Feature #19146
Updated by Peter Amstutz over 2 years ago
To correctly determine whether to display actions for sharing and project freezing in workbench, we need to know if a user has "can_manage" permission. Proposal: If the current user has can_manage permission to an object, the response includes a "can_manage: true" boolean field. In addition, introduce a "can_write" boolean field. The "writable_by" "managed_by" field which is simplified computed similarly to only include the user uuid if the user can_write, and be empty otherwise. This field will be considered deprecated. Add a configuration option to restore the original writable_by behavior which is default false, with a deprecation note. "writable_by" except for can_manage permission. In the case of a frozen project that the user owns, project, we expect the "can_write" "writable_by" field to be false, empty, but the "can_manage" "managed_by" field to me true. filled in. Workbench is responsible for checking "can_write" "writeable_by" for modification operations and "can_manage" "managed_by" for permission operations.