Build permissions for each workflow transition

Created on 4 October 2024, 3 months ago

Problem/Motivation

With the introduction of the workflow module for workspaces, we need to handle #2968850: Figure out use-cases for per-workspace permissions and provide them if needed . Each transition needs to have a derived permission provided. Otherwise, we have to give the overly broad permission administer workspaces.

Steps to reproduce

Configure a workflow for a workspace with that sub-module. Then don't give the user `administer workspaces` permission (and make sure you aren't user 1). The ability to transition the workflow does not exist because the %transition any workspace permission doesn't exist and the user doesn't have that access.

See WorkspaceAccessControlHandler::checkAccess()

    // Check if the user has permission to access all workspaces.
    $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

Active

Version

2.0

Component

Code

Created by

heddn Nicaragua

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024