Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SHS-6048: "Preparer" Role for creating draft content #1769

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

SHS-6048: "Preparer" Role for creating draft content #1769

wants to merge 7 commits into from

Conversation

nJim
Copy link
Collaborator

@nJim nJim commented Mar 3, 2025
edited
Loading

Summary

Creates a new 'Preparer' role for users who may create content but require oversight/review before their content is published. This is delivered as a lightweight editorial workflow feature that does not require any of the bulky or opinionated structures required in Drupal's content moderation tools. This role has edit access on a limited number of entities. They are not allowed to publish nodes or edit already published nodes. Full description available in ClickUp

Need Review By (Date)

Not tied to an established deadline

Urgency

Low

Steps to Test

  1. Setup the test
    1. Login as an administrative user
    2. Create a test user with the role of 'Preparer'
  2. Preparer can create unpublished content
    1. In a separate or private browser, login as the preparer test user
    2. Verify that the user has access to the admin toolbar and admin theme
    3. Verify that the user can see administrative lists of content such as the 'Manage Events' admin interface
    4. Click on the 'Add content' > 'Add Flexible Page' link in the admin toolbar
    5. Verify that the 'Publish' control at the top of the node form is disabled and can not be changed.
    6. Add any content and save this node.
    7. Verify that the saved node was created and is in an unpublished state.
    8. Navigate to the 'Manage content' > 'Manage Flexible Page' interface and verify that this page is listed as an unpublished page that the user can 'Edit' the page using the views operations links.
    9. Repeat this process if necessary. The same permissions have been applied to the following content types: Event, Event Series, Flexible Page, News, Person, Publications, Research Areas.
    10. Test that users can NOT create nodes of type: Private Pages, Courses. For example: (node/add/hs_course)
  3. Test access to published content
    1. Logged in as an admin user, publish one of the nodes created with the preparer. There should not be any change to the content publishing experience for non-preparer users.
    2. Return to the browser logged in as a preparer. Verify that this user can no longer edit published content. Local task links no longer appear when viewing the canonical node display.
  4. Preparer can manage supporting content
    1. Test that a user can create and edit a HumSci entity by adding an 'author' to the 'publication' content type.
    2. However the user can not delete a HumSci entity. Example URL for testing: /hs-entity/3116/delete
    3. Test that a user can create and edit media on any content type.
    4. However the user can not delete a media object. Example URL for testing: /media/3181/delete
  5. Module uninstalls (tested on local development environment)
    1. Uninstalling this module removed the 'preparer' role from the Drupal site. Site configuration can be rebuilt to fully remove any dependencies from related yml files.

Additional notes on limits of this work:

  • This module uses a role to override access control rules. For example, the current Drupal site does not have separate permissions to edit unpublished content vs edit published content -- instead, this logic is applied within an access hook. This is not aligned with the typical cascading effect of Drupal permissions where a user inherits additional permissions as they are granted additional roles on the site. Instead, a user that is set to a preparer actually reduces their access. This is intentional as the approach is this custom module achieves our business requirements without creating a large (often sprawling) system of editorial workflow.

Review Tasks

Backend / Functional Validation

Code

  • Are the naming conventions following our standards?
  • Are PHP functions and variables in snake_case and not camelCase?
  • Does Drupal code follow Drupal Coding Standards?
  • Does the code have sufficient inline comments?
  • Is there anything in this code that would be hidden or hard to discover through the UI?
  • Are there any code smells?
  • Are tests provided?

Code security

General

  • Is there anything included in this PR that is not related to the problem it is trying to solve?
  • Is the approach to the problem appropriate?

@ahughes3
Copy link
Collaborator

ahughes3 commented Mar 3, 2025

Tugboat has finished building the preview for this pull request!

Links:

Dashboard:

Visual Diffs:

@nJim nJim self-assigned this Mar 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nJim nJim

Labels
Needs review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nJim @ahughes3