Build permissions for each workflow transition

Created on 4 October 2024, about 1 month ago

Problem/Motivation

With the introduction of the workflow module for workspaces, we need to handle #2968850: Figure out use-cases for per-workspace permissions and provide them if needed → . Each transition needs to have a derived permission provided. Otherwise, we have to give the overly broad permission administer workspaces.

Steps to reproduce

Configure a workflow for a workspace with that sub-module. Then don't give the user `administer workspaces` permission (and make sure you aren't user 1). The ability to transition the workflow does not exist because the %transition any workspace permission doesn't exist and the user doesn't have that access.

See WorkspaceAccessControlHandler::checkAccess()

    // Check if the user has permission to access all workspaces.
    $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

2.0

Component

Code

Created by

heddn Nicaragua

Live updates comments and jobs are added and updated live.

Merge Requests

!9Build permissions for each workflow transition
Open
heddn
updated 29 days ago
!8Build permissions for each workflow transition
Closed
heddn
updated 29 days ago

Comments & Activities

Issue created by @heddn
Merge request !8Draft: Fix various problems for workspace workflows and improve the test workflow... → (Closed) created by heddn
Comment about 1 month ago →
heddn Nicaragua
Edit, ignored this comment.
Comment 29 days ago →
System Message
heddn → closed merge request !8
Merge request !9Update entity_workflow_workspace.module → (Open) created by heddn
Comment 17 days ago →
heddn Nicaragua
This is now ready for review.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024