make sasha, harmeet, manuchehr, and admin have desired permissions for demo

This commit is contained in:
burnettk 2022-11-27 21:07:20 -05:00
parent a9a5e2fff9
commit 0ae1a5e89e
7 changed files with 77 additions and 38 deletions

View File

@ -360,6 +360,14 @@
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "f75e4973-b9b6-4ff0-a691-5f900199b17a",
"name" : "view-groups",
"description" : "${role_view-groups}",
"composite" : false,
"clientRole" : true,
"containerId" : "e39b3c85-bb9d-4c73-8250-be087c82ae48",
"attributes" : { }
}, {
"id" : "ae774a41-a274-4f99-9d7f-f4a0d5dbc085",
"name" : "view-applications",
@ -387,7 +395,8 @@
"otpPolicyDigits" : 6,
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
"otpPolicyCodeReusable" : false,
"otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
@ -409,6 +418,28 @@
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
"webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
"users" : [ {
"id" : "5a97144d-4f59-4a8c-b365-463d0577a740",
"createdTimestamp" : 1669600821350,
"username" : "admin",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "",
"lastName" : "",
"credentials" : [ {
"id" : "ef435043-ef0c-407a-af5b-ced13182a408",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1669600831704,
"secretData" : "{\"value\":\"4D4JRvE7kR5nfGiIdrwzK+0drmy3kX++TlT1BTvYix8N83c9FGTPWvxR1Hl4ggEKuCCAEYZnTzVJZY0DcUcN+A==\",\"salt\":\"yI7UkD+mCuq0H35AnNV/KA==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-spiffworkflow" ],
"notBefore" : 0,
"groups" : [ ]
}, {
"id" : "4048e9a7-8afa-4e69-9904-389657221abe",
"createdTimestamp" : 1665517741516,
"username" : "alex",
@ -2130,7 +2161,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper" ]
}
}, {
"id" : "d68e938d-dde6-47d9-bdc8-8e8523eb08cd",
@ -2148,7 +2179,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
"allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper" ]
"allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper" ]
}
}, {
"id" : "3854361d-3fe5-47fb-9417-a99592e3dc5c",
@ -2238,7 +2269,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"id" : "29b6cb47-f90e-4150-ad22-a51cc15e2b31",
"id" : "b30ab201-b13a-405f-bc57-cb5cd934bdc3",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@ -2260,7 +2291,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "7a565558-8cb9-428a-b0b0-b2b8e6e27df9",
"id" : "7d22faa2-1da8-49ae-a2cc-74e9c9f6ed51",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@ -2289,7 +2320,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "3399b155-d1f0-445a-b260-d606feb7927d",
"id" : "ae089cf3-3179-4e12-a683-7969a31be566",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -2311,7 +2342,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "95c39140-3898-4376-bbde-be0063558809",
"id" : "27a21643-2167-4847-a6b4-b07007671d9a",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -2333,7 +2364,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "6eed8cb3-f5b4-4e57-b41a-a96cefee2fcf",
"id" : "0ee33ef7-da6b-4248-81c6-9f4f11b58195",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@ -2355,7 +2386,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "3c22db0a-477b-40bb-833a-46b0b69992d0",
"id" : "e1d02af3-2886-42bb-95f4-bfa6f1299edc",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
@ -2377,7 +2408,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "939c4aad-e96b-4d96-ada1-49a23c645bcb",
"id" : "35cfc75f-70e3-487c-acd7-0627ab1dbdf1",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
@ -2399,7 +2430,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "ae08d416-c43f-4dad-a149-356c3f8ae8b9",
"id" : "cc2f7206-8d15-46db-b974-71e67d4d1077",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@ -2422,7 +2453,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "cbea45de-9155-4b5c-a6df-d93a1ffa2621",
"id" : "d8314533-eacb-40ef-8f44-7c06321e9793",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@ -2444,7 +2475,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "21f3ff6b-b2ea-4d86-9d4d-2a2d244043b4",
"id" : "d58a5ff1-9a9c-45a9-9f97-1324565e9679",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@ -2480,7 +2511,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "6f2dd054-9768-412d-a4d4-6333eb3f85f3",
"id" : "3ea2aed9-12d9-4999-a104-67f5c5f7841a",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@ -2516,7 +2547,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "3a3681cb-5de7-4875-b90f-58d1d07e2bcd",
"id" : "c605af3c-bede-4f8f-a5c5-94176171c82c",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@ -2545,7 +2576,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "1c76ce4f-3419-4647-a311-3579390cced3",
"id" : "901b4d6c-9c27-4d3d-981a-1b5281c1ea2b",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@ -2560,7 +2591,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "079762a1-a1ca-4aaa-beb1-c058ea11d98a",
"id" : "9d1de1bf-b170-4235-92f1-5dfd3ec31c45",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@ -2583,7 +2614,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "04e26750-5823-42b8-b56a-acce89457cb8",
"id" : "8ee6b54f-4d31-4847-9ddc-36cb4c01b92b",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@ -2605,7 +2636,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "564a1742-c2a0-47b6-9c19-59a8a1f9e171",
"id" : "76d3380b-218b-443d-a3ea-bea712f4a1f4",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
@ -2627,7 +2658,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "dd0b51b1-13de-4bf0-a024-bcd74fb9328d",
"id" : "cd756473-4606-4150-9ba5-5b96e6f39c3a",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@ -2643,7 +2674,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "8b17eabe-4ffb-448f-88b2-9cf92e4c4bbd",
"id" : "574fcee6-e152-4069-b328-a7fe33aded3a",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@ -2679,7 +2710,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "1b5ab651-8ccc-40db-bc74-7da9e0fc4909",
"id" : "e5a890ee-140a-4ab3-8d79-87e3499385b0",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
@ -2715,7 +2746,7 @@
"userSetupAllowed" : false
} ]
}, {
"id" : "1c50ddbb-5e14-43c0-b0ad-a92db16b78c6",
"id" : "6243167c-7e2e-4cc7-b35d-bad7862dc9ef",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@ -2731,13 +2762,13 @@
} ]
} ],
"authenticatorConfig" : [ {
"id" : "99e421d5-9650-46db-8f9c-1363ec50b78e",
"id" : "ae605746-d169-4a81-8348-b5f52e07ae14",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"id" : "75a7b814-a012-4941-a768-08162597214c",
"id" : "c5feb20c-eea5-4556-b9f8-797be4d67e26",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
@ -2817,13 +2848,14 @@
"clientOfflineSessionIdleTimeout" : "0",
"actionTokenGeneratedByUserLifespan-reset-credentials" : "",
"cibaInterval" : "5",
"realmReusableOtpCode" : "false",
"cibaExpiresIn" : "120",
"oauth2DeviceCodeLifespan" : "600",
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
"parRequestUriLifespan" : "60",
"clientSessionMaxLifespan" : "0"
},
"keycloakVersion" : "19.0.3",
"keycloakVersion" : "20.0.1",
"userManagedAccessAllowed" : false,
"clientProfiles" : {
"profiles" : [ ]

View File

@ -4,6 +4,7 @@ groups:
admin:
users:
[
admin,
jakub,
kb,
alex,
@ -16,9 +17,6 @@ groups:
elizabeth,
jon,
natalia,
harmeet,
sasha,
manuchehr,
]
Finance Team:
@ -64,12 +62,17 @@ groups:
core,
fin,
fin1,
harmeet,
lead,
lead1
]
core-contributor:
users: [core]
users:
[
core,
harmeet,
]
permissions:
admin:

View File

@ -4,6 +4,7 @@ groups:
admin:
users:
[
admin,
jakub,
kb,
alex,
@ -16,9 +17,6 @@ groups:
elizabeth,
jon,
natalia,
harmeet,
sasha,
manuchehr,
]
Finance Team:
@ -64,12 +62,17 @@ groups:
core,
fin,
fin1,
harmeet,
lead,
lead1
]
core-contributor:
users: [core]
users:
[
core,
harmeet,
]
permissions:
admin:

View File

@ -112,7 +112,7 @@ class ProcessInstanceModel(SpiffworkflowBaseDBModel):
"bpmn_version_control_identifier": self.bpmn_version_control_identifier,
"bpmn_version_control_type": self.bpmn_version_control_type,
"spiff_step": self.spiff_step,
"username": self.process_initiator.username
"username": self.process_initiator.username,
}
@property

View File

@ -814,7 +814,9 @@ def process_instance_list(
# process_model_identifier = un_modify_modified_process_model_id(modified_process_model_identifier)
process_instance_query = ProcessInstanceModel.query
# Always join that hot user table for good performance at serialization time.
process_instance_query = process_instance_query.options(joinedload(ProcessInstanceModel.process_initiator))
process_instance_query = process_instance_query.options(
joinedload(ProcessInstanceModel.process_initiator)
)
if report_filter.process_model_identifier is not None:
process_model = get_process_model(

View File

@ -125,7 +125,6 @@ class ProcessInstanceReportService:
{"Header": "end_in_seconds", "accessor": "end_in_seconds"},
{"Header": "username", "accessor": "username"},
{"Header": "status", "accessor": "status"},
],
"filter_by": [
{