BACKGROUND
Currently Decidim allows to define required authorizations for a component and add specific rule requirements to the authorizations. The action authorizers can then be configured to check these requirements.
PROBLEM
When the above is configured for multiple authorizations, Decidim requires ALL of the authorizations to be valid as defined by:
https://git.io/fjFaH
This causes a problem when we would only like to have one of the authorization to pass OR always require one specific authorization + one of the other configured authorizations.
SOLUTION
There are few possibilities how to solve this but I think the most flexible solution would be to introduce programmatic authorization control flows which could be then selected in the permissions view of the component from a dropdown. There would always be only one authorization control flow which would apply to the component to check whether the user is authorized.
By default there could be two different flows:
- Require all authorizations to pass
- Require one of the authorizations to pass
Then the developers could register their own flows to customize the functionality of these (e.g. one specific one required + one of the others).
Other solution suggestions are welcome as well, this was just the first though.
Right now, we are bypassing the problem using another combined authorization which does what is explained above. From the users perspective this is not ideal as they will see this "extra" authorization in the authorizations list and it may cause some confusion.
Compartir