added test for perm macros w/ burnettk
This commit is contained in:
jasquat
parent
2f2dc6f98c
commit
22c894c70c
|
|
@ -575,21 +575,21 @@ class AuthorizationService:
|
||||||
"""
|
"""
|
||||||
permissions_to_assign: list[PermissionToAssign] = []
|
permissions_to_assign: list[PermissionToAssign] = []
|
||||||
if target.startswith("PG:"):
|
if target.startswith("PG:"):
|
||||||
process_group_identifier = target.removeprefix("PG:").replace(":", "/")
|
process_group_identifier = target.removeprefix("PG:").replace(":", "/").removeprefix('/')
|
||||||
process_related_path_segment = f"{process_group_identifier}/*"
|
process_related_path_segment = f"{process_group_identifier}/*"
|
||||||
target_uris = []
|
|
||||||
if process_group_identifier == "ALL":
|
if process_group_identifier == "ALL":
|
||||||
process_related_path_segment = "*"
|
process_related_path_segment = "*"
|
||||||
target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"]
|
target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"]
|
||||||
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
|
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
|
||||||
|
|
||||||
elif target.startswith("PM:"):
|
elif target.startswith("PM:"):
|
||||||
process_model_identifier = target.removeprefix("PM:").replace(":", "/")
|
process_model_identifier = target.removeprefix("PM:").replace(":", "/").removeprefix('/')
|
||||||
process_related_path_segment = f"{process_model_identifier}/*"
|
process_related_path_segment = f"{process_model_identifier}/*"
|
||||||
target_uris = []
|
|
||||||
if process_model_identifier == "ALL":
|
if process_model_identifier == "ALL":
|
||||||
process_related_path_segment = "*"
|
process_related_path_segment = "*"
|
||||||
target_uris = [f"/process-models/{process_related_path_segment}"]
|
|
||||||
|
target_uris = [f"/process-models/{process_related_path_segment}"]
|
||||||
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
|
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
|
||||||
|
|
||||||
elif target.startswith("BASIC"):
|
elif target.startswith("BASIC"):
|
||||||
|
|
|
||||||
|
|
@ -144,3 +144,44 @@ class TestAuthorizationService(BaseTest):
|
||||||
ProcessInstanceService.complete_form_task(
|
ProcessInstanceService.complete_form_task(
|
||||||
processor, spiff_task, {}, finance_user, human_task
|
processor, spiff_task, {}, finance_user, human_task
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_explode_permissions_all_on_process_model(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
expected_permissions = [
|
||||||
|
('/logs/some-process-group/some-process-model/*', 'create'),
|
||||||
|
('/logs/some-process-group/some-process-model/*', 'delete'),
|
||||||
|
('/logs/some-process-group/some-process-model/*', 'read'),
|
||||||
|
('/logs/some-process-group/some-process-model/*', 'update'),
|
||||||
|
('/process-groups/some-process-group/some-process-model/*', 'create'),
|
||||||
|
('/process-groups/some-process-group/some-process-model/*', 'delete'),
|
||||||
|
('/process-groups/some-process-group/some-process-model/*', 'read'),
|
||||||
|
('/process-groups/some-process-group/some-process-model/*', 'update'),
|
||||||
|
('/process-instance-suspend/some-process-group/some-process-model/*', 'create'),
|
||||||
|
('/process-instance-suspend/some-process-group/some-process-model/*', 'delete'),
|
||||||
|
('/process-instance-suspend/some-process-group/some-process-model/*', 'read'),
|
||||||
|
('/process-instance-suspend/some-process-group/some-process-model/*', 'update'),
|
||||||
|
('/process-instance-terminate/some-process-group/some-process-model/*', 'create'),
|
||||||
|
('/process-instance-terminate/some-process-group/some-process-model/*', 'delete'),
|
||||||
|
('/process-instance-terminate/some-process-group/some-process-model/*', 'read'),
|
||||||
|
('/process-instance-terminate/some-process-group/some-process-model/*', 'update'),
|
||||||
|
('/process-instances/some-process-group/some-process-model/*', 'create'),
|
||||||
|
('/process-instances/some-process-group/some-process-model/*', 'delete'),
|
||||||
|
('/process-instances/some-process-group/some-process-model/*', 'read'),
|
||||||
|
('/process-instances/some-process-group/some-process-model/*', 'update'),
|
||||||
|
('/process-models/some-process-group/some-process-model/*', 'create'),
|
||||||
|
('/process-models/some-process-group/some-process-model/*', 'delete'),
|
||||||
|
('/process-models/some-process-group/some-process-model/*', 'read'),
|
||||||
|
('/process-models/some-process-group/some-process-model/*', 'update'),
|
||||||
|
('/task-data/some-process-group/some-process-model/*', 'create'),
|
||||||
|
('/task-data/some-process-group/some-process-model/*', 'delete'),
|
||||||
|
('/task-data/some-process-group/some-process-model/*', 'read'),
|
||||||
|
('/task-data/some-process-group/some-process-model/*', 'update'),
|
||||||
|
]
|
||||||
|
permissions_to_assign = AuthorizationService.explode_permissions('all', 'PG:/some-process-group/some-process-model')
|
||||||
|
permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign])
|
||||||
|
assert permissions_to_assign_tuples == expected_permissions
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue