From 8510646cc06896df5d7df3884d256f813a8d1b20 Mon Sep 17 00:00:00 2001 From: Jari Voutilainen Date: Mon, 9 Oct 2023 09:44:59 +0300 Subject: [PATCH 1/5] AV-2055: Administrator does not need permissions, everything is permitted anyhow --- .../site_config/user.role.administrator.yml | 116 +----------------- 1 file changed, 1 insertion(+), 115 deletions(-) diff --git a/drupal/site_config/user.role.administrator.yml b/drupal/site_config/user.role.administrator.yml index 70e0ebb0ca..10084dfb6d 100644 --- a/drupal/site_config/user.role.administrator.yml +++ b/drupal/site_config/user.role.administrator.yml @@ -5,118 +5,4 @@ id: administrator label: administrator weight: 2 is_admin: true -permissions: - - 'access administration pages' - - 'access all views' - - 'access comments' - - 'access content' - - 'access content overview' - - 'access contextual links' - - 'access dashboard' - - 'access draggableviews' - - 'access overlay' - - 'access rules debug' - - 'access site in maintenance mode' - - 'access site reports' - - 'access toolbar' - - 'access user profiles' - - 'administer CAPTCHA settings' - - 'administer actions' - - 'administer blocks' - - 'administer ckeditor' - - 'administer comment blocks' - - 'administer comments' - - 'administer content translations' - - 'administer content types' - - 'administer custom username validation' - - 'administer features' - - 'administer fields' - - 'administer filters' - - 'administer honeypot' - - 'administer image styles' - - 'administer imce' - - 'administer languages' - - 'administer menu' - - 'administer modules' - - 'administer node expire' - - 'administer nodes' - - 'administer pathauto' - - 'administer permissions' - - 'administer recaptcha' - - 'administer rules' - - 'administer search' - - 'administer services' - - 'administer sharethis' - - 'administer shortcuts' - - 'administer site configuration' - - 'administer software updates' - - 'administer taxonomy' - - 'administer themes' - - 'administer url aliases' - - 'administer users' - - 'administer uuid' - - 'administer views' - - 'administer xmlsitemap' - - 'block IP addresses' - - 'bypass honeypot protection' - - 'bypass node access' - - 'bypass rules access' - - 'cancel account' - - 'change own username' - - 'create article content' - - 'create page content' - - 'create url aliases' - - 'customize ckeditor' - - 'customize shortcut links' - - 'delete any article content' - - 'delete any page content' - - 'delete own article content' - - 'delete own page content' - - 'delete revisions' - - 'delete terms in 1' - - 'display admin pages in another language' - - 'edit any article content' - - 'edit any page content' - - 'edit node expire' - - 'edit own article content' - - 'edit own comments' - - 'edit own page content' - - 'edit terms in 1' - - 'export nodes' - - 'export own nodes' - - 'generate features' - - 'get a system variable' - - 'get any binary files' - - 'get own binary files' - - 'import or export menu' - - 'manage features' - - 'notify of path changes' - - 'opt-in or out of tracking' - - 'override custom username validation' - - 'perform unlimited index queries' - - 'post comments' - - 'rename features' - - 'revert revisions' - - 'save file information' - - 'search content' - - 'select account cancellation method' - - 'services menu retrieve menu' - - 'set a system variable' - - 'skip CAPTCHA' - - 'skip comment approval' - - 'switch shortcut sets' - - 'translate admin strings' - - 'translate blocks' - - 'translate content' - - 'translate interface' - - 'translate user-defined strings' - - 'use PHP for tracking visibility' - - 'use PHP to import nodes' - - 'use advanced search' - - 'use all enabled languages' - - 'use ctools import' - - 'use text format filtered_html' - - 'use text format full_html' - - 'view own unpublished content' - - 'view revisions' - - 'view the administration theme' +permissions: {} From 6d8b62198da62c18ef76de49ca7307580db323d0 Mon Sep 17 00:00:00 2001 From: Jari Voutilainen Date: Mon, 9 Oct 2023 10:11:46 +0300 Subject: [PATCH 2/5] AV-2055: Remove invalid permissions from anonymous user --- drupal/site_config/user.role.anonymous.