Issue #332796 by voleger, dww, Steve Dondley, ykhadilkar, Dave Reid,...

        'all' => $this->t('All newer versions'),

        'security' => $this->t('Only security updates'),

      ],

      '#description' => $this->t('You can choose to send email only if a security update is available, or to be notified about all newer versions. If there are updates available of Drupal core or any of your installed modules and themes, your site will always print a message on the <a href=":status_report">status report</a> page, and will also display an error message on administration pages if there is a security update.', [':status_report' => Url::fromRoute('system.status')->toString()]),

      '#description' => $this->t(

        'You can choose to send email only if a security update is available, or to be notified about all newer versions. If there are updates available of Drupal core or any of your installed modules and themes, your site will always print a message on the <a href=":status_report">status report</a> page. If there is a security update, an error message will be printed on administration pages for users with <a href=":update_permissions">permission to view update notifications</a>.',

        [

          ':status_report' => Url::fromRoute('system.status')->toString(),

          ':update_permissions' => Url::fromRoute('user.admin_permissions', [], ['fragment' => 'module-update'])->toString(),

        ]

      ),

    ];

    return parent::buildForm($form, $form_state);

<?php

namespace Drupal\Tests\update\Functional\Update;

use Drupal\FunctionalTests\Update\UpdatePathTestBase;

use Drupal\Tests\user\Traits\UserCreationTrait;

use Drupal\user\Entity\Role;

/**

 * Tests update_post_update_add_view_update_notifications_permission().

 *

 * @group Update

 * @group legacy

 */

class UpdateAddViewUpdateNotificationsPermissionTest extends UpdatePathTestBase {

  use UserCreationTrait;

  /**

   * {@inheritdoc}

   */

  protected function setDatabaseDumpFiles(): void {

    $this->databaseDumpFiles = [

      __DIR__ . '/../../../../../system/tests/fixtures/update/drupal-9.3.0.filled.standard.php.gz',

    ];

  }

  /**

   * Tests that the 'view update notifications' permission is correctly granted.

   */

  public function testViewUpdateNotificationsPermission(): void {

    // Add a new 'Junior Admin' role with the legacy permission we care about.

    $junior_admin = $this->createRole(

      ['administer site configuration'],

      'junior_admin', 'Junior Admin'

    );

    $role = Role::load('junior_admin');

    $this->assertTrue($role->hasPermission('administer site configuration'), 'Junior Admin role has legacy permission.');

    $this->assertFalse($role->hasPermission('view update notifications'), 'Junior Admin role does not have the new permission.');

    $this->runUpdates();

    $role = Role::load('junior_admin');

    $this->assertTrue($role->hasPermission('administer site configuration'), 'Junior Admin role still has the legacy permission.');

    $this->assertTrue($role->hasPermission('view update notifications'), 'Junior Admin role now has the new permission.');

  }

}

    $this->drupalLogin($this->drupalCreateUser([

      'administer site configuration',

      'administer modules',

      'view update notifications',

    ]));

    $this->setProjectInstalledVersion('8.0.0');

    // Instead of using refreshUpdateStatus(), set these manually.

    $this->drupalGet('admin/modules');

    $this->assertSession()->pageTextContains('There are updates available for your version of Drupal.');

    $this->assertSession()->pageTextNotContains('There is a security update available for your version of Drupal.');

    // A user without the "view update notifications" permission shouldn't be

    // notified about available updates.

    $this->drupalLogin($this->drupalCreateUser([

      'administer site configuration',

      'administer modules',

    ]));

    $this->drupalGet('admin/modules');

    $this->assertSession()->statusCodeEquals(200);

    $this->assertSession()->pageTextNotContains('There are updates available for your version of Drupal.');

  }

  /**

      'administer site configuration',

      'administer modules',

      'administer themes',

      'view update notifications',

    ]));

    $this->setProjectInstalledVersion('8.0.0');

    // Instead of using refreshUpdateStatus(), set these manually.

  public function testBrokenThenFixedUpdates() {

    $this->drupalLogin($this->drupalCreateUser([

      'administer site configuration',

      'view update notifications',

      'access administration pages',

    ]));

    $this->setProjectInstalledVersion('8.0.0');

    parent::setUp();

    $admin_user = $this->drupalCreateUser([

      'administer site configuration',

      'view update notifications',

      ]);

    $this->drupalLogin($admin_user);

    $this->drupalPlaceBlock('local_actions_block');

  /** @var \Drupal\Core\Routing\AdminContext $admin_context */

  $admin_context = \Drupal::service('router.admin_context');

  $route_match = \Drupal::routeMatch();

  if ($admin_context->isAdminRoute($route_match->getRouteObject()) && \Drupal::currentUser()->hasPermission('administer site configuration')) {

  if ($admin_context->isAdminRoute($route_match->getRouteObject()) && \Drupal::currentUser()->hasPermission('view update notifications')) {

    $route_name = \Drupal::routeMatch()->getRouteName();

    switch ($route_name) {

      // These pages don't need additional nagging.