From e432bc512056fced03f20962282e0b1112273666 Mon Sep 17 00:00:00 2001 From: Yeni Atencio <47239456+yeniatencio@users.noreply.github.com> Date: Wed, 14 Feb 2024 09:33:38 +1100 Subject: [PATCH] [SDPAP-8375]granted permissions to approvers to create and edit department/sites (#453) * granted permissions to approvers to create and edit department and sites only * added behat tests * added conditional * fixed comment * used array for permissions * Update tide_core.install * remove permission * Fixed lint --- tests/behat/features/access.feature | 6 ++++++ tide_core.install | 15 +++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/tests/behat/features/access.feature b/tests/behat/features/access.feature index d5a2e9766..0f91767e1 100644 --- a/tests/behat/features/access.feature +++ b/tests/behat/features/access.feature @@ -69,3 +69,9 @@ Feature: Access permissions Given I am logged in as a user with the "Site Auditor" role When I go to "/admin/reports/audit-trail" Then I should get a 200 HTTP response + + @api + Scenario: Approver role should not have access to redirects. + Given I am logged in as a user with the "approver" role + When I go to "admin/structure/taxonomy/add" + Then I should get a 404 HTTP response diff --git a/tide_core.install b/tide_core.install index c3942a07e..8444e2355 100644 --- a/tide_core.install +++ b/tide_core.install @@ -124,3 +124,18 @@ function tide_core_update_10003() { $config->save(); } } + +/** + * Approver should not have access to administer taxonomy. + */ +function tide_core_update_10004() { + $role = 'approver'; + $permissions = [ + 'administer taxonomy', + 'edit terms in topic', + 'delete terms in topic', + ]; + if ($role) { + user_role_revoke_permissions($role, $permissions); + } +}