Add new permissions to Site Admin user role to access "View JSON" and "View API Docs" entity operations [#3243594]

Problem/Motivation

#3160148: Add access permission check to "View JSON" operation link
#3160149: Fix "View API Documentation" link in entity operations

Steps to reproduce

Given that a "Site Admin" was logged in to the site
When navigating to "/admin/content"
And clicked on the "Operations" options for a content
And API resource type was activated for the content type
Then should see "View JSON"
And should see "View API Docs"
And not to show up for other user roles.

Proposed resolution

Grant "Site Admin" user role the following permissions:

  - "access view api docs entity operation"
  - "access view json entity operation"

Remaining tasks

✅ File an issue about this project
✅ Change permissions for "Site Admin" user role to access JSON:API and API Docs
✅ Testing to ensure no regression
✅ Automated unit/functional testing coverage
✅ Developer Documentation support on feature change/addition

View API Docs and View JSON Entity Operations
➖ User Guide Documentation support on feature change/addition
✅ Code review from 1 Varbase core team member
✅ Full testing and approval
✅ Credit contributors
✅ Review with the product owner
✅ Release varbase-9.0.2

User interface changes

Only View JSON

View JSON with View API Docs

API changes

Data model changes

New Gherkin scenarios for the JSON:API

@javascript @check @local @development @staging @production
  Scenario: Check that Site Admin users can access "View JSON" and "View API Docs" entity operations
    Given I am a logged in user with the "test_site_admin" user
     When I go to "/admin/content"
      And I wait
     Then I should see "Content"
      And I should see the "View JSON" operation for the "Homepage" content
      And I should see the "View API Docs" operation for the "Homepage" content
      And I should see the "Edit" operation for the "Homepage" content
      And I should see the "Layout" operation for the "Homepage" content
      And I should see the "View JSON" operation for the "Blog" content
      And I should see the "View API Docs" operation for the "Blog" content

     When I go to "/admin/content/media"
      And I wait
     Then I should see "Media"
      And I should see the "View JSON" operation for the "Media entity test" media
      And I should see the "View API Docs" operation for the "Media entity test" media
      And I should see the "Edit" operation for the "Media entity test" media

     When I go to "/admin/structure/taxonomy/manage/tags/overview"
      And I wait
     Then I should see "Tags"
      And I should see "space"
      And I should not see the "View JSON" operation for the "space" term
      And I should not see the "View API Docs" operation for the "space" term

     When I go to "/admin/structure/entityqueue"
      And I wait
     Then I should see "Entityqueues"
      And I should not see the "View JSON" operation for the "Media Hero Slider" entity
      And I should not see the "View API Docs" operation for the "Media Hero Slider" entity
      But I should not see the "Edit items" operation for the "Media Hero Slider" entity
      

  @javascript @check @local @development @staging @production
  Scenario: Check that Content Admin users can not access "View JSON" and "View API Docs" entity operations
    Given I am a logged in user with the "test_content_admin" user
     When I go to "/admin/content"
      And I wait
     Then I should see "Content"
      And I should not see the "View JSON" operation for the "Homepage" content
      And I should not see the "View API Docs" operation for the "Homepage" content
      But I should see the "Edit" operation for the "Homepage" content
      And I should see the "Layout" operation for the "Homepage" content

     When I go to "/admin/content/media"
      And I wait
     Then I should see "Media"
      And I should not see the "View JSON" operation for the "Media entity test" media
      And I should not see the "View API Docs" operation for the "Media entity test" media
      But I should see the "Edit" operation for the "Media entity test" media

     When I go to "/admin/structure/taxonomy/manage/tags/overview"
      And I wait
     Then I should see "Tags"
      And I should see "space"
      And I should not see the "View JSON" operation for the "space" term
      And I should not see the "View API Docs" operation for the "space" term

     When I go to "/admin/structure/entityqueue"
      And I wait
     Then I should see "Entityqueues"
      And I should not see the "View JSON" operation for the "Media Hero Slider" entity
      And I should not see the "View API Docs" operation for the "Media Hero Slider" entity
      But I should not see the "Edit items" operation for the "Media Hero Slider" entity


  @javascript @check @local @development @staging @production
  Scenario: Check that Editor users can access "View JSON" and "View API Docs" entity operations
    Given I am a logged in user with the "test_editor" user
     When I go to "/admin/content"
      And I wait
     Then I should see "Content"
      And I should not see the "View JSON" operation for the "Homepage" content
      And I should not see the "View API Docs" operation for the "Homepage" content
      But I should see the "Edit" operation for the "Homepage" content
      And I should see the "Layout" operation for the "Homepage" content

