fix: move restricted test author role to taoTests

manifest.php

@@ -29,6 +29,7 @@
  * @license GPLv2  http://www.opensource.org/licenses/gpl-2.0.php
  */
 
+use oat\tao\model\accessControl\func\AccessRule;
 use oat\tao\model\user\TaoRoles;
 use oat\taoTests\models\Copier\CopierServiceProvider;
 use oat\taoTests\models\user\TaoTestsRoles;
@@ -66,10 +67,36 @@
     'update' => Updater::class,
     'managementRole' => TaoTestsRoles::TEST_MANAGER,
     'acl' => [
-        ['grant', TaoTestsRoles::TEST_MANAGER, ['ext' => 'taoTests']],
-        ['grant', TaoRoles::REST_PUBLISHER, ['ext' => 'taoTests', 'mod' => 'RestTests']],
-        ['grant', TaoTestsRoles::TEST_EXPORTER, ['ext' => 'taoTests', 'mod' => 'TestExport']],
-        ['grant', TaoTestsRoles::TEST_IMPORTER, ['ext' => 'taoTests', 'mod' => 'TestImport']]
+        [
+            AccessRule::GRANT,
+            TaoTestsRoles::TEST_MANAGER,
+            ['ext' => 'taoTests']
+        ],
+        [
+            AccessRule::GRANT,
+            TaoRoles::REST_PUBLISHER,
+            ['ext' => 'taoTests', 'mod' => 'RestTests']
+        ],
+        [
+            AccessRule::GRANT,
+            TaoTestsRoles::TEST_EXPORTER,
+            ['ext' => 'taoTests', 'mod' => 'TestExport']
+        ],
+        [
+            AccessRule::GRANT,
+            TaoTestsRoles::TEST_IMPORTER,
+            ['ext' => 'taoTests', 'mod' => 'TestImport']
+        ],
+        [
+            AccessRule::GRANT,
+            TaoRoles::REST_PUBLISHER,
+            ['ext' => 'taoTests', 'mod' => 'RestTests']
+        ],
+        [
+            AccessRule::GRANT,
+            TaoTestsRoles::RESTRICTED_TEST_AUTHOR,
+            ['ext' => 'taoTests', 'mod' => 'Tests']
+        ]
     ],
     'optimizableClasses' => [
         'http://www.tao.lu/Ontologies/TAOTest.rdf#Test',

migrations/Version202307100801342363_taoTests.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace oat\taoTests\migrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use oat\tao\scripts\tools\accessControl\SetRolesAccess;
+use oat\tao\scripts\tools\migrations\AbstractMigration;
+use oat\tao\scripts\update\OntologyUpdater;
+use oat\taoTests\models\user\TaoTestsRoles;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ *
+ * phpcs:disable Squiz.Classes.ValidClassName
+ */
+final class Version202307100801342363_taoTests extends AbstractMigration
+{
+    private const CONFIG = [
+        SetRolesAccess::CONFIG_RULES => [
+            TaoTestsRoles::RESTRICTED_TEST_AUTHOR => [
+                ['ext' => 'taoTests', 'mod' => 'Tests']
+            ]
+        ],
+    ];
+    public function getDescription(): string
+    {
+        return 'Add role access to restricted test author';
+    }
+
+    public function up(Schema $schema): void
+    {
+        OntologyUpdater::syncModels();
+        $setRolesAccess = $this->propagate(new SetRolesAccess());
+        $setRolesAccess([
+            '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG,
+        ]);
+    }
+
+    public function down(Schema $schema): void
+    {
+        $setRolesAccess = $this->propagate(new SetRolesAccess());
+        $setRolesAccess([
+            '--' . SetRolesAccess::OPTION_REVOKE,
+            '--' . SetRolesAccess::OPTION_CONFIG, self::CONFIG,
+        ]);
+    }
+}

models/classes/user/TaoTestsRoles.php

@@ -27,4 +27,5 @@ interface TaoTestsRoles
     public const TEST_IMPORTER = 'http://www.tao.lu/Ontologies/TAOTest.rdf#TestImporterRole';
     public const TEST_EXPORTER = 'http://www.tao.lu/Ontologies/TAOTest.rdf#TestExporterRole';
     public const TEST_MANAGER = 'http://www.tao.lu/Ontologies/TAOTest.rdf#TestsManagerRole';
+    public const RESTRICTED_TEST_AUTHOR = 'http://www.tao.lu/Ontologies/TAO.rdf#RestrictedTestAuthor';
 }

models/ontology/taotest.rdf

@@ -70,7 +70,14 @@
   	<rdfs:label xml:lang="en-US"><![CDATA[Tests Manager]]></rdfs:label>
     <rdfs:comment xml:lang="en-US"><![CDATA[The Tests Manager Role]]></rdfs:comment>
   </rdf:Description>
-
+  <rdf:Description rdf:about="http://www.tao.lu/Ontologies/TAO.rdf#RestrictedTestAuthor">
+  	<rdf:type rdf:resource="http://www.tao.lu/Ontologies/generis.rdf#UserRole"/>
+   	<generis:includesRole rdf:resource="http://www.tao.lu/Ontologies/TAO.rdf#PropertyManagerRole"/>
+   	<generis:includesRole rdf:resource="http://www.tao.lu/Ontologies/generis.rdf#TestXMLEditor"/>
+   	<generis:includesRole rdf:resource="http://www.tao.lu/Ontologies/TAOTest.rdf#TaoQtiManagerRole"/>
+   	<rdfs:label xml:lang="en-US"><![CDATA[Restricted Test Author]]></rdfs:label>
+    <rdfs:comment xml:lang="en-US"><![CDATA[Test Author with limitation for ACL]]></rdfs:comment>
+  </rdf:Description>
   <rdf:Description rdf:about="http://www.tao.lu/Ontologies/TAOItem.rdf#TestAuthor">
   	<rdf:type rdf:resource="http://www.tao.lu/Ontologies/generis.rdf#UserRole"/>
   	<generis:includesRole rdf:resource="http://www.tao.lu/Ontologies/TAOTest.rdf#TestsManagerRole"/>