Issue #3454605 by thejimbirch, pooja_sharma, phenaproxima, the_g_bomb, catch, b_sharpe: Roles should be in their own recipes for composability

(cherry picked from commit 8969fdb994)
2024-06-17 17:51:15 -05:00 · 2024-06-17 17:51:15 -05:00 · 4424bc8070
parent fcfcbc6d64
commit 4424bc8070
5 changed files with 48 additions and 35 deletions
--- a/core/recipes/administrator_role/recipe.yml
+++ b/core/recipes/administrator_role/recipe.yml
@ -0,0 +1,12 @@
+name: 'Administrator role'
+description: 'Provides the Administrator role.'
+type: 'User role'
+config:
+  actions:
+    user.role.administrator:
+      # If this role already exists, then this action has no effect. If it doesn't exist, we'll create it with the following values.
+      ensure_exists:
+        id: administrator
+        label: Administrator
+        weight: 3
+        is_admin: true
--- a/core/recipes/content_editor_role/recipe.yml
+++ b/core/recipes/content_editor_role/recipe.yml
@ -0,0 +1,15 @@
+name: 'Content editor role'
+description: 'Provides the Content editor role.'
+type: 'User role'
+config:
+  actions:
+    user.role.content_editor:
+      # If this role already exists, then this action has no effect. If it doesn't exist, we'll create it with the following values.
+      ensure_exists:
+        id: content_editor
+        label: 'Content editor'
+        weight: 2
+        is_admin: false
+        permissions:
+          - 'access administration pages'
+          - 'view own unpublished content'
--- a/core/recipes/standard/config/user.role.administrator.yml
+++ b/core/recipes/standard/config/user.role.administrator.yml
@ -1,8 +0,0 @@
-langcode: en
-status: true
-dependencies: {  }
-id: administrator
-label: Administrator
-weight: 3
-is_admin: true
-permissions: {  }
--- a/core/recipes/standard/config/user.role.content_editor.yml
+++ b/core/recipes/standard/config/user.role.content_editor.yml
@ -1,23 +0,0 @@
-langcode: en
-status: true
-dependencies: {  }
-id: content_editor
-label: 'Content editor'
-weight: 2
-is_admin: false
-permissions:
-  - 'access administration pages'
-  - 'access content overview'
-  - 'access contextual links'
-  - 'access files overview'
-  - 'access toolbar'
-  - 'administer url aliases'
-  - 'create terms in tags'
-  - 'create url aliases'
-  - 'edit own comments'
-  - 'edit terms in tags'
-  - 'delete own files'
-  - 'revert all revisions'
-  - 'view all revisions'
-  - 'view own unpublished content'
-  - 'view the administration theme'
--- a/core/recipes/standard/recipe.yml
+++ b/core/recipes/standard/recipe.yml
@ -19,6 +19,8 @@ recipes:
  - user_picture
  # Provides a fallback text format which is available to all users.
  - restricted_html_format
+  - administrator_role
+  - content_editor_role
 install:
  - image
  - help
@ -67,17 +69,32 @@ config:
    system.site:
      simple_config_update:
        page.front: /node
+    user.role.anonymous:
+      grantPermission: 'access content'
    user.role.authenticated:
-      grantPermission: 'delete own files'
+      grantPermissions:
+        - 'access content'
+        - 'delete own files'
    user.role.content_editor:
+      grantPermissions:
+        - 'access content overview'
+        - 'access contextual links'
+        - 'access files overview'
+        - 'access toolbar'
+        - 'administer url aliases'
+        - 'create terms in tags'
+        - 'create url aliases'
+        - 'edit own comments'
+        - 'edit terms in tags'
+        - 'delete own files'
+        - 'revert all revisions'
+        - 'view all revisions'
+        - 'view the administration theme'
      grantPermissionsForEachNodeType:
        - 'create %bundle content'
        - 'delete %bundle revisions'
        - 'delete own %bundle content'
        - 'edit own %bundle content'
-    user.role.anonymous:
-      # This recipe assumes all published content should be publicly accessible.
-      grantPermission: 'access content'
    user.settings:
      simple_config_update:
        verify_mail: true