only in patch2: unchanged: --- a/contact_storage.install +++ b/contact_storage.install @@ -8,6 +8,7 @@ use Drupal\Core\Config\InstallStorage; use Drupal\Core\Config\FileStorage; use Drupal\Core\Field\BaseFieldDefinition; +use Drupal\user\Entity\Role; /** * Implements hook_install(). @@ -120,3 +121,48 @@ function contact_storage_update_8200() { function contact_storage_update_8201() { \Drupal::service('module_installer')->install(['options']); } + +/** + * Change the view permissions for viewing contact messages. + * + * We are splitting apart the ability to administer contact forms and the + * ability to view contact messages, but we maintain both the access to the + * view as well as the ensure the roles that have access to administer contact + * forms continue to be able to view contact messages. + */ +function contact_storage_update_8202() { + + // Get the current permission needed to view messages. + $permission = \Drupal::config('views.view.contact_messages') + ->get('display.default.display_options.access.options.perm'); + + // Change the view permission to the new view contact messages permission. + $config = \Drupal::configFactory()->getEditable('views.view.contact_messages'); + $config->set('display.default.display_options.access.options.perm', 'view contact messages'); + $config->save(); + + // Maintain access to view contact messages for those who already do. + if ($roles = Role::loadMultiple()) { + foreach ($roles as $role) { + $changed = FALSE; + + // If they can view the view, they can already view contact messages. + if ($role->hasPermission($permission)) { + $role->grantPermission('view contact messages'); + $changed = TRUE; + } + + // If they can administer contact forms, they can already delete contact + // messages. + if ($role->hasPermission('administer contact forms')) { + $role->grantPermission('delete contact messages'); + $changed = TRUE; + } + + // Only save if a change has been made for efficiency. + if ($changed) { + $role->save(); + } + } + } +}