Problem/Motivation
Just like in Drupal's global permissions it's sometimes needed to provide permissions for a group role for a specific group bundle, rather than for all group bundles.
An example use-case that we're currently running into is where we implement field-level access for ~130 fields that depend on the group role of a user. To build this cleanly we want to check on a field-specific permission, rather than directly checking assigned roles. This keeps the flexibility of reconfiguring the role <-> field relationship by re-assigning permissions.
Within the group module it's currently possible to define static permissions or to derive dynamic permissions but these apply to all group types. It's possible to provide group-type specific permissions, but only for a relation to something within the group. In case such a relation doesn't exist (as is the case for fields directly on the group) it's not possible to provide per-group-type permissions.
Steps to reproduce
Proposed resolution
From our earlier Slack conversation
"We could expand getPermissionsByGroupType to eventually end up in buildPermissionsYaml where callbacks can have a group-type-argument method or we could support a new key on permissions that can list a set of group type IDs."
$permission += [
'title_args' => [],
'description' => '',
'description_args' => [],
'restrict access' => FALSE,
'warning' => !empty($permission['restrict access']) ? 'Warning: Give to trusted roles only; this permission has security implications.' : '',
'warning_args' => [],
'section' => 'General',
'section_args' => [],
'section_id' => 'general',
'allowed for' => ['anonymous', 'outsider', 'member'],
];
"An extra key in there would be a possibility for instance"
Remaining tasks
User interface changes
API changes
Data model changes