link "Add members" Then I check the box "Update the member Marcia Garcia" Then I select "Add the facilitator role to the selected members" from "Action" @@ -100,23 +94,19 @@ Feature: Solution membership administration | dwightone | dwight1@example.com | Christian | Dwight | When I am not logged in - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should not see the link "Invite members" When I am logged in as an authenticated - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should not see the link "Invite members" When I am logged in as "dwightone" - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should not see the link "Invite members" When I am logged in as "Guadalupe Norman" - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should see the link "Invite members" When I click "Invite members" Then I should see the heading "Invite members" @@ -138,8 +128,7 @@ Feature: Solution membership administration # Accept the invitation directly. When I am logged in as "dwightone" And I accept the invitation for the "The Missing Sons" solution group - And I go to the "The Missing Sons" solution - And I click "Members" in the "Left sidebar" + And I go to the members page of "The Missing Sons" Then I should see the link "Add members" And I should see the link "Invite members" When I click "Invite members" diff --git a/tests/features/solution/solution.member_overview_filtering.feature b/tests/features/solution/solution.member_overview_filtering.feature index a6785b5bbf..945db5a111 100644 --- a/tests/features/solution/solution.member_overview_filtering.feature +++ b/tests/features/solution/solution.member_overview_filtering.feature @@ -32,8 +32,7 @@ Feature: Type something to filter the listing the member list Scenario Outline: Only moderators are allowed to filter users in the solution members page. Given I am logged in as "<user>" - When I go to the homepage of the "Coffee grinders" solution - And I click "Members" in the "Left sidebar" + When I go to the members page of "Coffee grinders" But the following fields should be present "Type something to filter the list, Roles" Examples: @@ -46,8 +45,7 @@ Feature: Type something to filter the listing the member list Scenario: Privileged members should be able to filter users in the solutions members page. Given I am logged in as "sludge" - When I go to the homepage of the "Coffee grinders" solution - And I click "Members" in the "Left sidebar" + When I go to the members page of "Coffee grinders" And I fill in "Type something to filter the list" with "right" And I press "Apply" And I should see the link "Jack Cartwright" diff --git a/tests/src/Context/JoinupGroupContext.php b/tests/src/Context/JoinupGroupContext.php index 8590a6c6cd..c66dc52f8b 100644 --- a/tests/src/Context/JoinupGroupContext.php +++ b/tests/src/Context/JoinupGroupContext.php @@ -20,6 +20,23 @@ class JoinupGroupContext extends RawDrupalContext { use NodeTrait; use RdfEntityTrait; + /** + * Navigates to the members page of the given group. + * + * @param string $label + * The name of the group. + * + * @When I go to the members page of :label + * @When I am on the members page of :label + */ + public function visitMembersPage(string $label): void { + $group = $this->getRdfEntityByLabel($label); + $url = Url::fromRoute('entity.rdf_entity.member_overview', [ + 'rdf_entity' => $group->id(), + ]); + $this->visitPath($url->toString()); + } + /** * Navigates to the membership permissions table of the given group. * From 7e0d42d4ecd3f5f38f49d56dd60efe946f7a107e Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Fri, 26 Mar 2021 17:25:27 +0200 Subject: [PATCH 12/25] ISAICP-6222: Ensure anonymous users and normal members also see the link to the permissions info table. --- web/themes/joinup/joinup_theme.theme | 10 +++++++++- .../views-exposed-form--members-overview.html.twig | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/web/themes/joinup/joinup_theme.theme b/web/themes/joinup/joinup_theme.theme index 40367ebe28..31f0ed496a 100644 --- a/web/themes/joinup/joinup_theme.theme +++ b/web/themes/joinup/joinup_theme.theme @@ -769,7 +769,15 @@ function joinup_theme_preprocess_field_multiple_value_form(&$variables) { /** * Implements hook_preprocess_HOOK() for views-exposed-form.html.twig. */ -function joinup_theme_preprocess_views_exposed_form__og_members_overview(&$variables) { +function joinup_theme_preprocess_views_exposed_form(&$variables) { + // Bail out if we are not on the members overview. + if (!in_array($variables['theme_hook_original'], [ + 'views_exposed_form__og_members_overview', + 'views_exposed_form__members_overview', + ])) { + return; + } + // Append a help icon to the member permissions link on the members page. if (!empty($variables['form']['member_permissions_link']['#title'])) { $link = &$variables['form']['member_permissions_link']; diff --git a/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig b/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig index fa6bf1ebcd..4e8fb9a58f 100644 --- a/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig +++ b/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig @@ -23,6 +23,9 @@ <div class="listing__item listing__item--tile mdl-cell mdl-cell--4-col"> {{ form.actions }} </div> + <div class="listing__item listing__item--tile listing__item--membership-permissions mdl-cell mdl-cell--4-col"> + {{ form.member_permissions_link }} + </div> </div> </div> </div> From c45c2cdeff7052c27a362efb1fc8d73d26e585b9 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Fri, 26 Mar 2021 18:03:50 +0200 Subject: [PATCH 13/25] ISAICP-6222: Expose the content creation options on group entities. --- .../collection/src/Entity/Collection.php | 7 ++++ ...ityContentWorkflowAccessControlHandler.php | 28 ++++++---------- .../src/Guard/CommunityContentGuard.php | 2 +- .../src/Entity/GroupInterface.php | 19 +++++++++++ .../joinup_group/src/Entity/GroupTrait.php | 7 ++++ .../joinup_group/src/JoinupGroupHelper.php | 32 ------------------- .../custom/solution/src/Entity/Solution.php | 7 ++++ 7 files changed, 50 insertions(+), 52 deletions(-) diff --git a/web/modules/custom/collection/src/Entity/Collection.php b/web/modules/custom/collection/src/Entity/Collection.php index 09fc347f16..dd7c78fc68 100644 --- a/web/modules/custom/collection/src/Entity/Collection.php +++ b/web/modules/custom/collection/src/Entity/Collection.php @@ -98,6 +98,13 @@ public function getGroupModerationFieldName(): string { return 'field_ar_moderation'; } + /** + * {@inheritdoc} + */ + public function getContentCreationFieldName(): string { + return 'field_ar_content_creation'; + } + /** * {@inheritdoc} */ diff --git a/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php b/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php index 15a7e3f249..623547490f 100644 --- a/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php +++ b/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php @@ -11,7 +11,7 @@ use Drupal\Core\Entity\EntityTypeManagerInterface; use Drupal\Core\Session\AccountInterface; use Drupal\joinup_community_content\Entity\CommunityContentInterface; -use Drupal\joinup_group\JoinupGroupHelper; +use Drupal\joinup_group\Exception\MissingGroupException; use Drupal\joinup_workflow\EntityWorkflowStateInterface; use Drupal\joinup_workflow\WorkflowHelperInterface; use Drupal\node\NodeStorageInterface; @@ -212,7 +212,14 @@ protected function entityViewAccess(CommunityContentInterface $content, AccountI protected function entityCreateAccess(CommunityContentInterface $content, AccountInterface $account): AccessResultInterface { $create_scheme = $this->getPermissionScheme('create'); $workflow_id = $content->getWorkflow()->getId(); - $content_creation = $this->getParentContentCreationOption($content); + try { + $content_creation = $content->getGroup()->getContentCreation(); + } + catch (MissingGroupException $e) { + // Forbid creating community content if the parent group has not been set + // (e.g. because the entity is orphaned). + return AccessResult::forbidden()->addCacheTags($content->getEntityType()->getListCacheTags()); + } foreach ($create_scheme[$workflow_id][$content_creation] as $ownership_data) { // There is no check whether the transition is allowed as only allowed @@ -278,23 +285,6 @@ protected function entityDeleteAccess(CommunityContentInterface $content, Accoun return AccessResult::forbidden()->addCacheableDependency($content); } - /** - * Returns the content creation option value of the parent of an entity. - * - * @param \Drupal\joinup_community_content\Entity\CommunityContentInterface $content - * The group content entity. - * - * @return string - * The content creation option value. - * - * @throws \Drupal\joinup_group\Exception\MissingGroupException - * Thrown when the entity doesn't have a parent group. - */ - protected function getParentContentCreationOption(CommunityContentInterface $content): string { - $parent = $content->getGroup(); - return JoinupGroupHelper::getContentCreation($parent); - } - /** * Checks whether the entity has a published version. * diff --git a/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php b/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php index 35b4098798..2f8d388187 100644 --- a/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php +++ b/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php @@ -95,7 +95,7 @@ public function allowedCreate(WorkflowTransition $transition, WorkflowInterface $permission_scheme = $this->permissionScheme->get('create'); $workflow_id = $workflow->getId(); $parent = JoinupGroupHelper::getGroup($entity); - $content_creation = JoinupGroupHelper::getContentCreation($parent); + $content_creation = $parent->getContentCreation(); if (!isset($permission_scheme[$workflow_id][$content_creation][$transition->getId()])) { return FALSE; diff --git a/web/modules/custom/joinup_group/src/Entity/GroupInterface.php b/web/modules/custom/joinup_group/src/Entity/GroupInterface.php index b5f555a14d..7d48ca3303 100644 --- a/web/modules/custom/joinup_group/src/Entity/GroupInterface.php +++ b/web/modules/custom/joinup_group/src/Entity/GroupInterface.php @@ -170,6 +170,25 @@ public function isModerated(): bool; */ public function getGroupModerationFieldName(): string; + /** + * Returns who can create content in the group. + * + * @return string + * The content creation option value. Can be one of the following: + * - \Drupal\joinup_group\ContentCreationOptions::FACILITATORS_AND_AUTHORS + * - \Drupal\joinup_group\ContentCreationOptions::MEMBERS + * - \Drupal\joinup_group\ContentCreationOptions::REGISTERED_USERS + */ + public function getContentCreation(): string; + + /** + * Returns the field name of the content creation field. + * + * @return string + * The field name. + */ + public function getContentCreationFieldName(): string; + /** * Returns recursively all content IDs of this group. * diff --git a/web/modules/custom/joinup_group/src/Entity/GroupTrait.php b/web/modules/custom/joinup_group/src/Entity/GroupTrait.php index 538cdedb33..defb22b89a 100644 --- a/web/modules/custom/joinup_group/src/Entity/GroupTrait.php +++ b/web/modules/custom/joinup_group/src/Entity/GroupTrait.php @@ -94,6 +94,13 @@ public