diff --git a/spiffworkflow-backend/bin/start_keycloak b/spiffworkflow-backend/bin/start_keycloak index 002c2668a..32b502ca0 100755 --- a/spiffworkflow-backend/bin/start_keycloak +++ b/spiffworkflow-backend/bin/start_keycloak @@ -27,7 +27,7 @@ docker run \ -e KEYCLOAK_LOGLEVEL=ALL \ -e ROOT_LOGLEVEL=ALL \ -e KEYCLOAK_ADMIN=admin \ - -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:19.0.3 start-dev \ + -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.1 start-dev \ -Dkeycloak.profile.feature.token_exchange=enabled \ -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml index fe48bf66b..81ea92255 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml @@ -58,28 +58,33 @@ groups: lead1, ] + demo: + users: + [ + core, + fin, + fin1, + lead, + lead1 + ] + core-contributor: users: [core] permissions: + admin: + groups: [admin] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /* + tasks-crud: groups: [everybody] users: [] allowed_permissions: [create, read, update, delete] uri: /v1.0/tasks/* - admin: - groups: [admin] - users: [] - allowed_permissions: [create, read, update, delete, list, instantiate] - uri: /* - - read-all: - groups: ["Finance Team", "Project Lead", admin] - users: [] - allowed_permissions: [read] - uri: /* - + # read all for everybody read-all-process-groups: groups: [everybody] users: [] @@ -90,17 +95,18 @@ permissions: users: [] allowed_permissions: [read] uri: /v1.0/process-models/* - read-process-instance-list: + read-all-process-instance: groups: [everybody] users: [] allowed_permissions: [read] - uri: /v1.0/process-instances + uri: /v1.0/process-instances/* read-process-instance-reports: groups: [everybody] users: [] allowed_permissions: [read] uri: /v1.0/process-instances/reports/* + manage-procurement-admin: groups: ["Project Lead"] users: [] @@ -136,89 +142,45 @@ permissions: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* - finance-admin-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* - finance-admin-models: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* - finance-admin-models-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* - finance-admin-instances: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* - finance-admin-instances-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:* - core-admin: - groups: ["core-contributor"] + demo-models-instantiate-vendor-block: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* - core-admin-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-block/process-instances + demo-models-instantiate-vendor-change: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* - core-admin-models: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-change/process-instances + demo-models-instantiate-vendor-creation: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* - core-admin-models-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances + demo-models-instantiate-vendor-core-invoice_appoval: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances + core-admin-models-instantiate: groups: ["core-contributor"] users: [] allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances core-admin-instances: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-instances-slash: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* - core1-admin: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/misc:category_number_one:* - core1-admin-slash: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/misc:category_number_one/* - core1-admin-models: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/misc:category_number_one:process-model-with-form:* - core1-admin-models-slash: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/misc:category_number_one:process-model-with-form/* core1-admin-models-instantiate: groups: ["core-contributor"] users: [] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml index a0736e520..23389273b 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml @@ -58,28 +58,33 @@ groups: lead1, ] + demo: + users: + [ + core, + fin, + fin1, + lead, + lead1 + ] + core-contributor: users: [core] permissions: + admin: + groups: [admin] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /* + tasks-crud: groups: [everybody] users: [] allowed_permissions: [create, read, update, delete] uri: /v1.0/tasks/* - admin: - groups: [admin] - users: [] - allowed_permissions: [create, read, update, delete, list, instantiate] - uri: /* - - read-all: - groups: ["Finance Team", "Project Lead", admin] - users: [] - allowed_permissions: [read] - uri: /* - + # read all for everybody read-all-process-groups: groups: [everybody] users: [] @@ -90,17 +95,18 @@ permissions: users: [] allowed_permissions: [read] uri: /v1.0/process-models/* - read-process-instance-list: + read-all-process-instance: groups: [everybody] users: [] allowed_permissions: [read] - uri: /v1.0/process-instances + uri: /v1.0/process-instances/* read-process-instance-reports: groups: [everybody] users: [] allowed_permissions: [read] uri: /v1.0/process-instances/reports/* + manage-procurement-admin: groups: ["Project Lead"] users: [] @@ -136,65 +142,41 @@ permissions: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* - finance-admin-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* - finance-admin-models: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* - finance-admin-models-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* - finance-admin-instances: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* - finance-admin-instances-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:* - core-admin: - groups: ["core-contributor"] + demo-models-instantiate-vendor-block: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* - core-admin-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-block/process-instances + demo-models-instantiate-vendor-change: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* - core-admin-models: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-change/process-instances + demo-models-instantiate-vendor-creation: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* - core-admin-models-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances + demo-models-instantiate-vendor-core-invoice_appoval: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances + core-admin-models-instantiate: groups: ["core-contributor"] users: [] allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances core-admin-instances: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-instances-slash: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/*