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drupal/site_config/user.role.anonymous.yml b/drupal/site_config/user.role.anonymous.yml index e959639e37..09309091a7 100644 --- a/drupal/site_config/user.role.anonymous.yml +++ b/drupal/site_config/user.role.anonymous.yml @@ -9,6 +9,4 @@ permissions: - 'access comments' - 'access content' - 'access site-wide contact form' - - 'search content' - - 'services menu retrieve menu' - - 'use text format filtered_html' + From 31a6c462758eab196288f40fe2a9d729c7f95b57 Mon Sep 17 00:00:00 2001 From: Jari Voutilainen Date: Mon, 9 Oct 2023 10:41:31 +0300 Subject: [PATCH 3/5] AV-2055: Remove invalid permissions of authenticated users --- drupal/site_config/user.role.authenticated.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/drupal/site_config/user.role.authenticated.yml b/drupal/site_config/user.role.authenticated.yml index a813bda593..f6400d243d 100644 --- a/drupal/site_config/user.role.authenticated.yml +++ b/drupal/site_config/user.role.authenticated.yml @@ -13,6 +13,4 @@ permissions: - 'access content' - 'access site-wide contact form' - 'post comments' - - 'search content' - 'skip comment approval' - - 'use text format filtered_html' From 0c9ad2e1d3a683eeb547ad5159a7d61e921a090e Mon Sep 17 00:00:00 2001 From: Jari Voutilainen Date: Mon, 9 Oct 2023 12:54:38 +0300 Subject: [PATCH 4/5] AV-2055: Delete editor role --- docker/.env.template | 19 ++++----- drupal/scripts/init_drupal.sh | 2 + drupal/site_config/user.role.editor.yml | 56 ------------------------- 3 files changed, 9 insertions(+), 68 deletions(-) delete mode 100644 drupal/site_config/user.role.editor.yml diff --git a/docker/.env.template b/docker/.env.template index c59240f800..a32161eb68 100644 --- a/docker/.env.template +++ b/docker/.env.template @@ -50,21 +50,16 @@ SENTRY_ENV="local" # drupal + ckan roles ROLES_CKAN_ADMIN=ckan_admin -ROLES_EDITOR=editor ROLES_PUBLISHER=publisher # initial users -USERS_0_USER=test-editor -USERS_0_PASS=test-editor -USERS_0_EMAIL=editor@localhost -USERS_0_ROLES="ckan_admin editor" -USERS_1_USER=test-publisher -USERS_1_PASS=test-publisher -USERS_1_EMAIL=publisher@localhost -USERS_1_ROLES="publisher" -USERS_2_USER=test-user -USERS_2_PASS=test-user -USERS_2_EMAIL=user@localhost +USERS_0_USER=test-publisher +USERS_0_PASS=test-publisher +USERS_0_EMAIL=publisher@localhost +USERS_0_ROLES="publisher" +USERS_1_USER=test-user +USERS_1_PASS=test-user +USERS_1_EMAIL=user@localhost # postgres DB_CKAN_HOST=postgres diff --git a/drupal/scripts/init_drupal.sh b/drupal/scripts/init_drupal.sh index 2e606c8aa5..392fe73c7c 100644 --- a/drupal/scripts/init_drupal.sh +++ b/drupal/scripts/init_drupal.sh @@ -87,6 +87,8 @@ drush config:delete core.entity_view_display.node.page.search_result drush config:delete core.entity_view_display.node.page.teaser || true drush config:delete field.field.node.page.field_basic_page_comments || true drush config:delete field.storage.node.field_basic_page_comments || true +drush config:delete user.role.editor || true + # uninstall modules echo "uninstall modules.." diff --git a/drupal/site_config/user.role.editor.yml b/drupal/site_config/user.role.editor.yml deleted file mode 100644 index 9537ee7cff..0000000000 --- a/drupal/site_config/user.role.editor.yml +++ /dev/null @@ -1,56 +0,0 @@ -langcode: en -status: true -dependencies: { } -id: editor -label: editor -weight: 3 -is_admin: null -permissions: - - 'access comments' - - 'access content overview' - - 'access draggableviews' - - 'access toolbar' - - 'administer comments' - - 'administer menu' - - 'administer nodes' - - 'administer url aliases' - - 'bypass protected submissions validation' - - 'create article content' - - 'create event content' - - 'create page content' - - 'create service_alert content' - - 'create tutorial content' - - 'create url aliases' - - 'customize shortcut links' - - 'delete any article content' - - 'delete any event content' - - 'delete any page content' - - 'delete any service_alert content' - - 'delete any tutorial content' - - 'delete own