function isModerated(): bool { return (int) $this->getMainPropertyValue($this->getGroupModerationFieldName()) === GroupInterface::PRE_MODERATION; } + /** + * {@inheritdoc} + */ + public function getContentCreation(): string { + return $this->getMainPropertyValue($this->getContentCreationFieldName()); + } + /** * {@inheritdoc} */ diff --git a/web/modules/custom/joinup_group/src/JoinupGroupHelper.php b/web/modules/custom/joinup_group/src/JoinupGroupHelper.php index 5ff47be37c..fa5ffded86 100644 --- a/web/modules/custom/joinup_group/src/JoinupGroupHelper.php +++ b/web/modules/custom/joinup_group/src/JoinupGroupHelper.php @@ -23,22 +23,6 @@ class JoinupGroupHelper { 'solution' => 'solution', ]; - /** - * Content creation field machine names per group bundle. - */ - const GROUP_CONTENT_CREATION = [ - 'collection' => 'field_ar_content_creation', - 'solution' => 'field_is_content_creation', - ]; - - /** - * Workflow state field machine names per group bundle. - */ - const GROUP_STATE_FIELDS = [ - 'collection' => 'field_ar_state', - 'solution' => 'field_is_state', - ]; - /** * Returns the group the entity belongs to. * @@ -74,20 +58,4 @@ public static function getGroup(EntityInterface $entity): ?GroupInterface { return NULL; } - /** - * Returns the content creation option for the given group. - * - * @param \Drupal\Core\Entity\EntityInterface $entity - * The group for which to return the content creation option value. - * - * @return string - * The content creation option value. Can be one of the following: - * - \Drupal\joinup_group\ContentCreationOptions::FACILITATORS - * - \Drupal\joinup_group\ContentCreationOptions::MEMBERS - * - \Drupal\joinup_group\ContentCreationOptions::REGISTERED_USERS - */ - public static function getContentCreation(EntityInterface $entity): string { - return $entity->{self::GROUP_CONTENT_CREATION[$entity->bundle()]}->first()->value; - } - } diff --git a/web/modules/custom/solution/src/Entity/Solution.php b/web/modules/custom/solution/src/Entity/Solution.php index e75e8dd97e..c961d281fe 100644 --- a/web/modules/custom/solution/src/Entity/Solution.php +++ b/web/modules/custom/solution/src/Entity/Solution.php @@ -167,6 +167,13 @@ public function getGroupModerationFieldName(): string { return 'field_is_moderation'; } + /** + * {@inheritdoc} + */ + public function getContentCreationFieldName(): string { + return 'field_is_content_creation'; + } + /** * {@inheritdoc} */ From ce337a2508e55a1c25deb47345d36c562874787c Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 01:39:59 +0300 Subject: [PATCH 14/25] ISAICP-6222: Start on more comprehensive coverage. --- tests/behat.yml.dist | 1 + .../member_permissions_table.feature | 318 ++++++++++++++++++ .../solution.member_administration.feature | 16 - 3 files changed, 319 insertions(+), 16 deletions(-) create mode 100644 tests/features/joinup_group/member_permissions_table.feature diff --git a/tests/behat.yml.dist b/tests/behat.yml.dist index 06b847b438..26d46cea63 100644 --- a/tests/behat.yml.dist +++ b/tests/behat.yml.dist @@ -85,6 +85,7 @@ default: 'group menu edit table': '#menu-overview' 'eif recommendations': '.eif-recommendations table' 'member administration': '.og-members-overview table' + 'member permissions': 'table.form-table__member-permissions' 'licence comparer': 'table[data-drupal-selector="licence-comparer"]' 'pipeline log': 'table.joinup-pipeline-log-table' 'subscribers report': 'table' diff --git a/tests/features/joinup_group/member_permissions_table.feature b/tests/features/joinup_group/member_permissions_table.feature new file mode 100644 index 0000000000..bc128e136d --- /dev/null +++ b/tests/features/joinup_group/member_permissions_table.feature @@ -0,0 +1,318 @@ +@api @terms +Feature: Group member permissions table + In order to get an overview of which actions I can take in a group + As a member of a collection or solution + I need to be able to see which permissions I have + + Scenario: + Given users: + | Username | + | Mustrum Ridcully | + | A. A. Dinwiddie | + | Henry Porter | + Given the following collections: + | title | state | content creation | moderation | + | Applied astrology | validated | facilitators and authors | yes | + | Illiberal studies | validated | facilitators and authors | no | + | Approximate accuracy | validated | members | yes | + | Dust, miscellaneous particles and filaments | validated | members | no | + | Creative uncertainty | validated | registered users | yes | + | Woolly thinking | validated | registered users | no | + And the following solutions: + | title | state | content creation | moderation | + | Applied anthropics | validated | facilitators and authors | yes | + | Extreme horticulture | validated | facilitators and authors | no | + | Prehumous morbid bibliomancy | validated | registered users | yes | + | Posthumous morbid bibliomancy | validated | registered users | no | + And the following collection user memberships: + | collection | user | roles | + | Applied astrology | Mustrum Ridcully | facilitator | + | Illiberal studies | Mustrum Ridcully | facilitator | + | Approximate accuracy | Mustrum Ridcully | facilitator | + | Dust, miscellaneous particles and filaments | Mustrum Ridcully | facilitator | + | Creative uncertainty | Mustrum Ridcully | facilitator | + | Woolly thinking | Mustrum Ridcully | facilitator | + | Applied astrology | A. A. Dinwiddie | author | + | Illiberal studies | A. A. Dinwiddie | author | + | Approximate accuracy | A. A. Dinwiddie | author | + | Dust, miscellaneous particles and filaments | A. A. Dinwiddie | author | + | Creative uncertainty | A. A. Dinwiddie | author | + | Woolly thinking | A. A. Dinwiddie | author | + | Applied astrology | Henry Porter | | + | Illiberal studies | Henry Porter | | + | Approximate accuracy | Henry Porter | | + | Dust, miscellaneous particles and filaments | Henry Porter | | + | Creative uncertainty | Henry Porter | | + | Woolly thinking | Henry Porter | | + And the following solution user memberships: + | solution | user | roles | + | Applied anthropics | Mustrum Ridcully | facilitator | + | Extreme horticulture | Mustrum Ridcully | facilitator | + | Prehumous morbid bibliomancy | Mustrum Ridcully | facilitator | + | Posthumous morbid bibliomancy | Mustrum Ridcully | facilitator | + | Applied anthropics | A. A. Dinwiddie | author | + | Extreme horticulture | A. A. Dinwiddie | author | + | Prehumous morbid bibliomancy | A. A. Dinwiddie | author | + | Posthumous morbid bibliomancy | A. A. Dinwiddie | author | + | Applied anthropics | Henry Porter | | + | Extreme horticulture | Henry Porter | | + | Prehumous morbid bibliomancy | Henry Porter | | + | Posthumous morbid bibliomancy | Henry Porter | | + + # Collection. Content creation: authors and facilitators. Moderated. + And I am on the members page of "Applied astrology" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | | ✓ | ✓ | ✓ | + | Can publish content | | ✓ | ✓ | ✓ | + + # Quick check to verify the permissions are actually matching what is displayed in the table. + Given I am logged in as a member of the "Applied astrology" collection + When I go to the homepage of the "Applied astrology" collection + # Can not start a discussion. + Then I should not see the link "Add discussion" + # Can not propose or publish content. + And I should not see the link "Add document" + And I should not see the link "Add event" + And I should not see the link "Add news" + + + # Collection. Content creation: authors and facilitators. Not moderated. + And I am on the members page of "Illiberal studies" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | | ✓ | ✓ | ✓ | + | Can publish content | | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Illiberal studies" collection + When I go to the homepage of the "Illiberal studies" collection + # Can not start a discussion. + Then I should not see the link "Add discussion" + # Can not propose or publish content. + And I should not see the link "Add document" + And I should not see the link "Add event" + And I should not see the link "Add news" + + + # Collection. Content creation: members. Moderated. + Given I am on the members page of "Approximate accuracy" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | ✓ | ✓ | ✓ | ✓ | + | Can propose content for publication, pending approval | ✓ | | | | + | Can publish content without approval | | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Approximate accuracy" collection + When I go to the homepage of the "Approximate accuracy" collection + # Can start a discussion. + And I click "Add discussion" + Then I should see the button "Publish" + # Can propose content but not publish. + When I click "Add document" + Then I should see the button "Propose" + But I should not see the button "Publish" + When I click "Add event" + Then I should see the button "Propose" + But I should not see the button "Publish" + When I click "Add news" + Then I should see the button "Propose" + But I should not see the button "Publish" + + # Collection. Content creation: members. Not moderated. + Given I am on the members page of "Dust, miscellaneous particles and filaments" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | ✓ | ✓ | ✓ | ✓ | + | Can publish content | ✓ | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Dust, miscellaneous particles and filaments" collection + When I go to the homepage of the "Dust, miscellaneous particles and filaments" collection + # Can start a discussion. + And I click "Add discussion" + Then I should see the button "Publish" + # Can publish content but not propose. + When I click "Add document" + Then I should see the button "Publish" + But I should not see the button "Propose" + When I click "Add event" + Then I should see the button "Publish" + But I should not see the button "Propose" + When I click "Add news" + Then I should see the button "Publish" + But I should not see the button "Propose" + + # Collection. Content creation: any user. Moderated. + Given I am on the members page of "Creative uncertainty" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | ✓ | ✓ | ✓ | ✓ | + | Can propose content for publication, pending approval | ✓ | | | | + | Can publish content without approval | | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Creative uncertainty" collection + When I go to the homepage of the "Creative uncertainty" collection + # Can start a discussion. + And I click "Add discussion" + Then I should see the button "Publish" + # Can propose content but not publish. + When I click "Add document" + Then I should see the button "Propose" + But I should not see the button "Publish" + When I click "Add event" + Then I should see the button "Propose" + But I should not see the button "Publish" + When I click "Add news" + Then I should see the button "Propose" + But I should not see the button "Publish" + + # Collection. Content creation: any user. Not moderated. + Given I am on the members page of "Woolly thinking" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | ✓ | ✓ | ✓ | ✓ | + | Can publish content | ✓ | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Woolly thinking" collection + When I go to the homepage of the "Woolly thinking" collection + # Can