From 7a2f59e9927a0d5465e4846ebcb5bc1ed9db2040 Mon Sep 17 00:00:00 2001
From: Kristiaan Van den Eynde <magentix@gmail.com>
Date: Fri, 9 Feb 2018 15:21:46 +0100
Subject: [PATCH] Issue #2943564: Separate group overview from 'administer
 group' permission

---
 group.permissions.yml                     |  2 ++
 group.post_update.php                     | 14 ++++++++++++++
 src/Entity/Routing/GroupRouteProvider.php |  1 +
 3 files changed, 17 insertions(+)

diff --git a/group.permissions.yml b/group.permissions.yml
index 027d67e..9e51a53 100644
--- a/group.permissions.yml
+++ b/group.permissions.yml
@@ -6,6 +6,8 @@ administer group:
   title: 'Administer group settings'
   description: 'Gain full control over all group configuration.'
   restrict access: TRUE
+access group overview:
+  title: 'Access the Group overview page'
 
 permission_callbacks:
   - '\Drupal\group\Access\GroupPermissions::groupTypePermissions'
diff --git a/group.post_update.php b/group.post_update.php
index 8512c90..1b2df17 100644
--- a/group.post_update.php
+++ b/group.post_update.php
@@ -7,6 +7,7 @@
 
 use Drupal\group\Entity\GroupType;
 use Drupal\group\Entity\GroupContentType;
+use Drupal\user\Entity\Role;
 
 /**
  * Recalculate group type and group content type dependencies after moving the
@@ -31,3 +32,16 @@ function group_post_update_group_content_type_dependencies() {
     $group_type->save();
   }
 }
+
+/**
+ * Grant the new 'access group overview' permission.
+ */
+function group_post_update_grant_access_overview_permission() {
+  /** @var \Drupal\user\RoleInterface $role */
+  foreach (Role::loadMultiple() as $role) {
+    if ($role->hasPermission('administer group')) {
+      $role->grantPermission('access group overview');
+      $role->save();
+    }
+  }
+}
diff --git a/src/Entity/Routing/GroupRouteProvider.php b/src/Entity/Routing/GroupRouteProvider.php
index 6a2e84a..1bc824a 100644
--- a/src/Entity/Routing/GroupRouteProvider.php
+++ b/src/Entity/Routing/GroupRouteProvider.php
@@ -59,6 +59,7 @@ class GroupRouteProvider extends DefaultHtmlRouteProvider {
     if ($route = parent::getCollectionRoute($entity_type)) {
       $route->setDefault('_title', 'Groups');
       $route->setDefault('_title_arguments', []);
+      $route->setRequirement('_permission', 'access group overview');
       return $route;
     }
   }
-- 
2.8.1