From 41c18ea4ecee6f6109474cfada9d43b196afcecc Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 22 Dec 2022 17:12:21 -0500 Subject: [PATCH] added test to check only privileged users can call refresh_permissions w/ burnettk --- .../scripts/refresh_permissions.py | 4 +- .../refresh_permisions.bpmn | 39 ++++++++++++++ .../scripts/test_refresh_permissions.py | 51 +++++++++++++++++++ 3 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 spiffworkflow-backend/tests/data/script_refresh_permissions/refresh_permisions.bpmn create mode 100644 spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_refresh_permissions.py diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/refresh_permissions.py b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/refresh_permissions.py index 8c97fe60d..4981af93d 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/refresh_permissions.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/refresh_permissions.py @@ -8,8 +8,8 @@ from spiffworkflow_backend.scripts.script import Script from spiffworkflow_backend.services.authorization_service import AuthorizationService -class RecreatePermissions(Script): - """RecreatePermissions.""" +class RefreshPermissions(Script): + """RefreshPermissions.""" def get_description(self) -> str: """Get_description.""" diff --git a/spiffworkflow-backend/tests/data/script_refresh_permissions/refresh_permisions.bpmn b/spiffworkflow-backend/tests/data/script_refresh_permissions/refresh_permisions.bpmn new file mode 100644 index 000000000..630cd1221 --- /dev/null +++ b/spiffworkflow-backend/tests/data/script_refresh_permissions/refresh_permisions.bpmn @@ -0,0 +1,39 @@ + + + + + Flow_01cweoc + + + + Flow_1xle2yo + + + + Flow_01cweoc + Flow_1xle2yo + refresh_permissions([]) + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_refresh_permissions.py b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_refresh_permissions.py new file mode 100644 index 000000000..a686ae6f4 --- /dev/null +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_refresh_permissions.py @@ -0,0 +1,51 @@ +"""Test_get_localtime.""" +from flask_bpmn.api.api_error import ApiError +import pytest + +from flask.app import Flask +from flask.testing import FlaskClient +from tests.spiffworkflow_backend.helpers.base_test import BaseTest +from tests.spiffworkflow_backend.helpers.test_data import load_test_spec + +from spiffworkflow_backend.services.process_instance_processor import ( + ProcessInstanceProcessor, +) + + +class TestRefreshPermissions(BaseTest): + """TestRefreshPermissions.""" + + def test_refresh_permissions_requires_elevated_permission( + self, + app: Flask, + client: FlaskClient, + with_db_and_bpmn_file_cleanup: None, + ) -> None: + """Test_refresh_permissions_requires_elevated_permission.""" + basic_user = self.find_or_create_user("basic_user") + privileged_user = self.find_or_create_user("privileged_user") + self.add_permissions_to_user( + privileged_user, + target_uri="/can-run-privileged-script/refresh_permissions", + permission_names=["create"], + ) + process_model = load_test_spec( + process_model_id="refresh_permissions", + process_model_source_directory="script_refresh_permissions", + ) + process_instance = self.create_process_instance_from_process_model( + process_model=process_model, user=basic_user + ) + + processor = ProcessInstanceProcessor(process_instance) + + with pytest.raises(ApiError) as exception: + processor.do_engine_steps(save=True) + assert "ScriptUnauthorizedForUserError" in str(exception) + + process_instance = self.create_process_instance_from_process_model( + process_model=process_model, user=privileged_user + ) + processor = ProcessInstanceProcessor(process_instance) + processor.do_engine_steps(save=True) + assert process_instance.status == "complete"