Skip to content

[Improvement]: remove create permission on parent during DataObject create mutation #979

New issue
New issue
Open
Open
[Improvement]: remove create permission on parent during DataObject create mutation#979
Labels
Improvement
@pierre-kubica

Description

@pierre-kubica
pierre-kubica
opened on May 22, 2025

Improvement description

I want to check operation permission on my DataObject with voters so I wrote a subscriber listening to PermissionEvents::PRE_CHECK that calls isGranted from Symfony Security service.

But that will trigger a check on my DataObject's parent with create permission (see GraphQL/Mutation/MutationType.php on line 604: WorkspaceHelper::checkPermission($parent, 'create')).

So I have no choice to allow the user to have create permission on that parent's DataObject type to be able to create it, what I don't want to.

Could we remove that check on line 604 and let the dev to be responsible for the permission checks ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Improvement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions