[Bug]: Workflow permissions merge logic overwrites user permissions

[Navino16]

Pimcore version

11.5.14.1 / admin-ui-classic-bundle 1.7.16 (verified also on 12.x / admin-ui-classic-bundle 2.x)

Note: In admin-ui-classic-bundle 2.x, the method is renamed to mergeWorkflowPermissions()

Steps to reproduce

See related issue in pimcore/pimcore repository about isDeniedInWorkflow() null handling.

1. Create a workflow for DataObjects without defining all permission rules
2. Create a user with specific permissions
3. Apply workflow to an object
4. User permissions are incorrectly overwritten

Actual Behavior

In ElementService::adaptPermissionsForWorkflows(), workflow permissions are always merged with user permissions, even when the workflow doesn't define a rule for that permission.

$workflowPermission = [
    'settings' => !$workflowManager->isDeniedInWorkflow($element, 'settings'),
    // ...
];
return array_merge($permissions, $workflowPermission);

When isDeniedInWorkflow() returns false for an undefined permission, !false = true, which then overwrites any existing user permission.

Expected Behavior

Only explicitly defined workflow permissions should be merged. Null/undefined permissions should be filtered out.

Affected file: src/Service/ElementService.php - adaptPermissionsForWorkflows() method

Suggested fix:
Use the new returnNull parameter from Manager::isDeniedInWorkflow() and filter null values before merging:

$workflowPermission = [
    'settings' => $workflowManager->isDeniedInWorkflow($element, 'settings', true),
    // ...
];

// Filter out null values and invert (isDenied -> isAllowed)
$workflowPermission = array_filter($workflowPermission, fn($v) => $v !== null);
$workflowPermission = array_map(fn(bool $v) => !$v, $workflowPermission);

return array_merge($permissions, $workflowPermission);

Related: Requires fix in pimcore/pimcore - lib/Workflow/Manager.php (pimcore/pimcore#18938)