Security of the workflow¶
Description¶
Security in a workflow is used to control the rights for a specific object by one user. It is set in the meta class, statuses and transitions of the workflow.
Implementation¶
In the meta, define in advance :doc: string attribute </3_development/metadata_structure/meta_class/property_types>, which will store the user ID.
To control the rights during the transitions on the workflow, it is necessary to add in the transition an assignment of the current user to the attribute for which rights will be issued for the next WF status.
Then, in the WF status, set the access level in the itemPermissions
property:
"itemPermissions": [
{
"role": ...
"permissions": ...
}
]
role
- indicates the attribute that stores the user IDpermissions
- the number is set by the bit mask, which is related to therole
level of access to the object- 1 - read
- 2 - write
- 4 - delete
- 8 - use
- 31 - full access
You can use rights in any order. For example:
- read + write = 3
- read + write + delete = 7
- read + write + delete + use = 15
Attention! In the workflow, the dynamic rights can only provide more access. It is impossible to reduce access rights.
Examples¶
Assigning of the current user, working with the object, to the person
attribute.
"assignments": [
{
"key": "person",
"value": "$$uid"
}
]
Adding the itemPermissions
to the WF status
"states": [
{
"itemPermissions": [
{
"role": "person",
"permissions": 15
}
]
}
]