Problem/Motivation

#3576540: Authenticated users should not have permission to access the dashboard by default, because there's nothing for them to do there
#3576441: Initialize Varbase Users Base recipe
#3576455: Add Varbase Users Base recipe to run before all recipes in Varbase Starter

The Varbase Admin Base recipe only granted access navigation and access toolbar to the authenticated role.
It did not assign any admin-related permissions to the specific Varbase user roles (content_editor, content_admin, seo_admin,
site_admin).

Proposed resolution

Replaced the generic user.role.authenticated permission grants with role-specific grantPermissions for each Varbase user role (excluding
anonymous and authenticated).

user.role.content_editor (13 permissions)

  • access admin audit trail — admin_audit_trail
  • access administration pages — system
  • access coffee — coffee
  • access contextual links — contextual
  • access navigation — navigation
  • access taxonomy manager list — taxonomy_manager
  • access trash — trash
  • clone node entity — entity_clone
  • restore node entities — trash
  • restore taxonomy_term entities — trash
  • view deleted entities — trash
  • view the administration theme — system
  • view welcome dashboard — navigation

user.role.content_admin (26 permissions)

  • All content_editor permissions, plus:
  • access navigation extra tools cache flushing — navigation_extra_tools
  • access navigation extra tools cron — navigation_extra_tools
  • administer footer menu items — menu_admin_per_menu
  • administer main menu items — menu_admin_per_menu
  • clone block entity — entity_clone
  • clone block_content entity — entity_clone
  • clone menu_link_content entity — entity_clone
  • clone taxonomy_term entity — entity_clone
  • clone taxonomy_vocabulary entity — entity_clone
  • clone user entity — entity_clone
  • restore block_content entities — trash
  • restore file entities — trash
  • restore media entities — trash

user.role.seo_admin (9 permissions)

  • access admin audit trail — admin_audit_trail
  • access administration pages — system
  • access coffee — coffee
  • access contextual links — contextual
  • access navigation — navigation
  • access trash — trash
  • view deleted entities — trash
  • view the administration theme — system
  • view welcome dashboard — navigation

user.role.site_admin (42 permissions)

  • All content_admin permissions, plus:
  • administer account menu items — menu_admin_per_menu
  • administer admin menu items — menu_admin_per_menu
  • administer tools menu items — menu_admin_per_menu
  • assign roles — roleassign
  • masquerade as authenticated — masquerade
  • masquerade as content_admin — masquerade
  • masquerade as content_editor — masquerade
  • masquerade as seo_admin — masquerade
  • masquerade as site_admin — masquerade
  • purge block_content entities — trash
  • purge file entities — trash
  • purge media entities — trash
  • purge node entities — trash
  • purge taxonomy_term entities — trash

user.role.administrator

Not included. The administrator role has is_admin: true, which automatically grants all permissions in the system.

Modules covered

admin_audit_trail, coffee, entity_clone, masquerade, menu_admin_per_menu, navigation, navigation_extra_tools, roleassign, taxonomy_manager, trash

Modules with no grantable permissions

autosave_form, config_perms (admin-only), eca_vbo, gin (theme), gin_everywhere, gin_login, gin_toolbar, gin_type_tray, length_indicator, revision_log_default,
settings_tray, syslog, taxonomy_access_fix (dynamic/per-vocabulary), ui_icons, update (admin-only)

Remaining tasks

  • ✅ File an issue about this project
  • ✅ Addition/Change/Update/Fix to this project
  • ✅ Testing to ensure no regression
  • Automated unit/functional testing coverage
  • ✅ Developer Documentation support on feature change/addition
    Varbase Admin Base recipe
  • ➖ User Guide Documentation support on feature change/addition
  • ➖ UX/UI designer responsibilities
  • ➖ Accessibility and Readability
  • ✅ Code review from 1 Varbase core team member
  • ✅ Full testing and approval
  • ✅ Credit contributors
  • ✅ Review with the product owner
  • ✅ Update Release Notes
  • ❌ Release varbase-11.0.0-alpha1, varbase_starter-1.0.0-alpha1, varbase_admin_base-1.0.0-alpha1

User interface changes

  • N/A

API changes

  • N/A

Data model changes

  • N/A

Release notes snippet

  • feat: #3576659 Grant default admin permissions for all Varbase user roles in Varbase Admin Base recipe

Comments

rajab natshah created an issue. See original summary.

rajab natshah’s picture

rajab natshah
he/him
commented
Issue summary: View changes
Related issues: +#3576455: Add Varbase Users Base recipe to run before all recipes in Varbase Starter, +#3576441: Initialize Varbase Users Base recipe

  • rajab natshah committed 64a672a6 on 1.0.x 
    feat: #3576659 Grant default admin permissions for all Varbase user...
rajab natshah’s picture

rajab natshah
he/him
commented
Issue summary: View changes
rajab natshah’s picture

rajab natshah
he/him
commented
Assigned: Unassigned » josebc
Status: Active » Needs review
Issue tags: +varbase-11.0.0-alpha1, +varbase_starter-1.0.0-alpha1, +varbase_admin_base-1.0.0-alpha1
rajab natshah’s picture

rajab natshah
he/him
commented
Assigned: josebc » Unassigned
Status: Needs review » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

rajab natshah’s picture

rajab natshah
he/him
commented
Issue summary: View changes
rajab natshah’s picture

rajab natshah
he/him
commented
Issue summary: View changes
rajab natshah’s picture

rajab natshah
he/him
commented
Issue summary: View changes

✅ Released varbase_admin_base-1.0.0-alpha1

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.