article content' - - 'delete own event content' - - 'delete own page content' - - 'delete own service_alert content' - - 'delete own tutorial content' - - 'delete revisions' - - 'edit any article content' - - 'edit any event content' - - 'edit any page content' - - 'edit any service_alert content' - - 'edit any tutorial content' - - 'edit own article content' - - 'edit own comments' - - 'edit own event content' - - 'edit own page content' - - 'edit own service_alert content' - - 'edit own tutorial content' - - 'post comments' - - 'revert revisions' - - 'search content' - - 'translate content' - - 'translate interface' - - 'translate user-defined strings' - - 'use text format filtered_html' - - 'use text format full_html' - - 'view own unpublished content' - - 'view revisions' From 4b1aca895d98a1f6083f2b33c6ea457bde61a27b Mon Sep 17 00:00:00 2001 From: Jari Voutilainen Date: Mon, 9 Oct 2023 13:35:02 +0300 Subject: [PATCH 5/5] AV-2055: Clean up invalid permissions from publisher role --- drupal/site_config/user.role.publisher.yml | 24 ---------------------- 1 file changed, 24 deletions(-) diff --git a/drupal/site_config/user.role.publisher.yml b/drupal/site_config/user.role.publisher.yml index 8855f2e72b..c772d08d90 100644 --- a/drupal/site_config/user.role.publisher.yml +++ b/drupal/site_config/user.role.publisher.yml @@ -9,7 +9,6 @@ permissions: - 'access administration pages' - 'access comments' - 'access content overview' - - 'access draggableviews' - 'access shortcuts' - 'access taxonomy overview' - 'access toolbar' @@ -26,17 +25,13 @@ permissions: - 'administer url aliases' - 'administer user display' - 'administer user form display' - - 'bypass protected submissions validation' - 'create avoindata_article content' - 'create avoindata_event content' - 'create avoindata_guide_page content' - 'create avoindata_servicemessage content' - 'create content translations' - - 'create event content' - 'create page content' - - 'create service_alert content' - 'create terms in tags' - - 'create tutorial content' - 'create url aliases' - 'customize shortcut links' - 'delete any article content' @@ -44,53 +39,35 @@ permissions: - 'delete any avoindata_event content' - 'delete any avoindata_guide_page content' - 'delete any avoindata_servicemessage content' - - 'delete any event content' - 'delete any page content' - - 'delete any service_alert content' - - 'delete any tutorial content' - 'delete content translations' - 'delete own article content' - 'delete own avoindata_article content' - 'delete own avoindata_event content' - 'delete own avoindata_guide_page content' - 'delete own avoindata_servicemessage content' - - 'delete own event content' - 'delete own page content' - - 'delete own service_alert content' - - 'delete own tutorial content' - - 'delete revisions' - 'delete terms in tags' - 'edit any article content' - 'edit any avoindata_article content' - 'edit any avoindata_event content' - 'edit any avoindata_guide_page content' - 'edit any avoindata_servicemessage content' - - 'edit any event content' - 'edit any page content' - - 'edit any service_alert content' - - 'edit any tutorial content' - 'edit own article content' - 'edit own avoindata_article content' - 'edit own avoindata_event content' - 'edit own avoindata_guide_page content' - 'edit own avoindata_servicemessage content' - 'edit own comments' - - 'edit own event content' - 'edit own page content' - - 'edit own service_alert content' - - 'edit own tutorial content' - 'edit terms in tags' - 'post comments' - - 'revert revisions' - - 'search content' - 'translate avoindata_guide_page node' - - 'translate content' - 'translate interface' - 'translate page node' - - 'translate user-defined strings' - 'update content translations' - 'use text format basic_html' - - 'use text format filtered_html' - 'use text format full_html' - 'use text format restricted_html' - 'view article revisions' @@ -106,5 +83,4 @@ permissions: - 'view own unpublished content' - 'view page revisions' - 'view page unpublished content' - - 'view revisions' - 'view the administration theme'