diff --git a/core/modules/dblog/tests/src/Functional/DbLogTest.php b/core/modules/dblog/tests/src/Functional/DbLogTest.php
index a3a2f74f86c6ec60f2d38e1afdb462ec4596cd2a..6cea9f58e725eedf1985ca488f2e417fa41906a5 100644
--- a/core/modules/dblog/tests/src/Functional/DbLogTest.php
+++ b/core/modules/dblog/tests/src/Functional/DbLogTest.php
@@ -66,6 +66,7 @@ protected function setUp(): void {
$this->adminUser = $this->drupalCreateUser([
'administer site configuration',
'access administration pages',
+ 'access help pages',
'access site reports',
'administer users',
]);
diff --git a/core/modules/field/tests/src/Functional/FieldHelpTest.php b/core/modules/field/tests/src/Functional/FieldHelpTest.php
index a80a1890c39bfc1e26104f0da7fcce788bcb5420..cef7a8e97f806f313326d7b71a0c5433626a248a 100644
--- a/core/modules/field/tests/src/Functional/FieldHelpTest.php
+++ b/core/modules/field/tests/src/Functional/FieldHelpTest.php
@@ -36,7 +36,7 @@ protected function setUp(): void {
// Create the admin user.
$this->adminUser = $this->drupalCreateUser([
- 'access administration pages',
+ 'access help pages',
'view the administration theme',
]);
}
diff --git a/core/modules/forum/tests/src/Functional/ForumTest.php b/core/modules/forum/tests/src/Functional/ForumTest.php
index 8e8ea18eebdf8b45a63bd670141e8926993e6fd4..b585cd4b20054a1d5128da3d6edeaf7cfc98e6ce 100644
--- a/core/modules/forum/tests/src/Functional/ForumTest.php
+++ b/core/modules/forum/tests/src/Functional/ForumTest.php
@@ -97,6 +97,7 @@ protected function setUp(): void {
// Create users.
$this->adminUser = $this->drupalCreateUser([
'access administration pages',
+ 'access help pages',
'administer modules',
'administer blocks',
'administer forums',
@@ -107,6 +108,7 @@ protected function setUp(): void {
]);
$this->editAnyTopicsUser = $this->drupalCreateUser([
'access administration pages',
+ 'access help pages',
'create forum content',
'edit any forum content',
'delete any forum content',
diff --git a/core/modules/help/help.permissions.yml b/core/modules/help/help.permissions.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7133fc7e949d0d92683fe5090991f34ee0b51087
--- /dev/null
+++ b/core/modules/help/help.permissions.yml
@@ -0,0 +1,2 @@
+access help pages:
+ title: 'Use help pages'
diff --git a/core/modules/help/help.post_update.php b/core/modules/help/help.post_update.php
index 00663afceb25bf32c7a49ed1bb69562b0448b0f6..b82091daf991d668ef198e4541ae475c3c922504 100644
--- a/core/modules/help/help.post_update.php
+++ b/core/modules/help/help.post_update.php
@@ -5,7 +5,9 @@
* Post update functions for the Help module.
*/
+use Drupal\Core\Config\Entity\ConfigEntityUpdater;
use Drupal\search\Entity\SearchPage;
+use Drupal\user\RoleInterface;
/**
* Install or update config for help topics if the search module installed.
@@ -95,3 +97,16 @@ function help_post_update_help_topics_uninstall() {
\Drupal::service('module_installer')->uninstall(['help_topics'], FALSE);
}
}
+
+/**
+ * Grant all admin roles the 'access help pages' permission.
+ */
+function help_post_update_add_permissions_to_roles(?array &$sandbox = []): void {
+ \Drupal::classResolver(ConfigEntityUpdater::class)->update($sandbox, 'user_role', function (RoleInterface $role): bool {
+ if ($role->isAdmin() || !$role->hasPermission('access administration pages')) {
+ return FALSE;
+ }
+ $role->grantPermission('access help pages');
+ return TRUE;
+ });
+}
diff --git a/core/modules/help/help.routing.yml b/core/modules/help/help.routing.yml
index aa15b5f8fd4444e247d8df8ae50eef4de7e75c48..a5697914186ea5b8eb223f85565a667d30acd7f3 100644
--- a/core/modules/help/help.routing.yml
+++ b/core/modules/help/help.routing.yml
@@ -4,7 +4,7 @@ help.main:
_controller: '\Drupal\help\Controller\HelpController::helpMain'
_title: 'Help'
requirements:
- _permission: 'access administration pages'
+ _permission: 'access help pages'
help.page:
path: '/admin/help/{name}'
@@ -12,11 +12,11 @@ help.page:
_controller: '\Drupal\help\Controller\HelpController::helpPage'
_title: 'Help'
requirements:
- _permission: 'access administration pages'
+ _permission: 'access help pages'
help.help_topic:
path: '/admin/help/topic/{id}'
defaults:
_controller: '\Drupal\help\Controller\HelpTopicPluginController::viewHelpTopic'
requirements:
- _permission: 'access administration pages'
+ _permission: 'access help pages'
diff --git a/core/modules/help/src/Annotation/HelpSection.php b/core/modules/help/src/Annotation/HelpSection.php
index 0958d30efba954024bd447b71184cda1dfd3a1da..94184e8c510866431d6ede1280056793007fc311 100644
--- a/core/modules/help/src/Annotation/HelpSection.php
+++ b/core/modules/help/src/Annotation/HelpSection.php
@@ -50,7 +50,7 @@ class HelpSection extends Plugin {
* The (optional) permission needed to view the help section.
*
* Only set if this section needs its own permission, beyond the generic
- * 'access administration pages' permission needed to see the /admin/help
+ * 'access help pages' permission needed to see the /admin/help
* page itself.
*
* @var string
diff --git a/core/modules/help/src/Plugin/HelpSection/HelpTopicSection.php b/core/modules/help/src/Plugin/HelpSection/HelpTopicSection.php
index 4d482269cd528bb9a9953fc160aa3f6b2a0fe8a9..6314ee535c4378f39ed9e3b9f214a335ee3acf72 100644
--- a/core/modules/help/src/Plugin/HelpSection/HelpTopicSection.php
+++ b/core/modules/help/src/Plugin/HelpSection/HelpTopicSection.php
@@ -23,7 +23,7 @@
* title = @Translation("Topics"),
* weight = -10,
* description = @Translation("Topics can be provided by modules or themes. Top-level help topics on your site:"),
- * permission = "access administration pages"
+ * permission = "access help pages"
* )
*
* @internal
diff --git a/core/modules/help/src/Plugin/Search/HelpSearch.php b/core/modules/help/src/Plugin/Search/HelpSearch.php
index db593327cad2f97cdd54b0e137fdc77d2b04e66b..896c0a660855e6aa397eaa7d0839034b332c09fe 100644
--- a/core/modules/help/src/Plugin/Search/HelpSearch.php
+++ b/core/modules/help/src/Plugin/Search/HelpSearch.php
@@ -158,7 +158,7 @@ public function __construct(array $configuration, $plugin_id, $plugin_definition
* {@inheritdoc}
*/
public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) {
- $result = AccessResult::allowedIfHasPermission($account, 'access administration pages');
+ $result = AccessResult::allowedIfHasPermission($account, 'access help pages');
return $return_as_object ? $result : $result->isAllowed();
}
@@ -195,12 +195,12 @@ protected function findResults() {
// We need to check access for the current user to see the topics that
// could be returned by search. Each entry in the help_search_items
// database has an optional permission that comes from the HelpSection
- // plugin, in addition to the generic 'access administration pages'
+ // plugin, in addition to the generic 'access help pages'
// permission. In order to enforce these permissions so only topics that
// the current user has permission to view are selected by the query, make
// a list of the permission strings and pre-check those permissions.
$this->addCacheContexts(['user.permissions']);
- if (!$this->account->hasPermission('access administration pages')) {
+ if (!$this->account->hasPermission('access help pages')) {
return NULL;
}
$permissions = $this->database
diff --git a/core/modules/help/tests/fixtures/update/drupal-10.access-help-pages.php b/core/modules/help/tests/fixtures/update/drupal-10.access-help-pages.php
new file mode 100644
index 0000000000000000000000000000000000000000..173fb9fafba3f8f959d5592a7064352e3ef9c436
--- /dev/null
+++ b/core/modules/help/tests/fixtures/update/drupal-10.access-help-pages.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @file
+ * Contains database additions for testing the help module permission.
