changed publish endpoint to precede model id so we can grant publish access but read only to a model otherwise w/ burnettk
This commit is contained in:
parent
9ff0169fd3
commit
83f7849685
|
@ -564,7 +564,7 @@ paths:
|
||||||
schema:
|
schema:
|
||||||
$ref: "#/components/schemas/ProcessModel"
|
$ref: "#/components/schemas/ProcessModel"
|
||||||
|
|
||||||
/process-models/{modified_process_model_identifier}/publish:
|
/process-model-publish/{modified_process_model_identifier}:
|
||||||
parameters:
|
parameters:
|
||||||
- name: modified_process_model_identifier
|
- name: modified_process_model_identifier
|
||||||
in: path
|
in: path
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
groups:
|
||||||
|
admin:
|
||||||
|
users: [admin@spiffworkflow.org]
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
process-groups-ro:
|
||||||
|
groups: [admin]
|
||||||
|
allowed_permissions: [read]
|
||||||
|
uri: PG:ALL
|
||||||
|
basic:
|
||||||
|
groups: [admin]
|
||||||
|
allowed_permissions: [ALL]
|
||||||
|
uri: BASIC
|
||||||
|
elevated-operations:
|
||||||
|
groups: [admin]
|
||||||
|
allowed_permissions: [ALL]
|
||||||
|
uri: ELEVATED
|
||||||
|
process-model-publish:
|
||||||
|
groups: [admin]
|
||||||
|
allowed_permissions: [create]
|
||||||
|
uri: /process-model-publish/*
|
|
@ -75,10 +75,11 @@ PATH_SEGMENTS_FOR_PERMISSION_ALL = [
|
||||||
"path": "/process-instances",
|
"path": "/process-instances",
|
||||||
"relevant_permissions": ["create", "read", "delete"],
|
"relevant_permissions": ["create", "read", "delete"],
|
||||||
},
|
},
|
||||||
{"path": "/process-instance-suspend", "relevant_permissions": ["create"]},
|
|
||||||
{"path": "/process-instance-terminate", "relevant_permissions": ["create"]},
|
|
||||||
{"path": "/process-data", "relevant_permissions": ["read"]},
|
{"path": "/process-data", "relevant_permissions": ["read"]},
|
||||||
{"path": "/process-data-file-download", "relevant_permissions": ["read"]},
|
{"path": "/process-data-file-download", "relevant_permissions": ["read"]},
|
||||||
|
{"path": "/process-instance-suspend", "relevant_permissions": ["create"]},
|
||||||
|
{"path": "/process-instance-terminate", "relevant_permissions": ["create"]},
|
||||||
|
{"path": "/process-model-publish", "relevant_permissions": ["create"]},
|
||||||
{"path": "/task-data", "relevant_permissions": ["read", "update"]},
|
{"path": "/task-data", "relevant_permissions": ["read", "update"]},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -524,6 +525,7 @@ class AuthorizationService:
|
||||||
|
|
||||||
permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/send-event/*"))
|
permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/send-event/*"))
|
||||||
permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/task-complete/*"))
|
permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/task-complete/*"))
|
||||||
|
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/users/search"))
|
||||||
|
|
||||||
# read comes from PG and PM permissions
|
# read comes from PG and PM permissions
|
||||||
permissions_to_assign.append(PermissionToAssign(permission="update", target_uri="/task-data/*"))
|
permissions_to_assign.append(PermissionToAssign(permission="update", target_uri="/task-data/*"))
|
||||||
|
|
|
@ -3033,7 +3033,7 @@ class TestProcessApi(BaseTest):
|
||||||
#
|
#
|
||||||
# # modified_process_model_id = process_model_identifier.replace("/", ":")
|
# # modified_process_model_id = process_model_identifier.replace("/", ":")
|
||||||
# # response = client.post(
|
# # response = client.post(
|
||||||
# # f"/v1.0/process-models/{modified_process_model_id}/publish?branch_to_update=staging",
|
# # f"/v1.0/process-model-publish/{modified_process_model_id}?branch_to_update=staging",
|
||||||
# # headers=self.logged_in_headers(with_super_admin_user),
|
# # headers=self.logged_in_headers(with_super_admin_user),
|
||||||
# # )
|
# # )
|
||||||
#
|
#
|
||||||
|
|
|
@ -141,6 +141,7 @@ class TestAuthorizationService(BaseTest):
|
||||||
"delete",
|
"delete",
|
||||||
),
|
),
|
||||||
("/process-instances/some-process-group:some-process-model:*", "read"),
|
("/process-instances/some-process-group:some-process-model:*", "read"),
|
||||||
|
("/process-model-publish/some-process-group:some-process-model:*", "create"),
|
||||||
("/process-models/some-process-group:some-process-model:*", "create"),
|
("/process-models/some-process-group:some-process-model:*", "create"),
|
||||||
("/process-models/some-process-group:some-process-model:*", "delete"),
|
("/process-models/some-process-group:some-process-model:*", "delete"),
|
||||||
("/process-models/some-process-group:some-process-model:*", "read"),
|
("/process-models/some-process-group:some-process-model:*", "read"),
|
||||||
|
@ -194,7 +195,6 @@ class TestAuthorizationService(BaseTest):
|
||||||
client: FlaskClient,
|
client: FlaskClient,
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
) -> None:
|
) -> None:
|
||||||
"""Test_explode_permissions_all_on_process_model."""
