[6.x] Forms 2: Permissions#14957
Merged
Merged
Conversation
Permissions can declare a broader permission that supersedes them. The roles UI hides superseded permissions while the superseder is checked. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Adds "edit forms" (with create/delete children), global "view/delete form submissions", and per-form "edit [form] form" permissions. The form and submission policies now grant abilities from these instead of everything hanging off "configure forms". The deprecated "configure form fields" permission is no longer registered, but continues to grant access to the form builder and logic pages. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The form section tabs, submissions badge, and header actions now only show when the user has the relevant ability. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
# Conflicts: # resources/js/components/roles/PermissionTree.vue # src/Auth/CorePermissions.php # src/Auth/Permission.php # tests/Permissions/PermissionTest.php # tests/Permissions/PermissionsTest.php
FormsController::index() was computing the submission count for every form the user could view, regardless of viewSubmissions permission. The count was hidden client-side but still present in the Inertia page props. Now the count is only computed and returned when the user can actually view submissions. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The wrapping div now carries the v-if that was previously only on the nav element, so the trigger button doesn't render pointing at a popover that no longer exists. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ortController Cover the edit and viewSubmissions ability boundaries introduced by the forms permissions rework: FormConnectController now requires edit forms or per-form edit, and FormExportController requires viewSubmissions rather than view. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The generate-fake endpoint and DeleteFakeSubmissions cleanup action were authorized on viewSubmissions/deleteSubmissions, which are ordinary content-editor permissions. Since the feature is developer- only, add a generateFakeSubmissions ability to FormPolicy that only super users and configure-forms users satisfy (via before()), and use it for both the generate endpoint and the cleanup action. Fold the same ability into canGenerateFakeSubmissions so the UI hides all generate/cleanup controls for unauthorized users. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Super access is guaranteed by FormPolicy::before() for every ability; asserting it per-ability tests the framework, not this feature. The configure-forms allow case and the denial cases carry the coverage. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Same reasoning: super is handled by FormPolicy::before() for every ability, so a per-ability super test adds no coverage over the permission-specific allow/deny cases. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request reworks form permissions as part of Forms 2.
New permissions
The Forms permission group now looks like this:
Configure forms remains the "super permission" for forms — users with it can do anything form related.
Edit forms grants access to everything about every form (fields, logic, connect, configure), except submissions. Edit [form] form is the per-form equivalent.
View submissions grants read-only access to submissions across all forms, including exporting. Deleting them is behind the Delete submissions child permission. The per-form equivalents behave the same way, scoped to a single form.
Configure form fields
The
configure form fieldspermission has been deprecated and is no longer registered, so it won't show in the roles UI. However, it's still supported: users with it may access the form builder and logic pages, but nothing else. These are the equivalent pages now that forms don't have blueprints.It also no longer grants access to the blueprints area of the Control Panel.
Control Panel
Closes statamic/ideas#1469