Problem/Motivation
@FabianX brought up a point in #2784921-149: Add Workspaces experimental module that not every site needs the per-workspace "bypass entity access" permission:
Per workspace permissions can clutter permissions page a lot (Current CPS site would have 8100 entries in permissions table); potentially can avoid by putting property on workspace entity that it has permissions or move to a follow-up task as it is dangerous anyway.
As a result, the bypass entity access workspace $workspace_id has been removed from the initial core patch, along with the other per-workspace view / edit / delete as optional permissions that were removed earlier in the process.
The current permissions shipping with Workspace are:
- Administer workspaces
- Bypass content entity access in own workspace
- Create a new workspace
- Delete any workspace
- Delete own workspace
- Edit any workspace
- Edit own workspace
- View any workspace
- View own workspace
Proposed resolution
Figure out if we need per-workspace permission and implement them.
Remaining tasks
Discuss and then implement a solution.
User interface changes
Less clutter in the permission UI.
API changes
Some permissions might be configurable.
Data model changes
Nope.