State Voter

[dbu]

we could have a state based publish workflow. for the access check, it would look like the following. additionally we need to set the available states on the admin (another admin extension i guess).
then we would need to build some sort of event system around the state changes and maybe provide a simple way to define what should happen for which state. also editing permissions will be more complicated than the simple VIEW permissions.

interface ObjectStateInterface
{
    /**
    * A state label
    *
    * @return string
    */
    getState()
}

class PublishStateVoter
{

    /**
    * @param array $stateRoleMap mapping of state names to required symfony role or true for public
    */
    __construct($container, $stateRoleMap)
    ...

    /**
    *
    vote(...)
    {
        $state = $object->getState;
        if (! isset($this->stateRoleMap[$state])) {
            throw ...
        }
        if (true === $this->stateRoleMap[$state]) {
            return self::ACCESS_GRANTED;
        }
        if VIEW_ANONYMOUS is required, return self::ACCESS_DENIED at this point
        $context = $this->container->get('security.context');
        if (null === $context->getToken()) {
            // no firewall, the user is not authorised
            return self::ACCESS_DENIED;
        }
        if ($context->isGranted($this->stateRoleMap[$state])) {
            return self::ACCESS_GRANTED;
        }

        return self::ACCESS_DENIED;

[dbu]

this should most likely integrate with http://jackrabbit.510166.n4.nabble.com/jcr-2-mix-lifecycle-td2216584.html