Summary
Require an explicit admin approval step before a form built in the admin UI becomes available for public submission. Authors compose drafts, designated approvers review and publish (or send back with comments), and an audit trail captures every state transition.
Requirements
Context
Form misconfiguration (wrong required fields, leaky PII collection, broken submit URL) is a real failure mode once forms drive event registration and surveys. A required-approval gate gives the leadership team a check before anything lands on the public site.
This depends on #1974 (the form builder integration) being in place so there's something to approve in the first place.
Implementation Notes
- The state machine can live on the `forms` table as a status enum + a small `form_reviews` table for the comment/transition history.
- The audit_log entries pattern follows the existing merge / unmerge / role-change conventions on `/admin/users/*`.
- Consider whether "approve" requires two approvers (review by one, publish by another) — probably overkill for v1; single approver per form.
- Edit-after-publish creates a draft revision — model this as a new row pointing back to the published form via `parent_form_id`, or as a versioned `form_revisions` table; pick whichever fits the builder library's schema model best.
Summary
Require an explicit admin approval step before a form built in the admin UI becomes available for public submission. Authors compose drafts, designated approvers review and publish (or send back with comments), and an audit trail captures every state transition.
Requirements
Context
Form misconfiguration (wrong required fields, leaky PII collection, broken submit URL) is a real failure mode once forms drive event registration and surveys. A required-approval gate gives the leadership team a check before anything lands on the public site.
This depends on #1974 (the form builder integration) being in place so there's something to approve in the first place.
Implementation Notes