From 4424bc80705a8bbcc789f26d67863e17aa00b882 Mon Sep 17 00:00:00 2001
From: xjm <xjm@65776.no-reply.drupal.org>
Date: Mon, 17 Jun 2024 17:51:15 -0500
Subject: [PATCH] Issue #3454605 by thejimbirch, pooja_sharma, phenaproxima,
 the_g_bomb, catch, b_sharpe: Roles should be in their own recipes for
 composability

(cherry picked from commit 8969fdb99499a7f442a271b9fcf1d386789f033d)
---
 core/recipes/administrator_role/recipe.yml    | 12 +++++++++
 core/recipes/content_editor_role/recipe.yml   | 15 +++++++++++
 .../config/user.role.administrator.yml        |  8 ------
 .../config/user.role.content_editor.yml       | 23 -----------------
 core/recipes/standard/recipe.yml              | 25 ++++++++++++++++---
 5 files changed, 48 insertions(+), 35 deletions(-)
 create mode 100644 core/recipes/administrator_role/recipe.yml
 create mode 100644 core/recipes/content_editor_role/recipe.yml
 delete mode 100644 core/recipes/standard/config/user.role.administrator.yml
 delete mode 100644 core/recipes/standard/config/user.role.content_editor.yml

diff --git a/core/recipes/administrator_role/recipe.yml b/core/recipes/administrator_role/recipe.yml
new file mode 100644
index 000000000000..d64a3fbae612
--- /dev/null
+++ b/core/recipes/administrator_role/recipe.yml
@@ -0,0 +1,12 @@
+name: 'Administrator role'
+description: 'Provides the Administrator role.'
+type: 'User role'
+config:
+  actions:
+    user.role.administrator:
+      # If this role already exists, then this action has no effect. If it doesn't exist, we'll create it with the following values.
+      ensure_exists:
+        id: administrator
+        label: Administrator
+        weight: 3
+        is_admin: true
diff --git a/core/recipes/content_editor_role/recipe.yml b/core/recipes/content_editor_role/recipe.yml
new file mode 100644
index 000000000000..ec37b4e61e6d
--- /dev/null
+++ b/core/recipes/content_editor_role/recipe.yml
@@ -0,0 +1,15 @@
+name: 'Content editor role'
+description: 'Provides the Content editor role.'
+type: 'User role'
+config:
+  actions:
+    user.role.content_editor:
+      # If this role already exists, then this action has no effect. If it doesn't exist, we'll create it with the following values.
+      ensure_exists:
+        id: content_editor
+        label: 'Content editor'
+        weight: 2
+        is_admin: false
+        permissions:
+          - 'access administration pages'
+          - 'view own unpublished content'
diff --git a/core/recipes/standard/config/user.role.administrator.yml b/core/recipes/standard/config/user.role.administrator.yml
deleted file mode 100644
index ca48a58b4eed..000000000000
--- a/core/recipes/standard/config/user.role.administrator.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-langcode: en
-status: true
-dependencies: {  }
-id: administrator
-label: Administrator
-weight: 3
-is_admin: true
-permissions: {  }
diff --git a/core/recipes/standard/config/user.role.content_editor.yml b/core/recipes/standard/config/user.role.content_editor.yml
deleted file mode 100644
index b1dbe10170a1..000000000000
--- a/core/recipes/standard/config/user.role.content_editor.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-langcode: en
-status: true
-dependencies: {  }
-id: content_editor
-label: 'Content editor'
-weight: 2
-is_admin: false
-permissions:
-  - 'access administration pages'
-  - 'access content overview'
-  - 'access contextual links'
-  - 'access files overview'
-  - 'access toolbar'
-  - 'administer url aliases'
-  - 'create terms in tags'
-  - 'create url aliases'
-  - 'edit own comments'
-  - 'edit terms in tags'
-  - 'delete own files'
-  - 'revert all revisions'
-  - 'view all revisions'
-  - 'view own unpublished content'
-  - 'view the administration theme'
diff --git a/core/recipes/standard/recipe.yml b/core/recipes/standard/recipe.yml
index ae577ff8a905..e2fad5caab8e 100644
--- a/core/recipes/standard/recipe.yml
+++ b/core/recipes/standard/recipe.yml
@@ -19,6 +19,8 @@ recipes:
   - user_picture
   # Provides a fallback text format which is available to all users.
   - restricted_html_format
+  - administrator_role
+  - content_editor_role
 install:
   - image
   - help
@@ -67,17 +69,32 @@ config:
     system.site:
       simple_config_update:
         page.front: /node
+    user.role.anonymous:
+      grantPermission: 'access content'
     user.role.authenticated:
-      grantPermission: 'delete own files'
+      grantPermissions:
+        - 'access content'
+        - 'delete own files'
     user.role.content_editor:
+      grantPermissions:
+        - 'access content overview'
+        - 'access contextual links'
+        - 'access files overview'
+        - 'access toolbar'
+        - 'administer url aliases'
+        - 'create terms in tags'
+        - 'create url aliases'
+        - 'edit own comments'
+        - 'edit terms in tags'
+        - 'delete own files'
+        - 'revert all revisions'
+        - 'view all revisions'
+        - 'view the administration theme'
       grantPermissionsForEachNodeType:
         - 'create %bundle content'
         - 'delete %bundle revisions'
         - 'delete own %bundle content'
         - 'edit own %bundle content'
-    user.role.anonymous:
-      # This recipe assumes all published content should be publicly accessible.
-      grantPermission: 'access content'
     user.settings:
       simple_config_update:
         verify_mail: true
-- 
GitLab