sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feature/user-guest-sign-in-fixes (#479) 

* do not change guest user permissions when running refresh_permissions w/ burnettk

* linting

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jasquat 2023-09-08 16:32:37 -04:00 committed by GitHub
parent 912886f3e6
commit 42b44cef07
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View File

@ -14,6 +14,7 @@ from flask import request
from flask import scaffold from flask import scaffold
from spiffworkflow_backend.helpers.api_version import V1_API_PATH_PREFIX from spiffworkflow_backend.helpers.api_version import V1_API_PATH_PREFIX
from spiffworkflow_backend.models.db import db from spiffworkflow_backend.models.db import db
from spiffworkflow_backend.models.group import SPIFF_GUEST_GROUP
from spiffworkflow_backend.models.group import GroupModel from spiffworkflow_backend.models.group import GroupModel
from spiffworkflow_backend.models.human_task import HumanTaskModel from spiffworkflow_backend.models.human_task import HumanTaskModel
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
@ -21,6 +22,7 @@ from spiffworkflow_backend.models.permission_target import PermissionTargetModel
from spiffworkflow_backend.models.principal import MissingPrincipalError from spiffworkflow_backend.models.principal import MissingPrincipalError
from spiffworkflow_backend.models.principal import PrincipalModel from spiffworkflow_backend.models.principal import PrincipalModel
from spiffworkflow_backend.models.task import TaskModel # noqa: F401 from spiffworkflow_backend.models.task import TaskModel # noqa: F401
from spiffworkflow_backend.models.user import SPIFF_GUEST_USER
from spiffworkflow_backend.models.user import UserModel from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.models.user_group_assignment import UserGroupAssignmentModel from spiffworkflow_backend.models.user_group_assignment import UserGroupAssignmentModel
from spiffworkflow_backend.routes.openid_blueprint import openid_blueprint from spiffworkflow_backend.routes.openid_blueprint import openid_blueprint
@ -836,7 +838,7 @@ class AuthorizationService:
if user_model: if user_model:
cls.associate_user_with_group(user_model, default_group) cls.associate_user_with_group(user_model, default_group)
else: else:
for user in UserModel.query.all(): for user in UserModel.query.filter(UserModel.username.not_in([SPIFF_GUEST_USER])).all(): # type: ignore
cls.associate_user_with_group(user, default_group) cls.associate_user_with_group(user, default_group)
return { return {
@ -867,7 +869,7 @@ class AuthorizationService:
if ( if (
current_app.config["SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP"] is None current_app.config["SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP"] is None
or current_app.config["SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP"] != iutga.group.identifier or current_app.config["SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP"] != iutga.group.identifier
): ) and (iutga.group.identifier != SPIFF_GUEST_GROUP and iutga.user.username != SPIFF_GUEST_USER):
current_user_dict: UserToGroupDict = { current_user_dict: UserToGroupDict = {
"username": iutga.user.username, "username": iutga.user.username,
"group_identifier": iutga.group.identifier, "group_identifier": iutga.group.identifier,
@ -877,6 +879,7 @@ class AuthorizationService:
# do not remove the default user group # do not remove the default user group
added_group_identifiers.add(current_app.config["SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP"]) added_group_identifiers.add(current_app.config["SPIFFWORKFLOW_BACKEND_DEFAULT_USER_GROUP"])
added_group_identifiers.add(SPIFF_GUEST_GROUP)
groups_to_delete = GroupModel.query.filter(GroupModel.identifier.not_in(added_group_identifiers)).all() groups_to_delete = GroupModel.query.filter(GroupModel.identifier.not_in(added_group_identifiers)).all()
for gtd in groups_to_delete: for gtd in groups_to_delete:
db.session.delete(gtd) db.session.delete(gtd)