More granular permissions required for fragment's endpoint
A second version of applyPermissionFilter
utility should be implemented and used in fragment's endpoint for the case of patch action. This is needed in order to facilitate more specific permissions per user role. This new applyPermissionFilter
should support the comparison between the stored fragment and the actual change, which will exist in req.body
, and by combining the corresponding authsome mode a decision should be made if the current user is allowed to change a specific property of the fragment. If the decision is true the patch should be persisted or otherwise should be rejected.
It is really important this mechanism to be implemented as we have this level of granularity in Editoria when it comes to fragments and their properties
https://gitlab.coko.foundation/editoria/editoria/issues/57