🚀 Feature: Scaffolder task list permissions #27421
Labels
area:permission
Related to the Permission Project Area
area:scaffolder
Everything and all things related to the scaffolder project area
enhancement
New feature or request
🔖 Feature description
The scaffolder task read permissions do not allow the creation of complex permissions. Currently, it's only on/off with the
taskReadPermission
, and no possibility to add conditions.🎤 Context
We would like to limit the listed tasks so that:
The number 3 is not really that big of an issue as the template name seems to be hidden in the task list if the user does not have access to it but it still allows user to see the output + logs of the run.
✌️ Possible Implementation
Add additional conditions for the
taskReadPermission
. At least the following rules should be available:isTaskCreator
- should filter based on thecreatedBy
column using the current user entity refhasCreatedBy
- should filter based on thecreatedBy
column in theSerializedTask
hasTemplateEntityRef
- should filter based on thespec.templateInfo.entityRef
in thespec
column ofSerializedTask
. This requires some JSON query magichasTemplateAccess
- should also filter by template entityRef but include only template references the user has access to. Probably requires a catalog call to get the entity refs.Additionally, some other rules that could be done:
hasStatus
- should filter by task status👀 Have you spent some time to check if this feature request has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
None
The text was updated successfully, but these errors were encountered: