[Fix] Touch up frontend permissions

[tristan-orourke]

🤖 Resolves #11767

👋 Introduction

This fixes a few places frontend permissions to view different pages, or the links that showed in the new Nav or Dashboard, weren't correct, especially for the newer roles.

🕵️ Details

Where possible, I referenced the same role arrays in permissionConstants to control links appearing in both the nav menu and the dashboard, so ensure they remain in sync. This is a pattern I want to fully move to in #12066 but that involves a larger scope.

🧪 Testing

Log in as [email protected], as [email protected], and as [email protected]. For each, consider the nav menu, the dashboard, and click around to different pages. Check that you can access the pages and functionality described, with the restrictions described:

Community Admins should be able to access:

• Nav contains links to Dashboard, Processes, Candidates, Requests and Resources
• Communities pages
  • table view
  • view single community
  • ability to edit
  • manage access tab
• Process pages
  • table view
  • create new
  • Process Information tab
    • edit poster
    • preview poster
    • edit assessment plan
    • ability to publish
    • screening and assessment tab
    • talent placement tab
    • manage access tab
• Request pages
  • table view
  • view individual request
• Candidate pages
  • candidate search ie candidate table
  • individual application
• User pages
  • table view
  • User Profile tab
  • User Information tab
  • DO NOT have access to Edit User Account tab

Community Recruiter should be the same as Community Admin, except...

• Can view Community table and details, but can't edit or view manage-access tab
• No ability to publish pools
  So... Community Recruiter should be able to access:
• Nav contains links to Dashboard, Processes, Candidates, Requests and Resources
• Communities pages
  • table view
  • view single community
  • NO ability to edit
  • CANNOT VIEW manage access tab
• Process pages
  • table view
  • create new
  • Process Information tab
    • edit poster
    • preview poster
    • edit assessment plan
    • CANNOT publish
    • screening and assessment tab
    • talent placement tab
    • manage access tab
• Request pages
  • table view
  • view individual request
• Candidate pages
  • candidate search ie candidate table
  • individual application
• User pages
  • table view
  • User Profile tab
  • User Information tab
  • DO NOT have access to Edit User Account tab

Process Operator should be able to access:

• Nav contains links to Dashboard, Processes, Candidates, and Resources (but not Requests)
• Process pages
  • table view
  • CANNOT create new
  • Process Information tab
    • edit poster
    • preview poster
    • edit assessment plan
    • CANNOT publish
    • screening and assessment tab
    • talent placement tab, without ability to place candidates from table
    • can view manage access tab but cannot add or edit items
• Candidate pages
  • candidate search ie candidate table, without ability to place candidates from table
  • individual application, with ability to assess and qualify/disqualify but not place candidates
• User pages (view table, view single User Profile and User Information tabs but not Edit tab)
  Process Operator should see links on their dashboard to:
• User pages
  • table view
  • User Profile tab
  • User Information tab
  • DO NOT have access to Edit User Account tab

Platform Admin

Additionally, a Platform Admin should be able to view Talent Requests (accessible from nav or the dashboard as Requests) and Communities and Teams should appear in the System settings dropdown menu in the nav bar.

📸 Screenshot

🚚 Deployment

After deploying this, the new roles should be ready to use. We should instruct Recruitment team (and the ATIP team) to use the Pool Manage Access tab to add people to pools, instead of adding them as Pool Operators within a team.

Additionally, we should run php artisan app:sync-pool-process-operator after deploying to ensure Pool Operators are converted to Process Operators.

[esizer]

Some questions. Also, I'm still missing some links for roles in the nav menu.

[email protected]

[email protected]

[email protected]

While there is an unauthorized message, maybe we should hide the button entirely for creating a process? 🤔

Also, while it seems the links are correct... I need to select the "community" role which seems weird to need to do as a process operator 😅

[esizer]

Does this need to be a function? Seems like we could just export the return value as a plain object.

[tristan-orourke]

Sure. I guess a function means you can't accidentally modify it? But I think we can avoid doing that. Updated in 7fdea776a49994f01b1093819188ad5dd9814ea4

[tristan-orourke]

Create pool button hidden if user not authorized to do so: 844c4d3

[tristan-orourke]

Also, while it seems the links are correct... I need to select the "community" role which seems weird to need to do as a process operator 😅

I agree, its not obvious it should be like this, but Process Operators are working under the direction/delegated authority of Community Admins, and we weren't sure how else to organize it.

[tristan-orourke]

Also, I'm still missing some links for roles in the nav menu.

Which links are missing?

[esizer]

Also, I'm still missing some links for roles in the nav menu.

Which links are missing?

I think communities and users. Based on the outline you provided, I think [email protected] should have those links. Or am I just misinterpreting that?

[tristan-orourke]

I think communities and users. Based on the outline you provided, I think [email protected] should have those links. Or am I just misinterpreting that?

They should have those links on their dashboard but not the nav menu, since they shouldn't need to access those pages very often.