+ */
+
+use Drupal\Core\Database\Database;
+use Drupal\Core\Serialization\Yaml;
+
+$connection = Database::getConnection();
+
+$role = Yaml::decode(file_get_contents(__DIR__ . '/drupal-10.access-help-pages.yml'));
+$connection->insert('config')
+ ->fields([
+ 'collection',
+ 'name',
+ 'data',
+ ])
+ ->values([
+ 'collection' => '',
+ 'name' => 'user.role.content_editor',
+ 'data' => serialize($role),
+ ])
+ ->execute();
diff --git a/core/modules/help/tests/fixtures/update/drupal-10.access-help-pages.yml b/core/modules/help/tests/fixtures/update/drupal-10.access-help-pages.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ca59591bfa2d7809cae1a5d6506cf85157ba5a7c
--- /dev/null
+++ b/core/modules/help/tests/fixtures/update/drupal-10.access-help-pages.yml
@@ -0,0 +1,48 @@
+uuid: 91cd52b8-a979-426b-9761-039a5a184b74
+langcode: en
+status: true
+dependencies:
+ config:
+ - node.type.article
+ - node.type.page
+ - taxonomy.vocabulary.tags
+ module:
+ - comment
+ - contextual
+ - file
+ - node
+ - path
+ - system
+ - taxonomy
+ - toolbar
+ - tour
+_core:
+ default_config_hash: Wur9kcEOwY1Jal81NssKnz3RhVJxAvBwyWQBGcA_1Go
+id: content_editor
+label: 'Content editor'
+weight: 2
+is_admin: false
+permissions:
+ - 'access administration pages'
+ - 'access content overview'
+ - 'access contextual links'
+ - 'access files overview'
+ - 'access toolbar'
+ - 'access tour'
+ - 'administer url aliases'
+ - 'create article content'
+ - 'create page content'
+ - 'create terms in tags'
+ - 'create url aliases'
+ - 'delete article revisions'
+ - 'delete own article content'
+ - 'delete own page content'
+ - 'delete page revisions'
+ - 'edit own article content'
+ - 'edit own comments'
+ - 'edit own page content'
+ - 'edit terms in tags'
+ - 'revert all revisions'
+ - 'view all revisions'
+ - 'view own unpublished content'
+ - 'view the administration theme'
diff --git a/core/modules/help/tests/src/Functional/AddPermissionsUpdateTest.php b/core/modules/help/tests/src/Functional/AddPermissionsUpdateTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..427966258f0177b7d106881c2f741099f324926b
--- /dev/null
+++ b/core/modules/help/tests/src/Functional/AddPermissionsUpdateTest.php
@@ -0,0 +1,59 @@
+<?php
+
+namespace Drupal\Tests\help\Functional;
+
+use Drupal\FunctionalTests\Update\UpdatePathTestBase;
+use Drupal\user\Entity\Role;
+
+/**
+ * Tests help_post_update_add_permissions_to_roles().
+ *
+ * @group help
+ * @group legacy
+ *
+ * @see help_post_update_add_permissions_to_roles()
+ */
+class AddPermissionsUpdateTest extends UpdatePathTestBase {
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setDatabaseDumpFiles(): void {
+ $this->databaseDumpFiles = [
+ __DIR__ . '/../../../../system/tests/fixtures/update/drupal-9.4.0.filled.standard.php.gz',
+ __DIR__ . '/../../fixtures/update/drupal-10.access-help-pages.php',
+ ];
+ }
+
+ /**
+ * Tests adding 'access help pages' permission.
+ */
+ public function testUpdate(): void {
+ $roles = Role::loadMultiple();
+ $this->assertGreaterThan(2, count($roles));
+ foreach ($roles as $role) {
+ $permissions = $role->toArray()['permissions'];
+ $this->assertNotContains('access help pages', $permissions);
+ }
+
+ $this->runUpdates();
+
+ $role = Role::load(Role::ANONYMOUS_ID);
+ $permissions = $role->toArray()['permissions'];
+ $this->assertNotContains('access help pages', $permissions);
+
+ $role = Role::load(Role::AUTHENTICATED_ID);
+ $permissions = $role->toArray()['permissions'];
+ $this->assertNotContains('access help pages', $permissions);
+
+ // Admin roles have the permission and do not need assigned.