start a discussion. + And I click "Add discussion" + Then I should see the button "Publish" + # Can publish content but not propose. + When I click "Add document" + Then I should see the button "Publish" + But I should not see the button "Propose" + When I click "Add event" + Then I should see the button "Publish" + But I should not see the button "Propose" + When I click "Add news" + Then I should see the button "Publish" + But I should not see the button "Propose" + + # Solution. Content creation: authors and facilitators. Moderated. + Given I am on the members page of "Applied anthropics" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | | ✓ | ✓ | ✓ | + | Can publish content | | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Applied anthropics" solution + When I go to the homepage of the "Applied anthropics" solution + # Can not start a discussion. + Then I should not see the link "Add discussion" + # Can not propose or publish content. + And I should not see the link "Add document" + And I should not see the link "Add event" + And I should not see the link "Add news" + + + # Solution. Content creation: authors and facilitators. Non-moderated. + Given I am on the members page of "Extreme horticulture" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | | ✓ | ✓ | ✓ | + | Can publish content | | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Extreme horticulture" solution + When I go to the homepage of the "Extreme horticulture" solution + # Can not start a discussion. + Then I should not see the link "Add discussion" + # Can not propose or publish content. + And I should not see the link "Add document" + And I should not see the link "Add event" + And I should not see the link "Add news" + + + # Solution. Content creation: any user. Moderated. + Given I am on the members page of "Prehumous morbid bibliomancy" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | ✓ | ✓ | ✓ | ✓ | + | Can propose content for publication, pending approval | ✓ | | | | + | Can publish content without approval | | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Prehumous morbid bibliomancy" solution + When I go to the homepage of the "Prehumous morbid bibliomancy" solution + # Can start a discussion. + And I click "Add discussion" + Then I should see the button "Publish" + # Can propose content but not publish. + When I click "Add document" + Then I should see the button "Propose" + But I should not see the button "Publish" + When I click "Add event" + Then I should see the button "Propose" + But I should not see the button "Publish" + When I click "Add news" + Then I should see the button "Propose" + But I should not see the button "Publish" + + # Solution. Content creation: any user. Non-moderated. + Given I am on the members page of "Posthumous morbid bibliomancy" + When I click "Member permissions" + Then the "member permissions" table should be: + | Permission | Member | Author | Facilitator | Owner | + | Can view published content | ✓ | ✓ | ✓ | ✓ | + | Can start a discussion | ✓ | ✓ | ✓ | ✓ | + | Can publish content | ✓ | ✓ | ✓ | ✓ | + + Given I am logged in as a member of the "Posthumous morbid bibliomancy" solution + When I go to the homepage of the "Posthumous morbid bibliomancy" solution + # Can start a discussion. + And I click "Add discussion" + Then I should see the button "Publish" + # Can publish content but not propose. + When I click "Add document" + Then I should see the button "Publish" + But I should not see the button "Propose" + When I click "Add event" + Then I should see the button "Publish" + But I should not see the button "Propose" + When I click "Add news" + Then I should see the button "Publish" + But I should not see the button "Propose" + + # The permissions table should not be accessible for non-public groups. + Scenario: Access the membership permissions information table + Given the following collections: + | title | state | + | Valid Bibliomancy | validated | + | Draft Bibliomancy | draft | + | Proposed Bibliomancy | proposed | + And the following solutions: + | title | state | + | Valid Dynamics | validated | + | Draft Dynamics | draft | + | Proposed Dynamics | proposed | + | Dark Dynamics | blacklisted | + When I go to the member permissions table of "Draft Bibliomancy" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "Proposed Bibliomancy" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "Valid Bibliomancy" + Then I should see the heading "Member permissions" + When I go to the member permissions table of "Draft Dynamics" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "Proposed Dynamics" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "Dark Dynamics" + Then I should see the heading "Sign in to continue" + When I go to the member permissions table of "Valid Dynamics" + Then I should see the heading "Member permissions" diff --git a/tests/features/solution/solution.member_administration.feature b/tests/features/solution/solution.member_administration.feature index ac9b589b55..5c38795041 100644 --- a/tests/features/solution/solution.member_administration.feature +++ b/tests/features/solution/solution.member_administration.feature @@ -133,19 +133,3 @@ Feature: Solution membership administration And I should see the link "Invite members" When I click "Invite members" Then I should see the heading "Invite members" - - # The permissions table should not be accessible for non-public solutions. - Scenario: Access the membership permissions information table - Given the following solutions: - | title | state | - | The Draft Sons | draft | - | The Proposed Sons | proposed | - | The Sons of Darkness | blacklisted | - When I go to the member permissions table of "The Draft Sons" - Then I should see the heading "Sign in to continue" - When I go to the member permissions table of "The Proposed Sons" - Then I should see the heading "Sign in to continue" - When I go to the member permissions table of "The Sons of Darkness" - Then I should see the heading "Sign in to continue" - When I go to the member permissions table of "The Missing Sons" - Then I should see the heading "Member permissions" From 389eef5370619628c98ddae1e2e5e2da4ea71336 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 01:40:57 +0300 Subject: [PATCH 15/25] ISAICP-6222: Improve method name to clarify what kind of value it returns. --- .../src/CommunityContentWorkflowAccessControlHandler.php | 2 +- .../src/Guard/CommunityContentGuard.php | 2 +- web/modules/custom/joinup_group/src/Entity/GroupInterface.php | 2 +- web/modules/custom/joinup_group/src/Entity/GroupTrait.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php b/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php index 623547490f..952b9d688f 100644 --- a/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php +++ b/web/modules/custom/joinup_community_content/src/CommunityContentWorkflowAccessControlHandler.php @@ -213,7 +213,7 @@ protected function entityCreateAccess(CommunityContentInterface $content, Accoun $create_scheme = $this->getPermissionScheme('create'); $workflow_id = $content->getWorkflow()->getId(); try { - $content_creation = $content->getGroup()->getContentCreation(); + $content_creation = $content->getGroup()->getContentCreators(); } catch (MissingGroupException $e) { // Forbid creating community content if the parent group has not been set diff --git a/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php b/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php index 2f8d388187..172ae1ed24 100644 --- a/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php +++ b/web/modules/custom/joinup_community_content/src/Guard/CommunityContentGuard.php @@ -95,7 +95,7 @@ public function allowedCreate(WorkflowTransition $transition, WorkflowInterface $permission_scheme = $this->permissionScheme->get('create'); $workflow_id = $workflow->getId(); $parent = JoinupGroupHelper::getGroup($entity); - $content_creation = $parent->getContentCreation(); + $content_creation = $parent->getContentCreators(); if (!isset($permission_scheme[$workflow_id][$content_creation][$transition->getId()])) { return FALSE; diff --git a/web/modules/custom/joinup_group/src/Entity/GroupInterface.php b/web/modules/custom/joinup_group/src/Entity/GroupInterface.php index 7d48ca3303..8c214aa308 100644 --- a/web/modules/custom/joinup_group/src/Entity/GroupInterface.php +++ b/web/modules/custom/joinup_group/src/Entity/GroupInterface.php @@ -179,7 +179,7 @@ public function getGroupModerationFieldName(): string; * - \Drupal\joinup_group\ContentCreationOptions::MEMBERS * - \Drupal\joinup_group\ContentCreationOptions::REGISTERED_USERS */ - public function getContentCreation(): string; + public function getContentCreators(): string; /** * Returns the field name of the content creation field. diff --git a/web/modules/custom/joinup_group/src/Entity/GroupTrait.php b/web/modules/custom/joinup_group/src/Entity/GroupTrait.php index defb22b89a..566d58ef1e 100644 --- a/web/modules/custom/joinup_group/src/Entity/GroupTrait.php +++ b/web/modules/custom/joinup_group/src/Entity/GroupTrait.php @@ -97,7 +97,7 @@ public function isModerated(): bool { /** * {@inheritdoc} */ - public function getContentCreation(): string { + public function getContentCreators(): string { return $this->getMainPropertyValue($this->getContentCreationFieldName()); } From 56629cec493b9d183820b61e033f083c6e39cd62 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 17:13:04 +0300 Subject: [PATCH 16/25] ISAICP-6222: Add permissions related to deleting content. --- .../member_permissions_table.feature | 190 ++++++++++++------ ...ershipPermissionsInformationController.php | 144 ++++++++++++- 2 files changed, 275 insertions(+), 59 deletions(-) diff --git a/tests/features/joinup_group/member_permissions_table.feature b/tests/features/joinup_group/member_permissions_table.feature index bc128e136d..79f37796b8 100644 --- a/tests/features/joinup_group/member_permissions_table.feature +++ b/tests/features/joinup_group/member_permissions_table.feature @@ -7,9 +7,14 @@ Feature: Group member permissions table Scenario: Given users: | Username | + | Horace Worblehat | + | Ponder Stibbons | + | Henry Porter | + | Rincewind | + | Dr. John Hicks | + | Hex | | Mustrum Ridcully | | A. A. Dinwiddie | - | Henry Porter | Given the following collections: | title | state | content creation | moderation | | Applied astrology | validated | facilitators and authors | yes | @@ -26,6 +31,10 @@ Feature: Group member permissions table | Posthumous morbid bibliomancy | validated | registered users | no | And the following collection user memberships: | collection | user | roles | + | Approximate accuracy | Horace Worblehat | | + | Dust, miscellaneous particles and filaments | Ponder Stibbons | | + | Creative uncertainty | Henry Porter | | + | Woolly thinking | Rincewind | | | Applied astrology | Mustrum Ridcully | facilitator | | Illiberal studies | Mustrum Ridcully | facilitator | | Approximate accuracy | Mustrum Ridcully | facilitator | @@ -42,10 +51,11 @@ Feature: Group member permissions table | Illiberal studies | Henry Porter | | | Approximate accuracy | Henry Porter | | | Dust, miscellaneous particles and filaments | Henry Porter | | - | Creative uncertainty | Henry Porter | | | Woolly thinking | Henry Porter | | And the following solution user memberships: | solution | user | roles | + | Prehumous morbid bibliomancy | Dr. John Hicks | | + | Posthumous morbid bibliomancy | Hex | | | Applied anthropics | Mustrum Ridcully | facilitator | | Extreme horticulture | Mustrum Ridcully | facilitator | | Prehumous morbid bibliomancy | Mustrum Ridcully | facilitator | @@ -63,12 +73,17 @@ Feature: Group member permissions table And I am on the members page of "Applied astrology" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | | ✓ | ✓ | ✓ | - | Can publish content | | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | - # Quick check to verify the permissions are actually matching what is displayed in the table. + # Quick check to verify the permissions are actually matching what is + # displayed in the table. Only the most common case ("member") is checked. + # This is already covered in other scenarios, but having a check here will + # alert us to update the tables if permissions change. Given I am logged in as a member of the "Applied astrology" collection When I go to the homepage of the "Applied astrology" collection # Can not start a discussion. @@ -83,10 +98,12 @@ Feature: Group member permissions table And I am on the members page of "Illiberal studies" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | | ✓ | ✓ | ✓ | - | Can publish content | | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Illiberal studies" collection When I go to the homepage of the "Illiberal studies" collection @@ -102,13 +119,18 @@ Feature: Group member permissions table Given I am on the members page of "Approximate accuracy" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | ✓ | ✓ | ✓ | ✓ | - | Can propose content for publication, pending approval | ✓ | | | | - | Can publish content without approval | | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Propose content for publication, pending approval | ✓ | | | | + | Approve proposed content for publication | | | ✓ | ✓ | + | Publish content without approval | | ✓ | ✓ | ✓ | + | Request deletion of own content, pending approval | ✓ | | | | + | Approve requested deletion of content | | | ✓ | ✓ | + | Delete own content without approval | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | - Given I am logged in as a member of the "Approximate accuracy" collection + Given I am logged in as "Horace Worblehat" When I go to the homepage of the "Approximate accuracy" collection # Can start a discussion. And I click "Add discussion" @@ -123,17 +145,25 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Propose" But I should not see the button "Publish" + Given news content: + | title | state | collection | author | + | Election of Boy Archchancellor | validated | Approximate accuracy | Horace Worblehat | + When I go to the news content "Election of Boy Archchancellor" edit screen + Then I should see the button "Request deletion" + But I should not see the link "Delete" # Collection. Content creation: members. Not moderated. Given I am on the members page of "Dust, miscellaneous particles and filaments" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | ✓ | ✓ | ✓ | ✓ | - | Can publish content | ✓ | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | - Given I am logged in as a member of the "Dust, miscellaneous particles and filaments" collection + Given I am logged in as "Ponder Stibbons" When I go to the homepage of the "Dust, miscellaneous particles and filaments" collection # Can start a discussion. And I click "Add discussion" @@ -148,18 +178,29 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Publish" But I should not see the button "Propose" + Given news content: + | title | state | collection | author | + | Beating the bounds | validated | Dust, miscellaneous particles and filaments | Ponder Stibbons | + When I go to the news content "Beating the bounds" edit screen + Then I should see the link "Delete" + But I should not see the button "Request deletion" # Collection. Content creation: any user. Moderated. Given I am on the members page of "Creative uncertainty" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | ✓ | ✓ | ✓ | ✓ | - | Can propose content for publication, pending approval | ✓ | | | | - | Can publish content without approval | | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Propose content for publication, pending approval | ✓ | | | | + | Approve proposed content for publication | | | ✓ | ✓ | + | Publish content without approval | | ✓ | ✓ | ✓ | + | Request deletion of own content, pending approval | ✓ | | | | + | Approve requested deletion of content | | | ✓ | ✓ | + | Delete own content without approval | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | - Given I am logged in as a member of the "Creative uncertainty" collection + Given I am logged in as "Henry Porter" When I go to the homepage of the "Creative uncertainty" collection # Can start a discussion. And I click "Add discussion" @@ -174,17 +215,25 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Propose" But I should not see the button "Publish" + Given news content: + | title | state | collection | author | + | The Convivium | validated | Creative uncertainty | Henry Porter | + When I go to the news content "The Convivium" edit screen + Then I should see the button "Request deletion" + But I should not see the link "Delete" # Collection. Content creation: any user. Not moderated. Given I am on the members page of "Woolly thinking" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | ✓ | ✓ | ✓ | ✓ | - | Can publish content | ✓ | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | - Given I am logged in as a member of the "Woolly thinking" collection + Given I am logged in as "Rincewind" When I go to the homepage of the "Woolly thinking" collection # Can start a discussion. And I click "Add discussion" @@ -199,15 +248,23 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Publish" But I should not see the button "Propose" + Given news content: + | title | state | collection | author | + | Gaudy night | validated | Woolly thinking | Rincewind | + When I go to the news content "Gaudy night" edit screen + Then I should see the link "Delete" + But I should not see the button "Request deletion" # Solution. Content creation: authors and facilitators. Moderated. Given I am on the members page of "Applied anthropics" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | | ✓ | ✓ | ✓ | - | Can publish content | | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Applied anthropics" solution When I go to the homepage of the "Applied anthropics" solution @@ -223,10 +280,12 @@ Feature: Group member permissions table Given I am on the members page of "Extreme horticulture" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | | ✓ | ✓ | ✓ | - | Can publish content | | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Extreme horticulture" solution When I go to the homepage of the "Extreme horticulture" solution @@ -242,13 +301,18 @@ Feature: Group member permissions table Given I am on the members page of "Prehumous morbid bibliomancy" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | ✓ | ✓ | ✓ | ✓ | - | Can propose content for publication, pending approval | ✓ | | | | - | Can publish content without approval | | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Propose content for publication, pending approval | ✓ | | | | + | Approve proposed content for publication | | | ✓ | ✓ | + | Publish content without approval | | ✓ | ✓ | ✓ | + | Request deletion of own content, pending approval | ✓ | | | | + | Approve requested deletion of content | | | ✓ | ✓ | + | Delete own content without approval | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | - Given I am logged in as a member of the "Prehumous morbid bibliomancy" solution + Given I am logged in as "Dr. John Hicks" When I go to the homepage of the "Prehumous morbid bibliomancy" solution # Can start a discussion. And I click "Add discussion" @@ -263,17 +327,25 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Propose" But I should not see the button "Publish" + Given news content: + | title | state | solution | author | + | Head of the River | validated | Prehumous morbid bibliomancy | Dr. John Hicks | + When I go to the news content "Head of the River" edit screen + Then I should see the button "Request deletion" + But I should not see the link "Delete" # Solution. Content creation: any user. Non-moderated. Given I am on the members page of "Posthumous morbid bibliomancy" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | Can view published content | ✓ | ✓ | ✓ | ✓ | - | Can start a discussion | ✓ | ✓ | ✓ | ✓ | - | Can publish content | ✓ | ✓ | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | - Given I am logged in as a member of the "Posthumous morbid bibliomancy" solution + Given I am logged in as "Hex" When I go to the homepage of the "Posthumous morbid bibliomancy" solution # Can start a discussion. And I click "Add discussion" @@ -288,14 +360,20 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Publish" But I should not see the button "Propose" + Given news content: + | title | state | collection | author | + | May Morning | validated | Posthumous morbid bibliomancy | Hex | + When I go to the news content "May Morning" edit screen + Then I should see the link "Delete" + But I should not see the button "Request deletion" # The permissions table should not be accessible for non-public groups. Scenario: Access the membership permissions information table Given the following collections: - | title | state | - | Valid Bibliomancy | validated | - | Draft Bibliomancy | draft | - | Proposed Bibliomancy | proposed | + | title | state | + | Valid Bibliomancy | validated | + | Draft Bibliomancy | draft | + | Proposed Bibliomancy | proposed | And the following solutions: | title | state | | Valid Dynamics | validated | diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index 4a0004bcde..d8e19ac136 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -6,11 +6,16 @@ use Drupal\Core\Controller\ControllerBase; use Drupal\Core\Url; +use Drupal\joinup_group\ContentCreationOptions; use Drupal\joinup_group\Entity\GroupInterface; /** * Page controller for the member permissions information table. * + * Renders a table with a simplified subset of the available permissions for the + * different roles in a group. This is intended for end users and facilitators + * to get an overview of the actions they can take in the group. + * * This table is shown in a modal dialog when pressing the "Member permissions" * link in the Members page. */ @@ -26,11 +31,144 @@ class GroupMembershipPermissionsInformationController extends ControllerBase { * A render array containing the table. */ public function build(GroupInterface $rdf_entity): array { - $build['content'] = [ - '#type' => 'item', - '#markup' => $this->t('The dragon swooped once more lower than ever, and as he turned and dived down his belly glittered white with sparkling fires of gems in the moon.'), + $is_moderated = $rdf_entity->isModerated(); + $content_creators = $rdf_entity->getContentCreators(); + $only_authors_can_create = $content_creators === ContentCreationOptions::FACILITATORS_AND_AUTHORS; + + $permissions_info = [ + [ + // A custom description is provided since this is intended for a non- + // technical audience which is not familiar with Drupal permissions. + 'description' => $this->t('View published content'), + 'permitted' => [ + 'member' => TRUE, + 'author' => TRUE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $this->t('Start a discussion'), + 'permitted' => [ + 'member' => !