[Fix] Touch up frontend permissions

[tristan-orourke]

🤖 Resolves #11767

👋 Introduction

This fixes a few places frontend permissions to view different pages, or the links that showed in the new Nav or Dashboard, weren't correct, especially for the newer roles.

🕵️ Details

Where possible, I referenced the same role arrays in permissionConstants to control links appearing in both the nav menu and the dashboard, so ensure they remain in sync. This is a pattern I want to fully move to in #12066 but that involves a larger scope.

🧪 Testing

Log in as community@test.com, as recruiter@test.com, and as process@test.com. For each, consider the nav menu, the dashboard, and click around to different pages. Check that you can access the pages and functionality described, with the restrictions described:

Community Admins should be able to access:

• [ ] Nav contains links to Dashboard, Processes, Candidates, Requests and Resources
• Communities pages
  • [ ] table view
  • [ ] view single community
  • [ ] ability to edit
  • [ ] manage access tab
• Process pages
  • [ ] table view
  • [ ] create new
  • [ ] Process Information tab
  • [ ] edit poster
  • [ ] preview poster
  • [ ] edit assessment plan
  • [ ] ability to publish
  • [ ] screening and assessment tab
  • [ ] talent placement tab
  • [ ] manage access tab
• Request pages
  • [ ] table view
  • [ ] view individual request
• Candidate pages
  • [ ] candidate search ie candidate table
  • [ ] individual application
• User pages
  • [ ] table view
  • [ ] User Profile tab
  • [ ] User Information tab
  • [ ] DO NOT have access to Edit User Account tab

Community Recruiter should be the same as Community Admin, except...

• Can view Community table and details, but can't edit or view manage-access tab
• No ability to publish pools So... Community Recruiter should be able to access:
• [ ] Nav contains links to Dashboard, Processes, Candidates, Requests and Resources
• Communities pages
  • [ ] table view
  • [ ] view single community
  • [ ] NO ability to edit
  • [ ] CANNOT VIEW manage access tab
• Process pages
  • [ ] table view
  • [ ] create new
  • [ ] Process Information tab
  • [ ] edit poster
  • [ ] preview poster
  • [ ] edit assessment plan
  • [ ] CANNOT publish
  • [ ] screening and assessment tab
  • [ ] talent placement tab
  • [ ] manage access tab
• Request pages
  • [ ] table view
  • [ ] view individual request
• Candidate pages
  • [ ] candidate search ie candidate table
  • [ ] individual application
• User pages
  • [ ] table view
  • [ ] User Profile tab
  • [ ] User Information tab
  • [ ] DO NOT have access to Edit User Account tab

Process Operator should be able to access:

• [ ] Nav contains links to Dashboard, Processes, Candidates, and Resources (but not Requests)
• Process pages
  • [ ] table view
  • [ ] CANNOT create new
  • [ ] Process Information tab
  • [ ] edit poster
  • [ ] preview poster
  • [ ] edit assessment plan
  • [ ] CANNOT publish
  • [ ] screening and assessment tab
  • [ ] talent placement tab, without ability to place candidates from table
  • [ ] can view manage access tab but cannot add or edit items
• Candidate pages
  • [ ] candidate search ie candidate table, without ability to place candidates from table
  • [ ] individual application, with ability to assess and qualify/disqualify but not place candidates
• User pages (view table, view single User Profile and User Information tabs but not Edit tab) Process Operator should see links on their dashboard to:
• User pages
  • [ ] table view
  • [ ] User Profile tab
  • [ ] User Information tab
  • [ ] DO NOT have access to Edit User Account tab

Platform Admin

Additionally, a Platform Admin should be able to view Talent Requests (accessible from nav or the dashboard as Requests) and Communities and Teams should appear in the System settings dropdown menu in the nav bar.

📸 Screenshot

🚚 Deployment

After deploying this, the new roles should be ready to use. We should instruct Recruitment team (and the ATIP team) to use the Pool Manage Access tab to add people to pools, instead of adding them as Pool Operators within a team.

Additionally, we should run php artisan app:sync-pool-process-operator after deploying to ensure Pool Operators are converted to Process Operators.

[tristan-orourke]

Create pool button hidden if user not authorized to do so: 844c4d329f586c07ef8f0177e20078a5865f1b81

[tristan-orourke]

Also, while it seems the links are correct... I need to select the "community" role which seems weird to need to do as a process operator 😅

I agree, its not obvious it should be like this, but Process Operators are working under the direction/delegated authority of Community Admins, and we weren't sure how else to organize it.

[tristan-orourke]

Also, I'm still missing some links for roles in the nav menu.

Which links are missing?

[esizer]

Also, I'm still missing some links for roles in the nav menu.

Which links are missing?

I think communities and users. Based on the outline you provided, I think community@test.com should have those links. Or am I just misinterpreting that?

[tristan-orourke]

I think communities and users. Based on the outline you provided, I think community@test.com should have those links. Or am I just misinterpreting that?

They should have those links on their dashboard but not the nav menu, since they shouldn't need to access those pages very often.