The workflow
entity now supports additional access control operations related the states and transitions. Previously the access system would be checked for the operation delete-state:foo
for the state ID foo
before allowing users to delete a particular state. These operations have been expanded to cover updating and adding for both states and transitions.
These are only available at the API level and are not exposed through any additional permissions. Individual workflow types may choose to introduce permissions or access restrictions for states and transitions where appropriate for that workflow type.
A full list of the state and transitions operations for the "foo" state and the "bar" transition are:
add-state
: Grants the user access to add a new state.update-state:foo
: Grants the user access to edit the "foo" state.delete-state:foo
Grants the user access to delete the "foo" state.add-transition
: Grans the user access to add a new transition.update-transition:bar
: Grants the user access to update the "bar" transition.delete-transition:bar
: Grants the user access to delete the "bar" transition.
An example of an access hook which might make use of these new operations for a workflow type fancy_workflow
is as follows:
/**
* Implements hook_ENTITY_TYPE_access() for the workflow entity.
*/
function fancy_workflows_workflow_access(WorkflowInterface $workflow, $operation, AccountInterface $account) {
if ($operation === 'add-transition' && $workflow->getTypePlugin()->getPluginId() === 'fancy_workflow') {
return AccessResult::allowedIfHasPermission($account, 'administer fancy workflow transitions');
}
}