[SDPAP-8375]granted permissions to approvers to create and edit department/sites

config/install/user.role.approver.yml

@@ -18,6 +18,7 @@ dependencies:
     - system
     - tide_core
     - toolbar
+    - taxonomy
 id: approver
 label: Approver
 weight: 3
@@ -34,10 +35,12 @@ permissions:
   - 'administer url aliases'
   - 'break content lock'
   - 'create media'
+  - 'create terms in department'
   - 'create url aliases'
   - 'delete all revisions'
   - 'delete any media'
   - 'delete media'
+  - 'edit terms in department'
   - 'import tablefield'
   - 'rebuild tablefield'
   - 'revert all revisions'

tests/behat/features/access.feature

@@ -69,3 +69,9 @@ Feature: Access permissions
     Given I am logged in as a user with the "Site Auditor" role
     When I go to "/admin/reports/audit-trail"
     Then I should get a 200 HTTP response
+
+  @api
+  Scenario: Approver role should not have access to redirects.
+    Given I am logged in as a user with the "approver" role
+    When I go to "admin/structure/taxonomy/add"
+    Then I should get a 404 HTTP response

tide_core.install

@@ -92,3 +92,35 @@ function tide_core_update_10002() {
   $approver->grantPermission('tide node bulk update');
   $approver->save();
 }
+
+/**
+ * Approver should not have access to administer taxonomy.
+ */
+function tide_core_update_10003() {
+  $role = 'approver';
+  $permissions = [
+    'administer taxonomy',
+    'edit terms in topic',
+    'delete terms in topic',
+  ];
+  if ($role) {
+    user_role_revoke_permissions($role, $permissions);
+  }
+}
+
+/**
+ * Approver should have permission to create/edit terms in department.
+ */
+function tide_core_update_10004() {
+  $approver = Role::load('approver');
+  $permissions = [
+    'create terms in department',
+    'edit terms in department',
+  ];
+  if ($approver) {
+    foreach ($permissions as $permission) {
+      $approver->grantPermission($permission);
+    }
+    $approver->save();
+  }
+}