     When I go to "/admin/content/media"
      And I wait
     Then I should see "Media"
      And I should not see the "View JSON" operation for the "Media entity test" media
      And I should not see the "View API Docs" operation for the "Media entity test" media
      But I should see the "Edit" operation for the "Media entity test" media

     When I go to "/admin/structure/taxonomy/manage/tags/overview"
      And I wait
     Then I should see "Tags"
      And I should see "space"
      And I should not see the "View JSON" operation for the "space" term
      And I should not see the "View API Docs" operation for the "space" term

Using 2 new distinction steps

  /**
   * Check if an entity has a specific operation link.
   *
   * Varbase Context #varbase.
   *
   * Example 1: Then I should see the "Edit" operation for the "Homepage" entity
   * Example 2: Then I should see "Layout" operation for the "Homepage"
   * Example 3: Then see "Edit" operation for "Homepage"
   * Example 4: Then should see "Delete" operation for the "Blog" entity
   * Example 5: Then I should see "Clone" operation for the "Homepage" entity
   *
   * @Then /^(?:|I )(?:|should )see (?:|the )"([^"]*)" operation for the "([^"]*)" (?:|entity|content|media|file|term|user)$/
   */

  /**
   * Check if an entity not having a specific operation link.
   *
   * Varbase Context #varbase.
   *
   * Example 1: Then I should not see the "View API" operation for the "Homepage" entity
   * Example 2: Then I should not see "View API Docs" operation for the "Homepage"
   * Example 3: Then not see "Delete" operation for "Homepage"
   * Example 4: Then should not see "Delete" operation for the "Blog" entity
   * Example 5: Then I should not see "Clone" operation for the "Homepage" entity
   *
   * @Then /^(?:|I )(?:|should )not see (?:|the )"([^"]*)" operation for the "([^"]*)" (?:|entity|content|media|file|term|user)$/
   */

Comments

Comment #1

14 October 2021 at 13:40

RajabNatshah created an issue. See original summary.

Comment #2

rajab natshah

he/him

commented 14 October 2021 at 13:43

Issue summary:

View changes

Comment #3

rajab natshah

he/him

commented 14 October 2021 at 13:47

Title:	Add a new permission (and grant it to Site Admin by default) for the "View JSON" operation link on entities	» Add a new permission to Site Admin to access "View JSON" and "View API Docs" entity operations
Issue summary:	View changes

Comment #4

rajab natshah

he/him

commented 14 October 2021 at 13:48

Title:

Add a new permission to Site Admin to access "View JSON" and "View API Docs" entity operations

» Add new permissions to Site Admin user role to access "View JSON" and "View API Docs" entity operations

Comment #5

rajab natshah

he/him

commented 14 October 2021 at 20:10

Issue summary:

View changes

Comment #6

rajab natshah

he/him

commented 14 October 2021 at 20:16

Issue summary:

View changes

Comment #7

14 October 2021 at 20:21

RajabNatshah committed 4e11d06 on 9.0.x

Issue #3243594: Add new permissions to Site Admin user role to access "...

Comment #8

rajab natshah

he/him

commented 14 October 2021 at 20:33

Issue summary:

View changes

Comment #9

rajab natshah

he/him

commented 14 October 2021 at 21:01

Assigned:	rajab natshah	» mohammed j. razem
Issue summary:	View changes
Status:	Active	» Needs review
Issue tags:		+varbase-9.0.2

Comment #10

rajab natshah

he/him

commented 14 October 2021 at 21:02

Assigned:	mohammed j. razem	» Unassigned
Issue summary:	View changes

Comment #11

rajab natshah

he/him

commented 14 October 2021 at 21:03

Status:

Needs review

» Fixed

Comment #12

rajab natshah

he/him

commented 15 October 2021 at 04:46

Issue summary:

View changes

Comment #13

29 October 2021 at 04:49

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Comment #14

rajab natshah

he/him

commented 16 November 2021 at 17:10

Issue summary:

View changes

Add new permissions to Site Admin user role to access "View JSON" and "View API Docs" entity operations

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

View API Docs and View JSON Entity Operations

User interface changes

API changes

Data model changes

New Gherkin scenarios for the JSON:API

Using 2 new distinction steps

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Comment #10

Comment #11

Comment #12

Comment #13

Comment #14

News items

Our community

Documentation

Drupal code base

Governance of community