sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated permission macros to give admins access to task-data and proc… (#314) 

* updated permission macros to give admins access to task-data and process-data w/ burnettk

* do not check for write to process-models if diagram is readonly anyway w/ burnettk

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jasquat 2023-06-08 11:39:14 -04:00 committed by GitHub
parent ab5fa70e41
commit 4b2970170c
4 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View File

@ -77,6 +77,7 @@ PATH_SEGMENTS_FOR_PERMISSION_ALL = [
{"path": "/process-instance-terminate", "relevant_permissions": ["create"]}, {"path": "/process-instance-terminate", "relevant_permissions": ["create"]},
{"path": "/process-model-natural-language", "relevant_permissions": ["create"]}, {"path": "/process-model-natural-language", "relevant_permissions": ["create"]},
{"path": "/process-model-publish", "relevant_permissions": ["create"]}, {"path": "/process-model-publish", "relevant_permissions": ["create"]},
{"path": "/process-model-tests", "relevant_permissions": ["create"]},
{"path": "/task-data", "relevant_permissions": ["read", "update"]}, {"path": "/task-data", "relevant_permissions": ["read", "update"]},
] ]
@ -534,6 +535,9 @@ class AuthorizationService:
# read comes from PG and PM permissions # read comes from PG and PM permissions
permissions_to_assign.append(PermissionToAssign(permission="update", target_uri="/task-data/*")) permissions_to_assign.append(PermissionToAssign(permission="update", target_uri="/task-data/*"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/task-data/*"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-data/*"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-data-file-download/*"))
for permission in ["create", "read", "update", "delete"]: for permission in ["create", "read", "update", "delete"]:
permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/process-instances/*")) permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/process-instances/*"))

5
spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
View File

@ -131,6 +131,7 @@ class TestAuthorizationService(BaseTest):
("/process-instances/some-process-group:some-process-model:*", "read"), ("/process-instances/some-process-group:some-process-model:*", "read"),
("/process-model-natural-language/some-process-group:some-process-model:*", "create"), ("/process-model-natural-language/some-process-group:some-process-model:*", "create"),
("/process-model-publish/some-process-group:some-process-model:*", "create"), ("/process-model-publish/some-process-group:some-process-model:*", "create"),
("/process-model-tests/some-process-group:some-process-model:*", "create"),
("/process-models/some-process-group:some-process-model:*", "create"), ("/process-models/some-process-group:some-process-model:*", "create"),
("/process-models/some-process-group:some-process-model:*", "delete"), ("/process-models/some-process-group:some-process-model:*", "delete"),
("/process-models/some-process-group:some-process-model:*", "read"), ("/process-models/some-process-group:some-process-model:*", "read"),
@ -214,6 +215,7 @@ class TestAuthorizationService(BaseTest):
("/process-instances/some-process-group:some-process-model/*", "read"), ("/process-instances/some-process-group:some-process-model/*", "read"),
("/process-model-natural-language/some-process-group:some-process-model/*", "create"), ("/process-model-natural-language/some-process-group:some-process-model/*", "create"),
("/process-model-publish/some-process-group:some-process-model/*", "create"), ("/process-model-publish/some-process-group:some-process-model/*", "create"),
("/process-model-tests/some-process-group:some-process-model/*", "create"),
("/process-models/some-process-group:some-process-model/*", "create"), ("/process-models/some-process-group:some-process-model/*", "create"),
("/process-models/some-process-group:some-process-model/*", "delete"), ("/process-models/some-process-group:some-process-model/*", "delete"),
("/process-models/some-process-group:some-process-model/*", "read"), ("/process-models/some-process-group:some-process-model/*", "read"),
@ -311,6 +313,8 @@ class TestAuthorizationService(BaseTest):
("/debug/*", "create"), ("/debug/*", "create"),
("/messages", "read"), ("/messages", "read"),
("/messages/*", "create"), ("/messages/*", "create"),
("/process-data-file-download/*", "read"),
("/process-data/*", "read"),
("/process-instance-reset/*", "create"), ("/process-instance-reset/*", "create"),
("/process-instance-resume/*", "create"), ("/process-instance-resume/*", "create"),
("/process-instance-suspend/*", "create"), ("/process-instance-suspend/*", "create"),
@ -326,6 +330,7 @@ class TestAuthorizationService(BaseTest):
("/send-event/*", "create"), ("/send-event/*", "create"),
("/task-complete/*", "create"), ("/task-complete/*", "create"),
("/task-data/*", "update"), ("/task-data/*", "update"),
("/task-data/*", "read"),
] ]
) )
permissions_to_assign = AuthorizationService.explode_permissions("all", "ELEVATED") permissions_to_assign = AuthorizationService.explode_permissions("all", "ELEVATED")

16
spiffworkflow-frontend/src/components/ReactDiagramEditor.tsx
View File

@ -124,10 +124,18 @@ export default function ReactDiagramEditor({
const alreadyImportedXmlRef = useRef(false); const alreadyImportedXmlRef = useRef(false);
const { targetUris } = useUriListForPermissions(); const { targetUris } = useUriListForPermissions();
const permissionRequestData: PermissionsToCheck = { const permissionRequestData: PermissionsToCheck = {};
[targetUris.processModelShowPath]: ['PUT'],
[targetUris.processModelFileShowPath]: ['POST', 'GET', 'PUT', 'DELETE'], if (diagramType !== 'readonly') {
}; permissionRequestData[targetUris.processModelShowPath] = ['PUT'];
permissionRequestData[targetUris.processModelFileShowPath] = [
'POST',
'GET',
'PUT',
'DELETE',
];
}
const { ability } = usePermissionFetcher(permissionRequestData); const { ability } = usePermissionFetcher(permissionRequestData);
const navigate = useNavigate(); const navigate = useNavigate();

2
spiffworkflow-frontend/src/hooks/UriListForPermissions.tsx
View File

@ -10,7 +10,7 @@ export const useUriListForPermissions = () => {
processGroupListPath: '/v1.0/process-groups', processGroupListPath: '/v1.0/process-groups',
processGroupShowPath: `/v1.0/process-groups/${params.process_group_id}`, processGroupShowPath: `/v1.0/process-groups/${params.process_group_id}`,
processInstanceActionPath: `/v1.0/process-instances/${params.process_model_id}/${params.process_instance_id}`, processInstanceActionPath: `/v1.0/process-instances/${params.process_model_id}/${params.process_instance_id}`,
processInstanceCompleteTaskPath: `/v1.0/complete-task/${params.process_model_id}/${params.process_instance_id}`, processInstanceCompleteTaskPath: `/v1.0/task-complete/${params.process_model_id}/${params.process_instance_id}`,
processInstanceCreatePath: `/v1.0/process-instances/${params.process_model_id}`, processInstanceCreatePath: `/v1.0/process-instances/${params.process_model_id}`,
processInstanceErrorEventDetails: `/v1.0/event-error-details/${params.process_model_id}/${params.process_instance_id}`, processInstanceErrorEventDetails: `/v1.0/event-error-details/${params.process_model_id}/${params.process_instance_id}`,
processInstanceListPath: '/v1.0/process-instances', processInstanceListPath: '/v1.0/process-instances',