Skip to content

Use delegated settings to allow nonadmins to manage flows #310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lukasdotcom merged 3 commits into from
Jun 23, 2025
Merged

Use delegated settings to allow nonadmins to manage flows #310

lukasdotcom merged 3 commits into from
Jun 23, 2025

Conversation

@lukasdotcom
Copy link
Member

@lukasdotcom lukasdotcom commented Jun 18, 2025

Resolves: #44

@lukasdotcom lukasdotcom requested a review from julien-nc June 18, 2025 18:29
@julien-nc
Copy link
Member

julien-nc commented Jun 19, 2025

I don't think having OCA\Approval\Attribute\RequireApprovalAdmin is needed. It is not checked by the server security middleware because there is no way the server is aware of this attribute.

You can check how it's done in the theming app (in the server repo).

  • Each controller method that is called by the settings section UI has the attribute #[AuthorizedAdminSetting(settings: Admin::class)] . The full class path is OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting
  • NoAdminRequired must not be set

@lukasdotcom
use correct authorization
1240a62 
Signed-off-by: Lukas Schaefer <[email protected]>
@lukasdotcom
Copy link
Member Author

lukasdotcom commented Jun 20, 2025

I used the group folders app as my example to build of, but didn't notice that there was a custom middleware in the app.

@lukasdotcom
remove attribute
11dde4c 
Signed-off-by: Lukas Schaefer <[email protected]>
@lukasdotcom lukasdotcom merged commit d064ade into main Jun 23, 2025
39 checks passed
@lukasdotcom lukasdotcom deleted the delegated-settings branch June 23, 2025 13:33
This was referenced Jun 24, 2025
Open
Merged
@thekk1
Copy link

thekk1 commented Jun 26, 2025

The implementation is not complete.
If I allow non admin persons or groups to setup the approval workflows, they are not able to see or set the invisible tags nor they are able to create some.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julien-nc julien-nc julien-nc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement new admin delegation feature

4 participants

@lukasdotcom @julien-nc @thekk1