making workflow policies rdm enabled

oarepo_workflows/services/permissions/record_permission_policy.py

@@ -106,7 +106,7 @@ class WorkflowRecordPermissionPolicy(RecordPermissionPolicy):
     @property
     def query_filters(self) -> list[dict]:
         """Return query filters from the delegated workflow permissions."""
-        if not (self.action == "read" or self.action == "read_draft"):
+        if self.action not in ("read", "read_draft", "read_deleted"):
             return super().query_filters
         workflows = current_oarepo_workflows.record_workflows
         queries = []

oarepo_workflows/services/permissions/workflow_permissions.py

@@ -58,6 +58,13 @@ def __init__(self, action_name: str | None = None, **over: Any) -> None:
         IfInState("draft", [RecordOwners()]),
         IfInState("published", [AuthenticatedUser()]),
     ]
+    # can_read_deleted is used by RDM. As long as workflows are
+    # not intended for rdm records only, we need to keep this permission
+    # simple and the implementation must use RDM-based implementation
+    #
+    # TODO: we should provide somewhere RDM aware workflow permissions
+    # so that repositories can use them out of the box
+    can_read_deleted = [SystemProcess()]
     can_update = [IfInState("draft", [RecordOwners()])]
     can_delete = [
         IfInState("draft", [RecordOwners()]),