From 22c894c70cc4ce7b30eafe2fc5003dcf2c0eee39 Mon Sep 17 00:00:00 2001 From: jasquat Date: Wed, 21 Dec 2022 17:38:56 -0500 Subject: [PATCH] added test for perm macros w/ burnettk --- .../services/authorization_service.py | 12 +++--- .../unit/test_authorization_service.py | 41 +++++++++++++++++++ 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index ac6ac4c52..80fbc627a 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -575,21 +575,21 @@ class AuthorizationService: """ permissions_to_assign: list[PermissionToAssign] = [] if target.startswith("PG:"): - process_group_identifier = target.removeprefix("PG:").replace(":", "/") + process_group_identifier = target.removeprefix("PG:").replace(":", "/").removeprefix('/') process_related_path_segment = f"{process_group_identifier}/*" - target_uris = [] if process_group_identifier == "ALL": process_related_path_segment = "*" - target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"] + target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"] permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris) elif target.startswith("PM:"): - process_model_identifier = target.removeprefix("PM:").replace(":", "/") + process_model_identifier = target.removeprefix("PM:").replace(":", "/").removeprefix('/') process_related_path_segment = f"{process_model_identifier}/*" - target_uris = [] + if process_model_identifier == "ALL": process_related_path_segment = "*" - target_uris = [f"/process-models/{process_related_path_segment}"] + + target_uris = [f"/process-models/{process_related_path_segment}"] permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris) elif target.startswith("BASIC"): diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py index f42746289..ee77a2425 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -144,3 +144,44 @@ class TestAuthorizationService(BaseTest): ProcessInstanceService.complete_form_task( processor, spiff_task, {}, finance_user, human_task ) + + def test_explode_permissions_all_on_process_model( + self, + app: Flask, + client: FlaskClient, + with_db_and_bpmn_file_cleanup: None, + with_super_admin_user: UserModel, + ) -> None: + expected_permissions = [ + ('/logs/some-process-group/some-process-model/*', 'create'), + ('/logs/some-process-group/some-process-model/*', 'delete'), + ('/logs/some-process-group/some-process-model/*', 'read'), + ('/logs/some-process-group/some-process-model/*', 'update'), + ('/process-groups/some-process-group/some-process-model/*', 'create'), + ('/process-groups/some-process-group/some-process-model/*', 'delete'), + ('/process-groups/some-process-group/some-process-model/*', 'read'), + ('/process-groups/some-process-group/some-process-model/*', 'update'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'create'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'delete'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'read'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'update'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'create'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'delete'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'read'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'update'), + ('/process-instances/some-process-group/some-process-model/*', 'create'), + ('/process-instances/some-process-group/some-process-model/*', 'delete'), + ('/process-instances/some-process-group/some-process-model/*', 'read'), + ('/process-instances/some-process-group/some-process-model/*', 'update'), + ('/process-models/some-process-group/some-process-model/*', 'create'), + ('/process-models/some-process-group/some-process-model/*', 'delete'), + ('/process-models/some-process-group/some-process-model/*', 'read'), + ('/process-models/some-process-group/some-process-model/*', 'update'), + ('/task-data/some-process-group/some-process-model/*', 'create'), + ('/task-data/some-process-group/some-process-model/*', 'delete'), + ('/task-data/some-process-group/some-process-model/*', 'read'), + ('/task-data/some-process-group/some-process-model/*', 'update'), + ] + permissions_to_assign = AuthorizationService.explode_permissions('all', 'PG:/some-process-group/some-process-model') + permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign]) + assert permissions_to_assign_tuples == expected_permissions