**As a** normal project member with permissions to see attachments
**When** my OpenProject instance migrates from 12.1 to 12.2
**I want** to automatically get the necessary permissions
**So that** I can work with Nextcloud FileLinks in a way similar to attachments

also:

**As a** user managing a project
**I want** to automatically get the necessary permissions
**So that** I can also manage project storages

**Acceptance criteria**

* After installing the "storages" module, users should be able work with permissions as described above

**Notes**

There is a potential conflict between usability and security

**Rules to implement**

* Users with the right to Begin of the insertion`select_project_modules`End of the insertion Begin of the deletion **select\_project\_modules**End of the deletion (add/remove modules from a project) should also get Begin of the insertion`manage_storages_in_project`End of the insertion Begin of the deletion **manage\_project\_storages**End of the deletion (add/remove storages to/from a project). This is important for usability with very little security risk (as judged by Wieland).
* Users with the right to Begin of the insertion`view_work_packages`End of the insertion Begin of the deletion **view\_work\_packages**End of the deletion should also get Begin of the insertion`view_file_links`.End of the insertion Begin of the deletion **view\_file\_links**.End of the deletion
* Users with the right to Begin of the insertion`edit_work_package`End of the insertion Begin of the deletion **edit\_work\_packages**End of the deletion should also get the right to Begin of the insertion`manage_file_links`.End of the insertion Begin of the deletion **manage\_file\_links.**End of the deletion

**Reference**: Permissions defined the Storages module:

* manage\_file\_links
* view\_file\_links
* manage\_storages\_in\_project