+ $role = Role::load('administrator');
+ $permissions = $role->toArray()['permissions'];
+ $this->assertNotContains('access help pages', $permissions);
+
+ $role = Role::load('content_editor');
+ $permissions = $role->toArray()['permissions'];
+ $this->assertContains('access help pages', $permissions);
+ }
+
+}
diff --git a/core/modules/help/tests/src/Functional/ExperimentalHelpTest.php b/core/modules/help/tests/src/Functional/ExperimentalHelpTest.php
index 11c70f87d17693f3d6ddc0d23ea45e07acbfe340..2d4c2258b0079720cc7ed09af2e09af99fe8f3a7 100644
--- a/core/modules/help/tests/src/Functional/ExperimentalHelpTest.php
+++ b/core/modules/help/tests/src/Functional/ExperimentalHelpTest.php
@@ -42,7 +42,7 @@ class ExperimentalHelpTest extends BrowserTestBase {
*/
protected function setUp(): void {
parent::setUp();
- $this->adminUser = $this->drupalCreateUser(['access administration pages']);
+ $this->adminUser = $this->drupalCreateUser(['access help pages']);
}
/**
diff --git a/core/modules/help/tests/src/Functional/HelpPageOrderTest.php b/core/modules/help/tests/src/Functional/HelpPageOrderTest.php
index 9b9d1d67cc28110864673a05fb03b15f3651c0f7..17a96256803992108e5af263cf3f3c1ffab8518a 100644
--- a/core/modules/help/tests/src/Functional/HelpPageOrderTest.php
+++ b/core/modules/help/tests/src/Functional/HelpPageOrderTest.php
@@ -39,7 +39,7 @@ protected function setUp(): void {
// Create and log in user.
$account = $this->drupalCreateUser([
- 'access administration pages',
+ 'access help pages',
'view the administration theme',
'administer permissions',
'access tour',
diff --git a/core/modules/help/tests/src/Functional/HelpTest.php b/core/modules/help/tests/src/Functional/HelpTest.php
index 5115dcd3640248f1314a9f5e02476e477b31be57..c531751255ee7d862ff4f9cf10c3505cd1a2a02a 100644
--- a/core/modules/help/tests/src/Functional/HelpTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTest.php
@@ -53,7 +53,7 @@ protected function setUp(): void {
// Create users.
$this->adminUser = $this->drupalCreateUser([
- 'access administration pages',
+ 'access help pages',
'view the administration theme',
'administer permissions',
]);
diff --git a/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php b/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php
index dd5472f11accc182610c8e093e8e6965e7739597..5c0b51c9cea553f982b0e7f9a7172e6d2644f32c 100644
--- a/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTopicSearchTest.php
@@ -39,7 +39,7 @@ protected function setUp(): void {
// Log in.
$this->drupalLogin($this->createUser([
- 'access administration pages',
+ 'access help pages',
'administer site configuration',
'view the administration theme',
'administer permissions',
@@ -218,7 +218,7 @@ public function testHelpSearch() {
// items, and verify they can still search for help topics but not see these
// items.
$this->drupalLogin($this->createUser([
- 'access administration pages',
+ 'access help pages',
'administer site configuration',
'view the administration theme',
'administer permissions',
diff --git a/core/modules/help/tests/src/Functional/HelpTopicTest.php b/core/modules/help/tests/src/Functional/HelpTopicTest.php
index 922a469b49ca7ac63de19234c64e1b9e1cb55080..279743e8547e06f9a32783796f55491c6344590d 100644
--- a/core/modules/help/tests/src/Functional/HelpTopicTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTopicTest.php
@@ -74,6 +74,7 @@ protected function setUp(): void {
// Create users.
$this->adminUser = $this->createUser([
'access administration pages',
+ 'access help pages',
'view the administration theme',
'administer permissions',
'administer site configuration',
@@ -81,7 +82,7 @@ protected function setUp(): void {
]);
$this->noTestUser = $this->createUser([
- 'access administration pages',
+ 'access help pages',
'view the administration theme',
'administer permissions',
'administer site configuration',
diff --git a/core/modules/help/tests/src/Functional/HelpTopicTranslatedTestBase.php b/core/modules/help/tests/src/Functional/HelpTopicTranslatedTestBase.php
index d3db4dc7db5a7b0212ea0f5b2ce755a9d352371a..416abe707620c8d1edde2e27fea04a9ff30e0af4 100644
--- a/core/modules/help/tests/src/Functional/HelpTopicTranslatedTestBase.php
+++ b/core/modules/help/tests/src/Functional/HelpTopicTranslatedTestBase.php
@@ -48,7 +48,7 @@ protected function setUp(): void {
// Create user.
