Change record status: 
Project: 
Introduced in branch: 
8.7.x
Introduced in version: 
8.7.0
Description: 

The workflow entity now supports additional access control operations related the states and transitions. Previously the access system would be checked for the operation delete-state:foo for the state ID foo before allowing users to delete a particular state. These operations have been expanded to cover updating and adding for both states and transitions.

These are only available at the API level and are not exposed through any additional permissions. Individual workflow types may choose to introduce permissions or access restrictions for states and transitions where appropriate for that workflow type.

A full list of the state and transitions operations for the "foo" state and the "bar" transition are:

  • add-state: Grants the user access to add a new state.
  • update-state:foo: Grants the user access to edit the "foo" state.
  • delete-state:fooGrants the user access to delete the "foo" state.
  • add-transition: Grans the user access to add a new transition.
  • update-transition:bar: Grants the user access to update the "bar" transition.
  • delete-transition:bar: Grants the user access to delete the "bar" transition.

An example of an access hook which might make use of these new operations for a workflow type fancy_workflow is as follows:

/**
 * Implements hook_ENTITY_TYPE_access() for the workflow entity.
 */
function fancy_workflows_workflow_access(WorkflowInterface $workflow, $operation, AccountInterface $account) {
  if ($operation === 'add-transition' && $workflow->getTypePlugin()->getPluginId() === 'fancy_workflow') {
    return AccessResult::allowedIfHasPermission($account, 'administer fancy workflow transitions');
  }
}
Impacts: 
Module developers
Updates Done (doc team, etc.)
Online documentation: 
Not done
Theming guide: 
Not done
Module developer documentation: 
Not done
Examples project: 
Not done
Coder Review: 
Not done
Coder Upgrade: 
Not done
Other: 
Other updates done