It has been requested to have 'view only' permissions for settings in agreements.
The way we split down the permission for users in Agreements currently is into four parts:
- "permissionName": "ui-agreements.generalSettings.manage"
- "permissionName": "ui-agreements.picklists.manage"
- "permissionName": "ui-agreements.supplementaryProperties.manage"
- "permissionName": "ui-agreements.appSettings.manage"
For consistency we should reflect the same structure for view only:
- "permissionName": "ui-agreements.generalSettings.view"
- "permissionName": "ui-agreements.picklists.view"
- "permissionName": "ui-agreements.supplementaryProperties.view"
- "permissionName": "ui-agreements.appSettings.view" [*already exists*]
The existing 'manage' permissions rely on "settings.agreements.enabled" - which grants:
Since "settings.agreements.enabled" is not exposed directly to the user (visible=false) we can make changes here without affecting anything else. For logical consistency I would propose:
- Update settings.agreements.enabled to only include "module.agreements.enabled" and "settings.enabled"
- Add new permission settings.configuration.manage which grants "configuration.entries.collection.get", "configuration.entries.item.put", "configuration.entries.item.post"
- Add new permission settings.configuration.view which grants only "configuration.entries.collection.get"
- Update the existing ui-agreements.generalSettings.manage setting to additionally grant "settings.configuration.manage" as well as settings.agreements.enabled
- Add the three new settings "view" permissions which grant settings.agreements.enabled and, for ui-agreements.generalSettings.view also settings.configuration.view
ui-agreements.generalSettings.view will need:
ui-agreements.picklists.view will need:
ui-agreements.supplementaryProperties.view will need:
ui-agreements.appSettings.view will need:
Also need to. check the code that displays permissions in the UI as I think we display sections in the settings based on the four "manage" permissions that exist right now. I think the best thing to do would be to replace this with a check for the new equivalent "view" permissions and then update all the "manage" permissions to have the equivalent "view" as a sub permission (the alternative would be to check for either the view OR the manage permission in the code before displaying the section in the UI)