Right now, there is confusion with the support for form. As the doc says:
"Restrictions on the form name in form-builder-permissions.xml are at this point not supported; only restrictions on the app name are supported. This means that you should always use form="*". If you define a restriction on the form name, it won't be enforced at the time the form is created, allowing users to create, save, and publish a form with an undesirable name. However they then won't be able to see the form they created when going back to the summary page."
This would be solved with more specific CRUD operations:
user can read and update a form definition
user cannot create a new one
Might need an additional publish/unpublish permission?
Ideally, this should be unified with the FR permissions.
Right now, there is confusion with the support for
form
. As the doc says:"Restrictions on the form name in form-builder-permissions.xml are at this point not supported; only restrictions on the app name are supported. This means that you should always use
form="*"
. If you define a restriction on the form name, it won't be enforced at the time the form is created, allowing users to create, save, and publish a form with an undesirable name. However they then won't be able to see the form they created when going back to the summary page."This would be solved with more specific CRUD operations:
read
andupdate
a form definitioncreate
a new oneMight need an additional
publish/unpublish
permission?Ideally, this should be unified with the FR permissions.