Merge pull request #240 from sartography/feature/signal-permissions

Feature/signal permissions

spiffworkflow-backend/src/spiffworkflow_backend/api.yml

@@ -1588,9 +1588,9 @@ paths:
         required: true
         description: The unique id of the process instance
         schema:
-          type: string
+          type: integer
     post:
-      operationId: spiffworkflow_backend.routes.process_api_blueprint.send_bpmn_event
+      operationId: spiffworkflow_backend.routes.process_instances_controller.send_bpmn_event
       summary: Send a BPMN event to the process
       tags:
         - Process Instances
@@ -1779,6 +1779,27 @@ paths:
               schema:
                 $ref: "#/components/schemas/OkTrue"
 
+  /tasks/{process_instance_id}/send-user-signal-event:
+    parameters:
+      - name: process_instance_id
+        in: path
+        required: true
+        description: The unique id of the process instance
+        schema:
+          type: integer
+    post:
+      operationId: spiffworkflow_backend.routes.process_instances_controller.send_user_signal_event
+      summary: Send a BPMN event to the process
+      tags:
+        - Process Instances
+      responses:
+        "200":
+          description: Event Sent Successfully
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Workflow"
+
   /messages:
     parameters:
       - name: process_instance_id

spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py

@@ -31,7 +31,6 @@ from spiffworkflow_backend.services.process_caller_service import ProcessCallerS
 from spiffworkflow_backend.services.process_instance_processor import (
     ProcessInstanceProcessor,
 )
-from spiffworkflow_backend.services.process_instance_service import ProcessInstanceService
 from spiffworkflow_backend.services.process_model_service import ProcessModelService
 
 
@@ -189,25 +188,6 @@ def _get_required_parameter_or_raise(parameter: str, post_body: dict[str, Any])
     return return_value
 
 
-def send_bpmn_event(
-    modified_process_model_identifier: str,
-    process_instance_id: str,
-    body: Dict,
-) -> Response:
-    """Send a bpmn event to a workflow."""
-    process_instance = ProcessInstanceModel.query.filter(ProcessInstanceModel.id == int(process_instance_id)).first()
-    if process_instance:
-        processor = ProcessInstanceProcessor(process_instance)
-        processor.send_bpmn_event(body)
-        task = ProcessInstanceService.spiff_task_to_api_task(processor, processor.next_task())
-        return make_response(jsonify(task), 200)
-    else:
-        raise ApiError(
-            error_code="send_bpmn_event_error",
-            message=f"Could not send event to Instance: {process_instance_id}",
-        )
-
-
 def _commit_and_push_to_git(message: str) -> None:
     """Commit_and_push_to_git."""
     if current_app.config["SPIFFWORKFLOW_BACKEND_GIT_COMMIT_ON_SAVE"]:

spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py

@@ -642,6 +642,38 @@ def process_instance_find_by_id(
     return make_response(jsonify(response_json), 200)
 
 
+def send_user_signal_event(
+    process_instance_id: int,
+    body: Dict,
+) -> Response:
+    """Send a user signal event to a process instance."""
+    process_instance = _find_process_instance_for_me_or_raise(process_instance_id)
+    return _send_bpmn_event(process_instance, body)
+
+
+def send_bpmn_event(
+    modified_process_model_identifier: str,
+    process_instance_id: int,
+    body: Dict,
+) -> Response:
+    """Send a bpmn event to a process instance."""
+    process_instance = ProcessInstanceModel.query.filter(ProcessInstanceModel.id == int(process_instance_id)).first()
+    if process_instance:
+        return _send_bpmn_event(process_instance, body)
+    else:
+        raise ApiError(
+            error_code="send_bpmn_event_error",
+            message=f"Could not send event to Instance: {process_instance_id}",
+        )
+
+
+def _send_bpmn_event(process_instance: ProcessInstanceModel, body: dict) -> Response:
+    processor = ProcessInstanceProcessor(process_instance)
+    processor.send_bpmn_event(body)
+    task = ProcessInstanceService.spiff_task_to_api_task(processor, processor.next_task())
+    return make_response(jsonify(task), 200)
+
+
 def _get_process_instance(
     modified_process_model_identifier: str,
     process_instance: ProcessInstanceModel,

spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py

@@ -532,8 +532,10 @@ class AuthorizationService:
         #   1. view your own instances.
         #   2. view the logs for these instances.
         if permission_set == "start":
-            target_uri = f"/process-instances/{process_related_path_segment}"
-            permissions_to_assign.append(PermissionToAssign(permission="create", target_uri=target_uri))
+            path_prefixes_that_allow_create_access = ["process-instances"]
+            for path_prefix in path_prefixes_that_allow_create_access:
+                target_uri = f"/{path_prefix}/{process_related_path_segment}"
+                permissions_to_assign.append(PermissionToAssign(permission="create", target_uri=target_uri))
 
             # giving people access to all logs for an instance actually gives them a little bit more access
             # than would be optimal. ideally, you would only be able to view the logs for instances that you started

spiffworkflow-frontend/src/routes/ProcessInstanceShow.tsx

@@ -733,7 +733,7 @@ export default function ProcessInstanceShow({ variant }: OwnProps) {
     if ('payload' in eventToSend)
       eventToSend.payload = JSON.parse(eventPayload);
     HttpService.makeCallToBackend({
-      path: `/send-event/${modifiedProcessModelId}/${params.process_instance_id}`,
+      path: targetUris.processInstanceSendEventPath,
       httpMethod: 'POST',
       successCallback: saveTaskDataResult,
       failureCallback: addError,