Read workflows.

src/Squidex.Domain.Apps.Core.Model/Apps/Role.cs

@@ -71,7 +71,8 @@ namespace Squidex.Domain.Apps.Core.Apps
             return new Role(Editor,
                 P.ForApp(P.AppAssets, app),
                 P.ForApp(P.AppCommon, app),
-                P.ForApp(P.AppContents, app));
+                P.ForApp(P.AppContents, app),
+                P.ForApp(P.AppWorkflowsRead, app));
         }
 
         public static Role CreateReader(string app)

src/Squidex/Areas/Api/Controllers/Apps/Models/AppDto.cs

@@ -177,6 +177,11 @@ namespace Squidex.Areas.Api.Controllers.Apps.Models
                 AddGetLink("schemas", controller.Url<SchemasController>(x => nameof(x.GetSchemas), values));
             }
 
+            if (controller.HasPermission(AllPermissions.AppWorkflowsRead, Name, permissions: permissions))
+            {
+                AddGetLink("workflows", controller.Url<AppWorkflowsController>(x => nameof(x.GetWorkflow), values));
+            }
+
             if (controller.HasPermission(AllPermissions.AppSchemasCreate, Name, permissions: permissions))
             {
                 AddPostLink("schemas/create", controller.Url<SchemasController>(x => nameof(x.PostSchema), values));

src/Squidex/app/shared/services/apps.service.ts

@@ -35,7 +35,7 @@ export class AppDto {
     public readonly canReadRoles: boolean;
     public readonly canReadRules: boolean;
     public readonly canReadSchemas: boolean;
-    public readonly canReadWorkflows: boolean = true;
+    public readonly canReadWorkflows: boolean;
     public readonly canUploadAssets: boolean;
 
     constructor(links: ResourceLinks,
@@ -63,6 +63,7 @@ export class AppDto {
         this.canReadRoles = hasAnyLink(links, 'roles');
         this.canReadRules = hasAnyLink(links, 'rules');
         this.canReadSchemas = hasAnyLink(links, 'schemas');
+        this.canReadWorkflows = hasAnyLink(links, 'workflows');
         this.canUploadAssets = hasAnyLink(links, 'assets/create');
     }
 }