Close #3385 Remove redundant permissions in "Content Administrator" role.

[trackleft]

Description

This PR removes the the following permissions from the content administrator role that have a corresponding entry in the content editor role.

• access draggableviews
• administer nodes
• edit own az_audio media
• use editorial transition az_publish
• use editorial transition az_unpublish
• use editorial transition create_new_draft
• view any unpublished content
• view latest version

Related issues

Close #3385

How to test

Check the permissions page for any permissions that have more than one check (aside from the administrator role)

Types of changes

Arizona Quickstart (install profile, custom modules, custom theme)

• Patch release changes
  • Bug fix
  • Accessibility, performance, or security improvement
  • Critical institutional link or brand change
  • Adding experimental module
  • Update experimental module
• Minor release changes
  • New feature
  • Breaking or visual change to existing behavior
  • Upgrade experimental module to stable
  • Enable existing module by default or database update
  • Non-critical brand change
  • New internal API or API improvement with backwards compatibility
  • Risky or disruptive cleanup to comply with coding standards
  • High-risk or disruptive change (requires upgrade path, risks regression, etc.)
• Other or unknown
  • Other or unknown

Drupal core

• Patch release changes
  • Security update
  • Patch level release (non-security bug-fix release)
  • Patch removal that's no longer necessary
• Minor release changes
  • Major or minor level update
• Other or unknown
  • Other or unknown

Drupal contrib projects

• Patch release changes
  • Security update
  • Patch or minor level update
  • Add new module
  • Patch removal that's no longer necessary
• Minor release changes
  • Major level update
• Other or unknown
  • Other or unknown

Checklist

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

Release Notes

Important: Content Administrators may lose access permissions if they are not also assigned the Content Editor role. Ensure all users have appropriate roles by reviewing the roles section of the managing users documentation.

[danahertzberg]

Would it be worth it to clean up other permissions as well?

All of the following permissions are currently enabled for Content editor and Content administrator roles.

Proposal: Remove the following permissions from the Content administrator role

Node

Administer content
Warning: Give to trusted roles only; this permission has security implications. Promote, change ownership, edit revisions, and perform other tasks across all content types.

Media

Audio: Edit own media

Content Moderation

Editorial workflow: Use Create New Draft transition.
Move content from Draft, Published states to Draft state.

Editorial workflow: Use Publish transition.
Move content from Draft, Published, Unpublished states to Published state.

Editorial workflow: Use Unpublish transition.
Move content from Draft, Published, Unpublished states to Unpublished state.

View any unpublished content

View the latest version
Requires the "View any unpublished content" or "View own unpublished content" permission

[camikazegreen]

It looks like this permission should probably be reserved for Content Admins:

Editorial workflow: Use Publish transition.
Move content from Draft, Published, Unpublished states to Published state.