$this->drupalLogin($this->createUser([
- 'access administration pages',
+ 'access help pages',
'view the administration theme',
'administer permissions',
]));
diff --git a/core/modules/help/tests/src/Functional/HelpTopicTranslationTest.php b/core/modules/help/tests/src/Functional/HelpTopicTranslationTest.php
index 221254f456e04574279adaf3c1440e0a7e8507f1..3437b4d0648da6f0daa60b49aba99cafc688d3fd 100644
--- a/core/modules/help/tests/src/Functional/HelpTopicTranslationTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTopicTranslationTest.php
@@ -24,7 +24,7 @@ protected function setUp(): void {
// Create user and log in.
$this->drupalLogin($this->createUser([
- 'access administration pages',
+ 'access help pages',
'view the administration theme',
'administer permissions',
]));
diff --git a/core/modules/help/tests/src/Functional/NoHelpTest.php b/core/modules/help/tests/src/Functional/NoHelpTest.php
index c6aa5bc195c6595e996e02be2ff90e4c3e439a7a..91002be9c24863b02accc220a0b2421c4579c8d9 100644
--- a/core/modules/help/tests/src/Functional/NoHelpTest.php
+++ b/core/modules/help/tests/src/Functional/NoHelpTest.php
@@ -35,7 +35,7 @@ class NoHelpTest extends BrowserTestBase {
*/
protected function setUp(): void {
parent::setUp();
- $this->adminUser = $this->drupalCreateUser(['access administration pages']);
+ $this->adminUser = $this->drupalCreateUser(['access help pages']);
}
/**
diff --git a/core/modules/system/system.permissions.yml b/core/modules/system/system.permissions.yml
index 43e97ff87fe6ec1f10c90596ccc6a11bcf5b7d97..d18fd177cafdc780d490ceb6f5c980eff1c0ce1f 100644
--- a/core/modules/system/system.permissions.yml
+++ b/core/modules/system/system.permissions.yml
@@ -9,7 +9,7 @@ administer software updates:
title: 'Administer software updates'
restrict access: true
access administration pages:
- title: 'Use the administration pages and help'
+ title: 'Use the administration pages'
access site in maintenance mode:
title: 'Use the site in maintenance mode'
view the administration theme:
diff --git a/core/modules/system/tests/src/Functional/Module/InstallUninstallTest.php b/core/modules/system/tests/src/Functional/Module/InstallUninstallTest.php
index c1182cfca5e0eda3f9fe5ab1d51963b46c5fe7f1..808235a9bf4999cbdbd40decdef91d7c761c39c1 100644
--- a/core/modules/system/tests/src/Functional/Module/InstallUninstallTest.php
+++ b/core/modules/system/tests/src/Functional/Module/InstallUninstallTest.php
@@ -84,6 +84,9 @@ public function testInstallUninstall() {
$this->assertSession()->pageTextContains('hook_modules_installed fired for help');
$this->assertModuleSuccessfullyInstalled('help');
+ // Add new role to allow browsing help pages.
+ $this->adminUser->addRole($this->createRole(['access help pages']))->save();
+
// Test help for the required modules.
foreach ($required_modules as $name => $module) {
$this->assertHelp($name, $module->info['name']);
diff --git a/core/modules/tour/tests/src/Functional/TourHelpPageTest.php b/core/modules/tour/tests/src/Functional/TourHelpPageTest.php
index c03b86940ae9fa5ee6bff4dd48da2954742a1286..2dabc7d58d5fab031c1db5391da8b543597c2079 100644
--- a/core/modules/tour/tests/src/Functional/TourHelpPageTest.php
+++ b/core/modules/tour/tests/src/Functional/TourHelpPageTest.php
@@ -47,12 +47,12 @@ protected function setUp(): void {
// tours' parent pages, but not the translation tour's parent page. See
// self:getTourList().
$this->tourUser = $this->drupalCreateUser([
- 'access administration pages',
+ 'access help pages',
'access tour',
'administer languages',
]);
$this->noTourUser = $this->drupalCreateUser([
- 'access administration pages',
+ 'access help pages',
]);
}