Non-admin user unable to define email recipients

[brynwhyman]

Overview

Only a user with the permission "Full administrator access" is able to set email recipients. For users who have enough permissions to 'Access to Pages; Access to Files; View any page; Edit any page; View draft content' are presented with a 403 when trying to perform this action.

Steps to recreate

1. Have a CMS user with all permissions, except "Full administrator access"
2. Create a have a user defined form page (or block)
3. Attempt to add an email recipient
4. Expected result: An email recipient is saved
5. Actual result: The CMS presents an error modal and the console reports a 403 error.

Acceptance criteria

• All the "can" method on the UserFormRecipient DataObject reference the methods on the parent UserForm.
  • CanDelete, CanCreate and CanEdit on UserFormRecipient are mapped to CanEdit on the UserForm
• This works both for UserFormPage and UserForm Elemental Block.

PRs

• FIX/API Always set polymorphic class name in gridfield on new records. silverstripe-framework#10297

[GuySartorelli]

Cannot reproduce with a userforms page - but I do get this issue with a userforms block.

[GuySartorelli]

This is being caused by getFormParent() trying to use the polymorphic relation to identify which form it's attached to, but while FormID has been set, FormClass has not, so it doesn't know which class to use for the DB query to get the form.
I find it strange that the ID would be set but not the class - I will see if I can track down where that's happening, as really if either is being set they both should.

Note that getFormParent() is also used for generating various fields in the form, so even an admin creating a new recipient will see less fields available for a new recipient in an elemental userform (though the fields do appear once the record is created).