sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated example permissions to use macros and prefer perm absolute path over filename w/ burnettk

This commit is contained in:
jasquat 2023-11-08 16:57:19 -05:00
parent a7c6c22cf3
commit 7b904387fc
2 changed files with 13 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/example.yml
View File

@ -40,43 +40,26 @@ permissions:
# Admins have access to everything.
admin:
groups: [admin]
allowed_permissions: [create, read, update, delete]
allowed_permissions: [all]
uri: /*
# Everybody can participate in tasks assigned to them.
tasks-crud:
# BASIC, PG, PM, are documented at https://spiff-arena.readthedocs.io/en/latest/DevOps_installation_integration/permission_url.html
basic:
groups: [everybody]
allowed_permissions: [create, read, update, delete]
uri: /tasks/*
# Everybody can start all intstances
create-test-instances:
groups: [ everybody ]
allowed_permissions: [ create ]
uri: /process-instances/*
allowed_permissions: [all]
uri: BASIC
# Everyone can see everything (all groups, and processes are visible)
read-all-process-groups:
groups: [ everybody ]
allowed_permissions: [ read ]
uri: /process-groups/*
uri: PG:ALL
read-all-process-models:
groups: [ everybody ]
allowed_permissions: [ read ]
uri: /process-models/*
read-all-process-instance:
uri: PM:ALL
run-all-process-models:
groups: [ everybody ]
allowed_permissions: [ read ]
uri: /process-instances/*
read-process-instance-reports:
groups: [ everybody ]
allowed_permissions: [ read ]
uri: /process-instances/reports/*
processes-read:
groups: [ everybody ]
allowed_permissions: [ read ]
uri: /processes
groups-everybody:
groups: [everybody]
allowed_permissions: [create, read]
uri: /v1.0/user-groups/for-current-user
allowed_permissions: [ start ]
uri: PM:ALL

5
spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View File

@ -732,10 +732,11 @@ class AuthorizationService:
@classmethod
def parse_permissions_yaml_into_group_info(cls) -> list[GroupPermissionsDict]:
if current_app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME"] is None:
if current_app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH"] is None:
raise (
PermissionsFileNotSetError(
"SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME needs to be set in order to import permissions"
"SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_ABSOLUTE_PATH needs to be set in order to import"
" permissions"
)
)