mirror of
https://github.com/sartography/spiff-arena.git
synced 2025-01-13 11:05:56 +00:00
message-model-perm-check (#1805)
* check if user has permissions to messages before attempting call w/ burnettk * fixed variable typo w/ burnettk --------- Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
parent
582d9325fc
commit
5e3831f4d6
@ -55,7 +55,6 @@ elif [[ "$use_local_open_id" == "true" ]]; then
|
|||||||
export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__uri="${backend_base_url}/openid"
|
export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__uri="${backend_base_url}/openid"
|
||||||
export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_id="spiffworkflow-backend"
|
export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_id="spiffworkflow-backend"
|
||||||
export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_secret="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
|
export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_secret="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
|
||||||
export SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME="example.yml"
|
|
||||||
|
|
||||||
# else # uncomment to test multiple auths
|
# else # uncomment to test multiple auths
|
||||||
# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__identifier="keycloak_internal"
|
# export SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__identifier="keycloak_internal"
|
||||||
|
@ -1,14 +1,19 @@
|
|||||||
users:
|
users:
|
||||||
admin:
|
admin:
|
||||||
service: local_open_id
|
service: local_open_id
|
||||||
email: admin@spiffworkflow.org
|
email: admin@example.com
|
||||||
password: admin
|
password: admin
|
||||||
preferred_username: Admin
|
preferred_username: Admin
|
||||||
nelson:
|
nelson:
|
||||||
service: local_open_id
|
service: local_open_id
|
||||||
email: nelson@spiffworkflow.org
|
email: nelson@example.com
|
||||||
password: nelson
|
password: nelson
|
||||||
preferred_username: Nelson
|
preferred_username: Nelson
|
||||||
|
dan:
|
||||||
|
service: local_open_id
|
||||||
|
email: dan@example.com
|
||||||
|
password: dan
|
||||||
|
preferred_username: dan
|
||||||
groups:
|
groups:
|
||||||
admin:
|
admin:
|
||||||
users: [admin@spiffworkflow.org, nelson@spiffworkflow.org]
|
users: [admin@spiffworkflow.org, nelson@spiffworkflow.org]
|
||||||
|
@ -8,6 +8,7 @@ export const useUriListForPermissions = () => {
|
|||||||
authenticationListPath: `/v1.0/authentications`,
|
authenticationListPath: `/v1.0/authentications`,
|
||||||
statusPath: `/v1.0/status`,
|
statusPath: `/v1.0/status`,
|
||||||
messageInstanceListPath: '/v1.0/messages',
|
messageInstanceListPath: '/v1.0/messages',
|
||||||
|
messageModelListPath: `/v1.0/message-models/${params.process_model_id}`,
|
||||||
dataStoreListPath: '/v1.0/data-stores',
|
dataStoreListPath: '/v1.0/data-stores',
|
||||||
extensionListPath: '/v1.0/extensions',
|
extensionListPath: '/v1.0/extensions',
|
||||||
extensionPath: `/v1.0/extensions/${params.page_identifier}`,
|
extensionPath: `/v1.0/extensions/${params.page_identifier}`,
|
||||||
|
@ -47,6 +47,7 @@ import {
|
|||||||
import {
|
import {
|
||||||
CarbonComboBoxProcessSelection,
|
CarbonComboBoxProcessSelection,
|
||||||
CorrelationProperties,
|
CorrelationProperties,
|
||||||
|
PermissionsToCheck,
|
||||||
ProcessFile,
|
ProcessFile,
|
||||||
ProcessModel,
|
ProcessModel,
|
||||||
ProcessReference,
|
ProcessReference,
|
||||||
@ -59,6 +60,8 @@ import useScriptAssistEnabled from '../hooks/useScriptAssistEnabled';
|
|||||||
import useProcessScriptAssistMessage from '../hooks/useProcessScriptAssistQuery';
|
import useProcessScriptAssistMessage from '../hooks/useProcessScriptAssistQuery';
|
||||||
import SpiffTooltip from '../components/SpiffTooltip';
|
import SpiffTooltip from '../components/SpiffTooltip';
|
||||||
import { MessageEditor } from '../components/messages/MessageEditor';
|
import { MessageEditor } from '../components/messages/MessageEditor';
|
||||||
|
import { useUriListForPermissions } from '../hooks/UriListForPermissions';
|
||||||
|
import { usePermissionFetcher } from '../hooks/PermissionService';
|
||||||
|
|
||||||
export default function ProcessModelEditDiagram() {
|
export default function ProcessModelEditDiagram() {
|
||||||
const [showFileNameEditor, setShowFileNameEditor] = useState(false);
|
const [showFileNameEditor, setShowFileNameEditor] = useState(false);
|
||||||
@ -115,6 +118,12 @@ export default function ProcessModelEditDiagram() {
|
|||||||
const { setScriptAssistQuery, scriptAssistLoading, scriptAssistResult } =
|
const { setScriptAssistQuery, scriptAssistLoading, scriptAssistResult } =
|
||||||
useProcessScriptAssistMessage();
|
useProcessScriptAssistMessage();
|
||||||
|
|
||||||
|
const { targetUris } = useUriListForPermissions();
|
||||||
|
const permissionRequestData: PermissionsToCheck = {
|
||||||
|
[targetUris.messageModelListPath]: ['GET'],
|
||||||
|
};
|
||||||
|
const { ability } = usePermissionFetcher(permissionRequestData);
|
||||||
|
|
||||||
function handleEditorDidMount(editor: any, monaco: any) {
|
function handleEditorDidMount(editor: any, monaco: any) {
|
||||||
// here is the editor instance
|
// here is the editor instance
|
||||||
// you can store it in `useRef` for further usage
|
// you can store it in `useRef` for further usage
|
||||||
@ -455,10 +464,18 @@ export default function ProcessModelEditDiagram() {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
const onMessagesRequested = (event: any) => {
|
const onMessagesRequested = (event: any) => {
|
||||||
HttpService.makeCallToBackend({
|
// it is perfectly reasonable to access the edit diagram page in read only mode when you actually don't have access to edit.
|
||||||
path: `/message-models/${modifiedProcessModelId}`,
|
// this is awkward in terms of functionality like this, where we are fetching the relevant list of messages to show in the
|
||||||
successCallback: makeMessagesRequestedHandler(event),
|
// properties panel. since message_model_list is a different permission, you may not have access to it even though you have
|
||||||
});
|
// access to the read the process model. we also considered automatically giving you access to read message_model_list
|
||||||
|
// when you have read access to the process model, but this seemed easier and more in line with the current backend permission system,
|
||||||
|
// where we normally only pork barrel permissions on top of "start" and "all."
|
||||||
|
if (ability.can('GET', targetUris.messageModelListPath)) {
|
||||||
|
HttpService.makeCallToBackend({
|
||||||
|
path: targetUris.messageModelListPath,
|
||||||
|
successCallback: makeMessagesRequestedHandler(event),
|
||||||
|
});
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user