Security of the workflow

Description

Security in a workflow is used to control the rights for a specific object by one user. It is set in the meta class, statuses and transitions of the workflow.

Implementation

In the meta, define in advance :doc: string attribute </3_development/metadata_structure/meta_class/property_types>, which will store the user ID.

To control the rights during the transitions on the workflow, it is necessary to add in the transition an assignment of the current user to the attribute for which rights will be issued for the next WF status.

Then, in the WF status, set the access level in the itemPermissionsproperty:

"itemPermissions": [
        {
          "role": ...
          "permissions": ...
        }
      ]
  • role - indicates the attribute that stores the user ID
  • permissions - the number is set by the bit mask, which is related to the role level of access to the object
    • 1 - read
    • 2 - write
    • 4 - delete
    • 8 - use
    • 31 - full access

You can use rights in any order. For example:

  • read + write = 3
  • read + write + delete = 7
  • read + write + delete + use = 15

Attention! In the workflow, the dynamic rights can only provide more access. It is impossible to reduce access rights.

Examples

Assigning of the current user, working with the object, to the person attribute.

"assignments": [
    {
        "key": "person",
        "value": "$$uid"
    }
]

Adding the itemPermissions to the WF status

"states": [
    {
      "itemPermissions": [
        {
          "role": "person",
          "permissions": 15
        }
      ]
    }
  ]