$only_authors_can_create, + 'author' => TRUE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $this->t('Propose content for publication, pending approval'), + // This only applies for moderated groups. The option is hidden also if + // only facilitators and authors can create content, since in this case + // the normal members cannot propose any content. + 'applicable' => $is_moderated && !$only_authors_can_create, + 'permitted' => [ + 'member' => TRUE, + 'author' => FALSE, + 'facilitator' => FALSE, + 'owner' => FALSE, + ], + ], + [ + 'description' => $this->t('Approve proposed content for publication'), + 'applicable' => $is_moderated && !$only_authors_can_create, + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $is_moderated && !$only_authors_can_create ? $this->t('Publish content without approval') : $this->t('Publish content'), + 'permitted' => [ + 'member' => !$is_moderated && !$only_authors_can_create, + 'author' => TRUE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $this->t('Request deletion of own content, pending approval'), + 'applicable' => $is_moderated && !$only_authors_can_create, + 'permitted' => [ + 'member' => TRUE, + 'author' => FALSE, + 'facilitator' => FALSE, + 'owner' => FALSE, + ], + ], + [ + 'description' => $this->t('Approve requested deletion of content'), + 'applicable' => $is_moderated && !$only_authors_can_create, + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $is_moderated && !$only_authors_can_create ? $this->t('Delete own content without approval') : $this->t('Delete own content'), + 'permitted' => [ + 'member' => !$is_moderated && !$only_authors_can_create, + 'author' => TRUE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $this->t('Delete any content'), + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], ]; + $build['permissions'] = [ + '#type' => 'table', + '#header' => [ + $this->t('Permission'), + $this->t('Member'), + $this->t('Author'), + $this->t('Facilitator'), + $this->t('Owner'), + ], + '#attributes' => ['class' => ['form-table__member-permissions']], + ]; + + foreach ($permissions_info as $permission_info) { + if ($permission_info['applicable'] ?? TRUE) { + $build['permissions'][] = [ + [ + '#plain_text' => $permission_info['description'], + '#wrapper_attributes' => [ + 'class' => ['form-table__cell__description'], + ], + ], + [ + '#plain_text' => $permission_info['permitted']['member'] ? '✓' : '', + '#wrapper_attributes' => ['class' => ['form-table__cell__data']], + ], + [ + '#plain_text' => $permission_info['permitted']['author'] ? '✓' : '', + '#wrapper_attributes' => ['class' => ['form-table__cell__data']], + ], + [ + '#plain_text' => $permission_info['permitted']['facilitator'] ? '✓' : '', + '#wrapper_attributes' => ['class' => ['form-table__cell__data']], + ], + [ + '#plain_text' => $permission_info['permitted']['owner'] ? '✓' : '', + '#wrapper_attributes' => ['class' => ['form-table__cell__data']], + ], + ]; + } + } + $build['close'] = [ '#type' => 'link', '#title' => t('Got it'), From c03fca32b4d4a98192c9f583446076cefbdb5a2d Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 18:12:55 +0300 Subject: [PATCH 17/25] ISAICP-6222: Add permissions related to updating content. --- .../member_permissions_table.feature | 182 +++++++++++------- ...ershipPermissionsInformationController.php | 38 ++++ 2 files changed, 148 insertions(+), 72 deletions(-) diff --git a/tests/features/joinup_group/member_permissions_table.feature b/tests/features/joinup_group/member_permissions_table.feature index 79f37796b8..5501bf44ef 100644 --- a/tests/features/joinup_group/member_permissions_table.feature +++ b/tests/features/joinup_group/member_permissions_table.feature @@ -73,12 +73,14 @@ Feature: Group member permissions table And I am on the members page of "Applied astrology" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | # Quick check to verify the permissions are actually matching what is # displayed in the table. Only the most common case ("member") is checked. @@ -98,12 +100,14 @@ Feature: Group member permissions table And I am on the members page of "Illiberal studies" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Illiberal studies" collection When I go to the homepage of the "Illiberal studies" collection @@ -119,16 +123,20 @@ Feature: Group member permissions table Given I am on the members page of "Approximate accuracy" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Propose content for publication, pending approval | ✓ | | | | - | Approve proposed content for publication | | | ✓ | ✓ | - | Publish content without approval | | ✓ | ✓ | ✓ | - | Request deletion of own content, pending approval | ✓ | | | | - | Approve requested deletion of content | | | ✓ | ✓ | - | Delete own content without approval | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Propose content for publication, pending approval | ✓ | | | | + | Approve proposed content for publication | | | ✓ | ✓ | + | Publish content without approval | | ✓ | ✓ | ✓ | + | Propose changes to own published content, pending approval | ✓ | | | | + | Approve proposed changes to published content | | | ✓ | ✓ | + | Update own published content without approval | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request deletion of own content, pending approval | ✓ | | | | + | Approve requested deletion of content | | | ✓ | ✓ | + | Delete own content without approval | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Horace Worblehat" When I go to the homepage of the "Approximate accuracy" collection @@ -150,18 +158,22 @@ Feature: Group member permissions table | Election of Boy Archchancellor | validated | Approximate accuracy | Horace Worblehat | When I go to the news content "Election of Boy Archchancellor" edit screen Then I should see the button "Request deletion" + And I should see the button "Propose changes" But I should not see the link "Delete" + And I should not see the button "Update" # Collection. Content creation: members. Not moderated. Given I am on the members page of "Dust, miscellaneous particles and filaments" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Publish content | ✓ | ✓ | ✓ | ✓ | - | Delete own content | ✓ | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Update own published content | ✓ | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Ponder Stibbons" When I go to the homepage of the "Dust, miscellaneous particles and filaments" collection @@ -183,22 +195,28 @@ Feature: Group member permissions table | Beating the bounds | validated | Dust, miscellaneous particles and filaments | Ponder Stibbons | When I go to the news content "Beating the bounds" edit screen Then I should see the link "Delete" + And I should see the button "Update" But I should not see the button "Request deletion" + And I should not see the button "Propose changes" # Collection. Content creation: any user. Moderated. Given I am on the members page of "Creative uncertainty" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Propose content for publication, pending approval | ✓ | | | | - | Approve proposed content for publication | | | ✓ | ✓ | - | Publish content without approval | | ✓ | ✓ | ✓ | - | Request deletion of own content, pending approval | ✓ | | | | - | Approve requested deletion of content | | | ✓ | ✓ | - | Delete own content without approval | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Propose content for publication, pending approval | ✓ | | | | + | Approve proposed content for publication | | | ✓ | ✓ | + | Publish content without approval | | ✓ | ✓ | ✓ | + | Propose changes to own published content, pending approval | ✓ | | | | + | Approve proposed changes to published content | | | ✓ | ✓ | + | Update own published content without approval | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request deletion of own content, pending approval | ✓ | | | | + | Approve requested deletion of content | | | ✓ | ✓ | + | Delete own content without approval | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Henry Porter" When I go to the homepage of the "Creative uncertainty" collection @@ -220,18 +238,22 @@ Feature: Group member permissions table | The Convivium | validated | Creative uncertainty | Henry Porter | When I go to the news content "The Convivium" edit screen Then I should see the button "Request deletion" + And I should see the button "Propose changes" But I should not see the link "Delete" + And I should not see the button "Update" # Collection. Content creation: any user. Not moderated. Given I am on the members page of "Woolly thinking" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Publish content | ✓ | ✓ | ✓ | ✓ | - | Delete own content | ✓ | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Update own published content | ✓ | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Rincewind" When I go to the homepage of the "Woolly thinking" collection @@ -253,18 +275,22 @@ Feature: Group member permissions table | Gaudy night | validated | Woolly thinking | Rincewind | When I go to the news content "Gaudy night" edit screen Then I should see the link "Delete" + And I should see the button "Update" But I should not see the button "Request deletion" + And I should not see the button "Propose changes" # Solution. Content creation: authors and facilitators. Moderated. Given I am on the members page of "Applied anthropics" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Applied anthropics" solution When I go to the homepage of the "Applied anthropics" solution @@ -280,12 +306,14 @@ Feature: Group member permissions table Given I am on the members page of "Extreme horticulture" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Extreme horticulture" solution When I go to the homepage of the "Extreme horticulture" solution @@ -301,16 +329,20 @@ Feature: Group member permissions table Given I am on the members page of "Prehumous morbid bibliomancy" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Propose content for publication, pending approval | ✓ | | | | - | Approve proposed content for publication | | | ✓ | ✓ | - | Publish content without approval | | ✓ | ✓ | ✓ | - | Request deletion of own content, pending approval | ✓ | | | | - | Approve requested deletion of content | | | ✓ | ✓ | - | Delete own content without approval | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Propose content for publication, pending approval | ✓ | | | | + | Approve proposed content for publication | | | ✓ | ✓ | + | Publish content without approval | | ✓ | ✓ | ✓ | + | Propose changes to own published content, pending approval | ✓ | | | | + | Approve proposed changes to published content | | | ✓ | ✓ | + | Update own published content without approval | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request deletion of own content, pending approval | ✓ | | | | + | Approve requested deletion of content | | | ✓ | ✓ | + | Delete own content without approval | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Dr. John Hicks" When I go to the homepage of the "Prehumous morbid bibliomancy" solution @@ -332,18 +364,22 @@ Feature: Group member permissions table | Head of the River | validated | Prehumous morbid bibliomancy | Dr. John Hicks | When I go to the news content "Head of the River" edit screen Then I should see the button "Request deletion" + And I should see the button "Propose changes" But I should not see the link "Delete" + And I should not see the button "Update" # Solution. Content creation: any user. Non-moderated. Given I am on the members page of "Posthumous morbid bibliomancy" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Publish content | ✓ | ✓ | ✓ | ✓ | - | Delete own content | ✓ | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Update own published content | ✓ | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Hex" When I go to the homepage of the "Posthumous morbid bibliomancy" solution @@ -365,7 +401,9 @@ Feature: Group member permissions table | May Morning | validated | Posthumous morbid bibliomancy | Hex | When I go to the news content "May Morning" edit screen Then I should see the link "Delete" + And I should see the button "Update" But I should not see the button "Request deletion" + And I should not see the button "Propose changes" # The permissions table should not be accessible for non-public groups. Scenario: Access the membership permissions information table diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index d8e19ac136..61531308c7 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -88,6 +88,44 @@ public function build(GroupInterface $rdf_entity): array { 'owner' => TRUE, ], ], + [ + 'description' => $this->t('Propose changes to own published content, pending approval'), + 'applicable' => $is_moderated && !$only_authors_can_create, + 'permitted' => [ + 'member' => TRUE, + 'author' => FALSE, + 'facilitator' => FALSE, + 'owner' => FALSE, + ], + ], + [ + 'description' => $this->t('Approve proposed changes to published content'), + 'applicable' => $is_moderated && !$only_authors_can_create, + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $is_moderated && !$only_authors_can_create ? $this->t('Update own published content without approval') : $this->t('Update own published content'), + 'permitted' => [ + 'member' => !$is_moderated && !$only_authors_can_create, + 'author' => TRUE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], + [ + 'description' => $this->t('Update any content'), + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], [ 'description' => $this->t('Request deletion of own content, pending approval'), 'applicable' => $is_moderated && !$only_authors_can_create, From b724a51dcc19ddaeb81f303df24502e9cae25bb5 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 18:15:26 +0300 Subject: [PATCH 18/25] ISAICP-6222: Adhere to coding standards. --- ...oupMembershipPermissionsInformationController.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index 61531308c7..8da0fbf6b4 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -209,12 +209,20 @@ public function build(GroupInterface $rdf_entity): array { $build['close'] = [ '#type' => 'link', - '#title' => t('Got it'), + '#title' => $this->t('Got it'), '#url' => Url::fromRoute('entity.rdf_entity.member_overview', [ 'rdf_entity' => $rdf_entity->id(), ]), '#attributes' => [ - 'class' => ['dialog-cancel', 'button--blue', 'button-inline', 'mdl-button', 'mdl-button--accent', 'mdl-button--accent', 'mdl-button--raised'], + 'class' => [ + 'dialog-cancel', + 'button--blue', + 'button-inline', + 'mdl-button', + 'mdl-button--accent', + 'mdl-button--accent', + 'mdl-button--raised', + ], ], ]; From 37f742ba4e2977e3c8d6cdcbf2f08180a24fb029 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 20:44:59 +0300 Subject: [PATCH 19/25] ISAICP-6222: Add permissions regarding viewing and requesting changes for other user's content. --- .../member_permissions_table.feature | 215 +++++++++++------- ...ershipPermissionsInformationController.php | 18 ++ 2 files changed, 154 insertions(+), 79 deletions(-) diff --git a/tests/features/joinup_group/member_permissions_table.feature b/tests/features/joinup_group/member_permissions_table.feature index 5501bf44ef..5ca711f941 100644 --- a/tests/features/joinup_group/member_permissions_table.feature +++ b/tests/features/joinup_group/member_permissions_table.feature @@ -73,14 +73,16 @@ Feature: Group member permissions table And I am on the members page of "Applied astrology" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Update own published content | | ✓ | ✓ | ✓ | - | Update any content | | | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | # Quick check to verify the permissions are actually matching what is # displayed in the table. Only the most common case ("member") is checked. @@ -94,20 +96,26 @@ Feature: Group member permissions table And I should not see the link "Add document" And I should not see the link "Add event" And I should not see the link "Add news" - + Given event content: + | title | state | collection | author | + | The Poor Scholars | draft | Applied astrology | Mustrum Ridcully | + When I go to the content page of the type event with the title "The Poor Scholars" + Then I should get an access denied error # Collection. Content creation: authors and facilitators. Not moderated. And I am on the members page of "Illiberal studies" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Update own published content | | ✓ | ✓ | ✓ | - | Update any content | | | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Illiberal studies" collection When I go to the homepage of the "Illiberal studies" collection @@ -117,6 +125,11 @@ Feature: Group member permissions table And I should not see the link "Add document" And I should not see the link "Add event" And I should not see the link "Add news" + Given event content: + | title | state | collection | author | + | Rag Week | draft | Illiberal studies | Mustrum Ridcully | + When I go to the content page of the type event with the title "Rag Week" + Then I should get an access denied error # Collection. Content creation: members. Moderated. @@ -125,6 +138,7 @@ Feature: Group member permissions table Then the "member permissions" table should be: | Permission | Member | Author | Facilitator | Owner | | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | | Start a discussion | ✓ | ✓ | ✓ | ✓ | | Propose content for publication, pending approval | ✓ | | | | | Approve proposed content for publication | | | ✓ | ✓ | @@ -133,6 +147,7 @@ Feature: Group member permissions table | Approve proposed changes to published content | | | ✓ | ✓ | | Update own published content without approval | | ✓ | ✓ | ✓ | | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | | Request deletion of own content, pending approval | ✓ | | | | | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | @@ -153,27 +168,32 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Propose" But I should not see the button "Publish" - Given news content: + Given event content: | title | state | collection | author | | Election of Boy Archchancellor | validated | Approximate accuracy | Horace Worblehat | - When I go to the news content "Election of Boy Archchancellor" edit screen + | The Wizards' Excuse Me | draft | Approximate accuracy | Mustrum Ridcully | + When I go to the event content "Election of Boy Archchancellor" edit screen Then I should see the button "Request deletion" And I should see the button "Propose changes" But I should not see the link "Delete" And I should not see the button "Update" + When I go to the content page of the type event with the title "The Wizards' Excuse Me" + Then I should get an access denied error # Collection. Content creation: members. Not moderated. Given I am on the members page of "Dust, miscellaneous particles and filaments" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Publish content | ✓ | ✓ | ✓ | ✓ | - | Update own published content | ✓ | ✓ | ✓ | ✓ | - | Update any content | | | ✓ | ✓ | - | Delete own content | ✓ | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Update own published content | ✓ | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Ponder Stibbons" When I go to the homepage of the "Dust, miscellaneous particles and filaments" collection @@ -190,14 +210,17 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Publish" But I should not see the button "Propose" - Given news content: - | title | state | collection | author | - | Beating the bounds | validated | Dust, miscellaneous particles and filaments | Ponder Stibbons | - When I go to the news content "Beating the bounds" edit screen + Given event content: + | title | state | collection | author | + | Beating the bounds | validated | Dust, miscellaneous particles and filaments | Ponder Stibbons | + | Archchancellor Bowell's Remembrance's Bun and Penny | draft | Dust, miscellaneous particles and filaments | Mustrum Ridcully | + When I go to the event content "Beating the bounds" edit screen Then I should see the link "Delete" And I should see the button "Update" But I should not see the button "Request deletion" And I should not see the button "Propose changes" + When I go to the content page of the type event with the title "Archchancellor Bowell's Remembrance's Bun and Penny" + Then I should get an access denied error # Collection. Content creation: any user. Moderated. Given I am on the members page of "Creative uncertainty" @@ -205,6 +228,7 @@ Feature: Group member permissions table Then the "member permissions" table should be: | Permission | Member | Author | Facilitator | Owner | | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | | Start a discussion | ✓ | ✓ | ✓ | ✓ | | Propose content for publication, pending approval | ✓ | | | | | Approve proposed content for publication | | | ✓ | ✓ | @@ -213,6 +237,7 @@ Feature: Group member permissions table | Approve proposed changes to published content | | | ✓ | ✓ | | Update own published content without approval | | ✓ | ✓ | ✓ | | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | | Request deletion of own content, pending approval | ✓ | | | | | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | @@ -233,27 +258,32 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Propose" But I should not see the button "Publish" - Given news content: - | title | state | collection | author | - | The Convivium | validated | Creative uncertainty | Henry Porter | - When I go to the news content "The Convivium" edit screen + Given event content: + | title | state | collection | author | + | The Convivium | validated | Creative uncertainty | Henry Porter | + | The Hunting of the Megapode | draft | Creative uncertainty | Mustrum Ridcully | + When I go to the event content "The Convivium" edit screen Then I should see the button "Request deletion" And I should see the button "Propose changes" But I should not see the link "Delete" And I should not see the button "Update" + When I go to the content page of the type event with the title "The Hunting of the Megapode" + Then I should get an access denied error # Collection. Content creation: any user. Not moderated. Given I am on the members page of "Woolly thinking" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Publish content | ✓ | ✓ | ✓ | ✓ | - | Update own published content | ✓ | ✓ | ✓ | ✓ | - | Update any content | | | ✓ | ✓ | - | Delete own content | ✓ | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Update own published content | ✓ | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Rincewind" When I go to the homepage of the "Woolly thinking" collection @@ -270,27 +300,32 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Publish" But I should not see the button "Propose" - Given news content: - | title | state | collection | author | - | Gaudy night | validated | Woolly thinking | Rincewind | - When I go to the news content "Gaudy night" edit screen + Given event content: + | title | state | collection | author | + | Gaudy night | validated | Woolly thinking | Rincewind | + | Archchancellor Preserved Bigger's Bequest | draft | Woolly thinking | Mustrum Ridcully | + When I go to the event content "Gaudy night" edit screen Then I should see the link "Delete" And I should see the button "Update" But I should not see the button "Request deletion" And I should not see the button "Propose changes" + When I go to the content page of the type event with the title "Archchancellor Preserved Bigger's Bequest" + Then I should get an access denied error # Solution. Content creation: authors and facilitators. Moderated. Given I am on the members page of "Applied anthropics" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Update own published content | | ✓ | ✓ | ✓ | - | Update any content | | | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Applied anthropics" solution When I go to the homepage of the "Applied anthropics" solution @@ -300,20 +335,27 @@ Feature: Group member permissions table And I should not see the link "Add document" And I should not see the link "Add event" And I should not see the link "Add news" + Given event content: + | title | state | solution | author | + | Scrawn Money | draft | Applied anthropics | Mustrum Ridcully | + When I go to the content page of the type event with the title "Scrawn Money" + Then I should get an access denied error # Solution. Content creation: authors and facilitators. Non-moderated. Given I am on the members page of "Extreme horticulture" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | | ✓ | ✓ | ✓ | - | Publish content | | ✓ | ✓ | ✓ | - | Update own published content | | ✓ | ✓ | ✓ | - | Update any content | | | ✓ | ✓ | - | Delete own content | | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | + | Start a discussion | | ✓ | ✓ | ✓ | + | Publish content | | ✓ | ✓ | ✓ | + | Update own published content | | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | + | Delete own content | | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as a member of the "Extreme horticulture" solution When I go to the homepage of the "Extreme horticulture" solution @@ -323,6 +365,11 @@ Feature: Group member permissions table And I should not see the link "Add document" And I should not see the link "Add event" And I should not see the link "Add news" + Given event content: + | title | state | solution | author | + | 'Sity and Guilds | draft | Extreme horticulture | Mustrum Ridcully | + When I go to the content page of the type event with the title "'Sity and Guilds" + Then I should get an access denied error # Solution. Content creation: any user. Moderated. @@ -331,6 +378,7 @@ Feature: Group member permissions table Then the "member permissions" table should be: | Permission | Member | Author | Facilitator | Owner | | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | | Start a discussion | ✓ | ✓ | ✓ | ✓ | | Propose content for publication, pending approval | ✓ | | | | | Approve proposed content for publication | | | ✓ | ✓ | @@ -339,6 +387,7 @@ Feature: Group member permissions table | Approve proposed changes to published content | | | ✓ | ✓ | | Update own published content without approval | | ✓ | ✓ | ✓ | | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | | Request deletion of own content, pending approval | ✓ | | | | | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | @@ -359,27 +408,32 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Propose" But I should not see the button "Publish" - Given news content: - | title | state | solution | author | - | Head of the River | validated | Prehumous morbid bibliomancy | Dr. John Hicks | - When I go to the news content "Head of the River" edit screen + Given event content: + | title | state | solution | author | + | Head of the River | validated | Prehumous morbid bibliomancy | Dr. John Hicks | + | Poore Boys Funne | draft | Prehumous morbid bibliomancy | Mustrum Ridcully | + When I go to the event content "Head of the River" edit screen Then I should see the button "Request deletion" And I should see the button "Propose changes" But I should not see the link "Delete" And I should not see the button "Update" + When I go to the content page of the type event with the title "Poore Boys Funne" + Then I should get an access denied error # Solution. Content creation: any user. Non-moderated. Given I am on the members page of "Posthumous morbid bibliomancy" When I click "Member permissions" Then the "member permissions" table should be: - | Permission | Member | Author | Facilitator | Owner | - | View published content | ✓ | ✓ | ✓ | ✓ | - | Start a discussion | ✓ | ✓ | ✓ | ✓ | - | Publish content | ✓ | ✓ | ✓ | ✓ | - | Update own published content | ✓ | ✓ | ✓ | ✓ | - | Update any content | | | ✓ | ✓ | - | Delete own content | ✓ | ✓ | ✓ | ✓ | - | Delete any content | | | ✓ | ✓ | + | Permission | Member | Author | Facilitator | Owner | + | View published content | ✓ | ✓ | ✓ | ✓ | + | View unpublished content from other users | | | ✓ | ✓ | + | Start a discussion | ✓ | ✓ | ✓ | ✓ | + | Publish content | ✓ | ✓ | ✓ | ✓ | + | Update own published content | ✓ | ✓ | ✓ | ✓ | + | Update any content | | | ✓ | ✓ | + | Request changes on content from other users | | | ✓ | ✓ | + | Delete own content | ✓ | ✓ | ✓ | ✓ | + | Delete any content | | | ✓ | ✓ | Given I am logged in as "Hex" When I go to the homepage of the "Posthumous morbid bibliomancy" solution @@ -396,14 +450,17 @@ Feature: Group member permissions table When I click "Add news" Then I should see the button "Publish" But I should not see the button "Propose" - Given news content: - | title | state | collection | author | - | May Morning | validated | Posthumous morbid bibliomancy | Hex | - When I go to the news content "May Morning" edit screen + Given event content: + | title | state | collection | author | + | May Morning | validated | Posthumous morbid bibliomancy | Hex | + | A veritable heyhoe-rumbledown | draft | Posthumous morbid bibliomancy | Mustrum Ridcully | + When I go to the event content "May Morning" edit screen Then I should see the link "Delete" And I should see the button "Update" But I should not see the button "Request deletion" And I should not see the button "Propose changes" + When I go to the content page of the type event with the title "A veritable heyhoe-rumbledown" + Then I should get an access denied error # The permissions table should not be accessible for non-public groups. Scenario: Access the membership permissions information table diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index 8da0fbf6b4..ceaea50a9d 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -47,6 +47,15 @@ public function build(GroupInterface $rdf_entity): array { 'owner' => TRUE, ], ], + [ + 'description' => $this->t('View unpublished content from other users'), + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], [ 'description' => $this->t('Start a discussion'), 'permitted' => [ @@ -126,6 +135,15 @@ public function build(GroupInterface $rdf_entity): array { 'owner' => TRUE, ], ], + [ + 'description' => $this->t('Request changes on content from other users'), + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => TRUE, + 'owner' => TRUE, + ], + ], [ 'description' => $this->t('Request deletion of own content, pending approval'), 'applicable' => $is_moderated && !$only_authors_can_create, From 866b91edd5ccb2328c278fa6ed4012f0408b5fdf Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 21:17:06 +0300 Subject: [PATCH 20/25] ISAICP-6222: Add permission to manage users. --- .../joinup_group/member_permissions_table.feature | 10 ++++++++++ ...GroupMembershipPermissionsInformationController.php | 9 +++++++++ 2 files changed, 19 insertions(+) diff --git a/tests/features/joinup_group/member_permissions_table.feature b/tests/features/joinup_group/member_permissions_table.feature index 5ca711f941..54db45c74c 100644 --- a/tests/features/joinup_group/member_permissions_table.feature +++ b/tests/features/joinup_group/member_permissions_table.feature @@ -83,6 +83,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | # Quick check to verify the permissions are actually matching what is # displayed in the table. Only the most common case ("member") is checked. @@ -116,6 +117,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as a member of the "Illiberal studies" collection When I go to the homepage of the "Illiberal studies" collection @@ -152,6 +154,7 @@ Feature: Group member permissions table | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as "Horace Worblehat" When I go to the homepage of the "Approximate accuracy" collection @@ -194,6 +197,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | ✓ | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as "Ponder Stibbons" When I go to the homepage of the "Dust, miscellaneous particles and filaments" collection @@ -242,6 +246,7 @@ Feature: Group member permissions table | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as "Henry Porter" When I go to the homepage of the "Creative uncertainty" collection @@ -284,6 +289,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | ✓ | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as "Rincewind" When I go to the homepage of the "Woolly thinking" collection @@ -326,6 +332,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as a member of the "Applied anthropics" solution When I go to the homepage of the "Applied anthropics" solution @@ -356,6 +363,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as a member of the "Extreme horticulture" solution When I go to the homepage of the "Extreme horticulture" solution @@ -392,6 +400,7 @@ Feature: Group member permissions table | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as "Dr. John Hicks" When I go to the homepage of the "Prehumous morbid bibliomancy" solution @@ -434,6 +443,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | ✓ | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | + | Manage users | | | | ✓ | Given I am logged in as "Hex" When I go to the homepage of the "Posthumous morbid bibliomancy" solution diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index ceaea50a9d..772c8c4526 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -182,6 +182,15 @@ public function build(GroupInterface $rdf_entity): array { 'owner' => TRUE, ], ], + [ + 'description' => $this->t('Manage users'), + 'permitted' => [ + 'member' => FALSE, + 'author' => FALSE, + 'facilitator' => FALSE, + 'owner' => TRUE, + ], + ], ]; $build['permissions'] = [ From 4bf0f2618f43b4f93819a4753429b77e19fa93c2 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 21:19:35 +0300 Subject: [PATCH 21/25] ISAICP-6222: Remove unneeded steps. --- .../member_permissions_table.feature | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/tests/features/joinup_group/member_permissions_table.feature b/tests/features/joinup_group/member_permissions_table.feature index 54db45c74c..19a68d1bfe 100644 --- a/tests/features/joinup_group/member_permissions_table.feature +++ b/tests/features/joinup_group/member_permissions_table.feature @@ -14,7 +14,6 @@ Feature: Group member permissions table | Dr. John Hicks | | Hex | | Mustrum Ridcully | - | A. A. Dinwiddie | Given the following collections: | title | state | content creation | moderation | | Applied astrology | validated | facilitators and authors | yes | @@ -41,17 +40,6 @@ Feature: Group member permissions table | Dust, miscellaneous particles and filaments | Mustrum Ridcully | facilitator | | Creative uncertainty | Mustrum Ridcully | facilitator | | Woolly thinking | Mustrum Ridcully | facilitator | - | Applied astrology | A. A. Dinwiddie | author | - | Illiberal studies | A. A. Dinwiddie | author | - | Approximate accuracy | A. A. Dinwiddie | author | - | Dust, miscellaneous particles and filaments | A. A. Dinwiddie | author | - | Creative uncertainty | A. A. Dinwiddie | author | - | Woolly thinking | A. A. Dinwiddie | author | - | Applied astrology | Henry Porter | | - | Illiberal studies | Henry Porter | | - | Approximate accuracy | Henry Porter | | - | Dust, miscellaneous particles and filaments | Henry Porter | | - | Woolly thinking | Henry Porter | | And the following solution user memberships: | solution | user | roles | | Prehumous morbid bibliomancy | Dr. John Hicks | | @@ -60,14 +48,6 @@ Feature: Group member permissions table | Extreme horticulture | Mustrum Ridcully | facilitator | | Prehumous morbid bibliomancy | Mustrum Ridcully | facilitator | | Posthumous morbid bibliomancy | Mustrum Ridcully | facilitator | - | Applied anthropics | A. A. Dinwiddie | author | - | Extreme horticulture | A. A. Dinwiddie | author | - | Prehumous morbid bibliomancy | A. A. Dinwiddie | author | - | Posthumous morbid bibliomancy | A. A. Dinwiddie | author | - | Applied anthropics | Henry Porter | | - | Extreme horticulture | Henry Porter | | - | Prehumous morbid bibliomancy | Henry Porter | | - | Posthumous morbid bibliomancy | Henry Porter | | # Collection. Content creation: authors and facilitators. Moderated. And I am on the members page of "Applied astrology" From 2a24d50479320080d65456adcf33bacd04427f2c Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Tue, 30 Mar 2021 21:51:56 +0300 Subject: [PATCH 22/25] ISAICP-6222: Apply a sprinkling of theming. --- web/themes/joinup/scss/components/_form-table.scss | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/web/themes/joinup/scss/components/_form-table.scss b/web/themes/joinup/scss/components/_form-table.scss index fdf9026d82..6cb95c8af1 100644 --- a/web/themes/joinup/scss/components/_form-table.scss +++ b/web/themes/joinup/scss/components/_form-table.scss @@ -155,6 +155,12 @@ } } +.form-table__member-permissions { + .form-table__cell__data { + text-align: center; + } +} + // Fix margin if there is more than one text field in a table cell. .form-table__cell { .mdl-textfield + .mdl-textfield { From 041f82030a2be4c663daf0840e5d42f8ff2d1d26 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Thu, 1 Apr 2021 23:17:47 +0300 Subject: [PATCH 23/25] ISAICP-6222: Remove duplicate link. --- .../form/views-exposed-form--members-overview.html.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig b/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig index 4e8fb9a58f..5ac9b2c3cc 100644 --- a/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig +++ b/web/themes/joinup/templates/form/views-exposed-form--members-overview.html.twig @@ -29,6 +29,6 @@ </div> </div> </div> - {{ form|without('roles_target_id', 'combine', 'actions') }} + {{ form|without('roles_target_id', 'combine', 'actions', 'member_permissions_link') }} </div> From 33880a93b0d0bd4470e3e4ecf8e42c3eb9357580 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Fri, 2 Apr 2021 17:46:56 +0300 Subject: [PATCH 24/25] ISAICP-6222: Move material design specific classes to the theme layer. --- ...bershipPermissionsInformationController.php | 14 +------------- web/profiles/joinup/joinup.profile | 9 ++++++++- .../joinup-modal-close-button.html.twig | 12 ++++++++++++ .../parts/joinup-modal-close-button.html.twig | 18 ++++++++++++++++++ 4 files changed, 39 insertions(+), 14 deletions(-) create mode 100644 web/profiles/joinup/templates/joinup-modal-close-button.html.twig create mode 100644 web/themes/joinup/templates/parts/joinup-modal-close-button.html.twig diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index 772c8c4526..35a65141d8 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -235,22 +235,10 @@ public function build(GroupInterface $rdf_entity): array { } $build['close'] = [ - '#type' => 'link', - '#title' => $this->t('Got it'), + '#theme' => 'joinup_modal_close_button', '#url' => Url::fromRoute('entity.rdf_entity.member_overview', [ 'rdf_entity' => $rdf_entity->id(), ]), - '#attributes' => [ - 'class' => [ - 'dialog-cancel', - 'button--blue', - 'button-inline', - 'mdl-button', - 'mdl-button--accent', - 'mdl-button--accent', - 'mdl-button--raised', - ], - ], ]; return $build; diff --git a/web/profiles/joinup/joinup.profile b/web/profiles/joinup/joinup.profile index ed6933683a..9b8d70992e 100644 --- a/web/profiles/joinup/joinup.profile +++ b/web/profiles/joinup/joinup.profile @@ -239,8 +239,15 @@ function joinup_theme($existing, $type, $theme, $path) { 'path' => drupal_get_path('profile', 'joinup') . '/templates', ]; return [ - 'joinup_legal_notice' => $page_template, 'joinup_eligibility_criteria' => $page_template, + 'joinup_legal_notice' => $page_template, + 'joinup_modal_close_button' => [ + 'variables' => [ + 'label' => t('Got it'), + 'url' => '', + 'attributes' => [], + ], + ] + $page_template, ]; } diff --git a/web/profiles/joinup/templates/joinup-modal-close-button.html.twig b/web/profiles/joinup/templates/joinup-modal-close-button.html.twig new file mode 100644 index 0000000000..dd9ac654d6 --- /dev/null +++ b/web/profiles/joinup/templates/joinup-modal-close-button.html.twig @@ -0,0 +1,12 @@ +{# +/** + * @file + * The Joinup Modal Close Button™. + */ +#} +{% + set classes = [ + 'dialog-cancel', + ] +%} +<a{{ attributes.addClass(classes) }} href="{{ url }}">{{ label }}</a> diff --git a/web/themes/joinup/templates/parts/joinup-modal-close-button.html.twig b/web/themes/joinup/templates/parts/joinup-modal-close-button.html.twig new file mode 100644 index 0000000000..44acdf8d9c --- /dev/null +++ b/web/themes/joinup/templates/parts/joinup-modal-close-button.html.twig @@ -0,0 +1,18 @@ +{# +/** + * @file + * The Joinup Modal Close Button™. + */ +#} +{% + set classes = [ + 'dialog-cancel', + 'button--blue', + 'button-inline', + 'mdl-button', + 'mdl-button--accent', + 'mdl-button--accent', + 'mdl-button--raised', +] +%} +<a{{ attributes.addClass(classes) }} href="{{ url }}">{{ label }}</a> From fee8deffa7e1ba4345d968d586ab67f306b91e35 Mon Sep 17 00:00:00 2001 From: Pieter Frenssen <pieter@frenssen.be> Date: Thu, 8 Apr 2021 19:17:17 +0300 Subject: [PATCH 25/25] ISAICP-6222: Facilitators can also manage users. --- .../member_permissions_table.feature | 22 +++++++++---------- ...ershipPermissionsInformationController.php | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/features/joinup_group/member_permissions_table.feature b/tests/features/joinup_group/member_permissions_table.feature index 19a68d1bfe..6505fe5310 100644 --- a/tests/features/joinup_group/member_permissions_table.feature +++ b/tests/features/joinup_group/member_permissions_table.feature @@ -1,4 +1,4 @@ -@api @terms +@api @terms @group-b Feature: Group member permissions table In order to get an overview of which actions I can take in a group As a member of a collection or solution @@ -63,7 +63,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | # Quick check to verify the permissions are actually matching what is # displayed in the table. Only the most common case ("member") is checked. @@ -97,7 +97,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as a member of the "Illiberal studies" collection When I go to the homepage of the "Illiberal studies" collection @@ -134,7 +134,7 @@ Feature: Group member permissions table | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as "Horace Worblehat" When I go to the homepage of the "Approximate accuracy" collection @@ -177,7 +177,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | ✓ | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as "Ponder Stibbons" When I go to the homepage of the "Dust, miscellaneous particles and filaments" collection @@ -226,7 +226,7 @@ Feature: Group member permissions table | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as "Henry Porter" When I go to the homepage of the "Creative uncertainty" collection @@ -269,7 +269,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | ✓ | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as "Rincewind" When I go to the homepage of the "Woolly thinking" collection @@ -312,7 +312,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as a member of the "Applied anthropics" solution When I go to the homepage of the "Applied anthropics" solution @@ -343,7 +343,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as a member of the "Extreme horticulture" solution When I go to the homepage of the "Extreme horticulture" solution @@ -380,7 +380,7 @@ Feature: Group member permissions table | Approve requested deletion of content | | | ✓ | ✓ | | Delete own content without approval | | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as "Dr. John Hicks" When I go to the homepage of the "Prehumous morbid bibliomancy" solution @@ -423,7 +423,7 @@ Feature: Group member permissions table | Request changes on content from other users | | | ✓ | ✓ | | Delete own content | ✓ | ✓ | ✓ | ✓ | | Delete any content | | | ✓ | ✓ | - | Manage users | | | | ✓ | + | Manage users | | | ✓ | ✓ | Given I am logged in as "Hex" When I go to the homepage of the "Posthumous morbid bibliomancy" solution diff --git a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php index 35a65141d8..57209bfe8f 100644 --- a/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php +++ b/web/modules/custom/joinup_group/src/Controller/GroupMembershipPermissionsInformationController.php @@ -187,7 +187,7 @@ public function build(GroupInterface $rdf_entity): array { 'permitted' => [ 'member' => FALSE, 'author' => FALSE, - 'facilitator' => FALSE, + 'facilitator' => TRUE, 'owner' => TRUE, ], ],