diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index e7765ddbc..927c3a037 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -77,6 +77,7 @@ PATH_SEGMENTS_FOR_PERMISSION_ALL = [ {"path": "/process-instance-terminate", "relevant_permissions": ["create"]}, {"path": "/process-model-natural-language", "relevant_permissions": ["create"]}, {"path": "/process-model-publish", "relevant_permissions": ["create"]}, + {"path": "/process-model-tests", "relevant_permissions": ["create"]}, {"path": "/task-data", "relevant_permissions": ["read", "update"]}, ] @@ -534,6 +535,9 @@ class AuthorizationService: # read comes from PG and PM permissions permissions_to_assign.append(PermissionToAssign(permission="update", target_uri="/task-data/*")) + permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/task-data/*")) + permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-data/*")) + permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-data-file-download/*")) for permission in ["create", "read", "update", "delete"]: permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/process-instances/*")) diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py index 2826ddb10..cabff6e80 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -131,6 +131,7 @@ class TestAuthorizationService(BaseTest): ("/process-instances/some-process-group:some-process-model:*", "read"), ("/process-model-natural-language/some-process-group:some-process-model:*", "create"), ("/process-model-publish/some-process-group:some-process-model:*", "create"), + ("/process-model-tests/some-process-group:some-process-model:*", "create"), ("/process-models/some-process-group:some-process-model:*", "create"), ("/process-models/some-process-group:some-process-model:*", "delete"), ("/process-models/some-process-group:some-process-model:*", "read"), @@ -214,6 +215,7 @@ class TestAuthorizationService(BaseTest): ("/process-instances/some-process-group:some-process-model/*", "read"), ("/process-model-natural-language/some-process-group:some-process-model/*", "create"), ("/process-model-publish/some-process-group:some-process-model/*", "create"), + ("/process-model-tests/some-process-group:some-process-model/*", "create"), ("/process-models/some-process-group:some-process-model/*", "create"), ("/process-models/some-process-group:some-process-model/*", "delete"), ("/process-models/some-process-group:some-process-model/*", "read"), @@ -311,6 +313,8 @@ class TestAuthorizationService(BaseTest): ("/debug/*", "create"), ("/messages", "read"), ("/messages/*", "create"), + ("/process-data-file-download/*", "read"), + ("/process-data/*", "read"), ("/process-instance-reset/*", "create"), ("/process-instance-resume/*", "create"), ("/process-instance-suspend/*", "create"), @@ -326,6 +330,7 @@ class TestAuthorizationService(BaseTest): ("/send-event/*", "create"), ("/task-complete/*", "create"), ("/task-data/*", "update"), + ("/task-data/*", "read"), ] ) permissions_to_assign = AuthorizationService.explode_permissions("all", "ELEVATED") diff --git a/spiffworkflow-frontend/src/components/ReactDiagramEditor.tsx b/spiffworkflow-frontend/src/components/ReactDiagramEditor.tsx index a95c43b7e..1bdb7c824 100644 --- a/spiffworkflow-frontend/src/components/ReactDiagramEditor.tsx +++ b/spiffworkflow-frontend/src/components/ReactDiagramEditor.tsx @@ -124,10 +124,18 @@ export default function ReactDiagramEditor({ const alreadyImportedXmlRef = useRef(false); const { targetUris } = useUriListForPermissions(); - const permissionRequestData: PermissionsToCheck = { - [targetUris.processModelShowPath]: ['PUT'], - [targetUris.processModelFileShowPath]: ['POST', 'GET', 'PUT', 'DELETE'], - }; + const permissionRequestData: PermissionsToCheck = {}; + + if (diagramType !== 'readonly') { + permissionRequestData[targetUris.processModelShowPath] = ['PUT']; + permissionRequestData[targetUris.processModelFileShowPath] = [ + 'POST', + 'GET', + 'PUT', + 'DELETE', + ]; + } + const { ability } = usePermissionFetcher(permissionRequestData); const navigate = useNavigate(); diff --git a/spiffworkflow-frontend/src/hooks/UriListForPermissions.tsx b/spiffworkflow-frontend/src/hooks/UriListForPermissions.tsx index 374d17610..c22ba738e 100644 --- a/spiffworkflow-frontend/src/hooks/UriListForPermissions.tsx +++ b/spiffworkflow-frontend/src/hooks/UriListForPermissions.tsx @@ -10,7 +10,7 @@ export const useUriListForPermissions = () => { processGroupListPath: '/v1.0/process-groups', processGroupShowPath: `/v1.0/process-groups/${params.process_group_id}`, processInstanceActionPath: `/v1.0/process-instances/${params.process_model_id}/${params.process_instance_id}`, - processInstanceCompleteTaskPath: `/v1.0/complete-task/${params.process_model_id}/${params.process_instance_id}`, + processInstanceCompleteTaskPath: `/v1.0/task-complete/${params.process_model_id}/${params.process_instance_id}`, processInstanceCreatePath: `/v1.0/process-instances/${params.process_model_id}`, processInstanceErrorEventDetails: `/v1.0/event-error-details/${params.process_model_id}/${params.process_instance_id}`, processInstanceListPath: '/v1.0/process-instances',