Problem/Motivation
This is the meta-issue for fulfillment of deliverables for the winning "Pitch-Burgh" proposal shown here. It will be updated as subtasks are identified/completed.
Completed tasks
- Get a cache committed to core that can handle redirects: #2551419: Abstract RenderCache into a separate service that is capable of cache redirects in a non-render array-specific way
- Centralize all permission checks in core: #3347873: Centralize permission checks in a service
Remaining tasks
Here it's important to note that the pitch was about getting policy based access into core, but I've been asked to first focus on getting this to work in contrib so that if core maintainers aren't immediately ready to commit my work, we still have something finished in the end. As such, I'd like to explore expanding Flexible Permissions with a new module that adds the system to core from the outside. This may be harder and cost more time, though.
- Create a new module that depends on Flexible Permissions
- In said module, swap out the permission checker with one that leverages FP using a new "Drupal" scope
- Also swap out the user.permissions cache context to integrate the new calculated permissions
- Write two calculators to replace core's permission layer: UID1 and role-based permissions
If we have time left after this, it would be great if we could also focus on converting FP into core code and copy the code from the new module into core as well. Minus the swapping out services then, of course, as we'd have access to directly replace them.