|
|
||||||
expected_permissions = sorted(
|
expected_permissions = sorted(
|
||||||
[
|
[
|
||||||
("/event-error-details/some-process-group:some-process-model/*", "read"),
|
("/event-error-details/some-process-group:some-process-model/*", "read"),
|
||||||
|
@ -222,6 +222,7 @@ class TestAuthorizationService(BaseTest):
|
||||||
"delete",
|
"delete",
|
||||||
),
|
),
|
||||||
("/process-instances/some-process-group:some-process-model/*", "read"),
|
("/process-instances/some-process-group:some-process-model/*", "read"),
|
||||||
|
("/process-model-publish/some-process-group:some-process-model/*", "create"),
|
||||||
("/process-models/some-process-group:some-process-model/*", "create"),
|
("/process-models/some-process-group:some-process-model/*", "create"),
|
||||||
("/process-models/some-process-group:some-process-model/*", "delete"),
|
("/process-models/some-process-group:some-process-model/*", "delete"),
|
||||||
("/process-models/some-process-group:some-process-model/*", "read"),
|
("/process-models/some-process-group:some-process-model/*", "read"),
|
||||||
|
@ -324,6 +325,7 @@ class TestAuthorizationService(BaseTest):
|
||||||
("/send-event/*", "create"),
|
("/send-event/*", "create"),
|
||||||
("/task-complete/*", "create"),
|
("/task-complete/*", "create"),
|
||||||
("/task-data/*", "update"),
|
("/task-data/*", "update"),
|
||||||
|
("/users/search", "read"),
|
||||||
]
|
]
|
||||||
permissions_to_assign = AuthorizationService.explode_permissions("all", "ELEVATED")
|
permissions_to_assign = AuthorizationService.explode_permissions("all", "ELEVATED")
|
||||||
permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign])
|
permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign])
|
||||||
|
|
|
@ -27,7 +27,7 @@ export const useUriListForPermissions = () => {
|
||||||
processModelCreatePath: `/v1.0/process-models/${params.process_group_id}`,
|
processModelCreatePath: `/v1.0/process-models/${params.process_group_id}`,
|
||||||
processModelFileCreatePath: `/v1.0/process-models/${params.process_model_id}/files`,
|
processModelFileCreatePath: `/v1.0/process-models/${params.process_model_id}/files`,
|
||||||
processModelFileShowPath: `/v1.0/process-models/${params.process_model_id}/files/${params.file_name}`,
|
processModelFileShowPath: `/v1.0/process-models/${params.process_model_id}/files/${params.file_name}`,
|
||||||
processModelPublishPath: `/v1.0/process-models/${params.process_model_id}/publish`,
|
processModelPublishPath: `/v1.0/process-model-publish/${params.process_model_id}`,
|
||||||
processModelShowPath: `/v1.0/process-models/${params.process_model_id}`,
|
processModelShowPath: `/v1.0/process-models/${params.process_model_id}`,
|
||||||
secretListPath: `/v1.0/secrets`,
|
secretListPath: `/v1.0/secrets`,
|
||||||
userSearch: `/v1.0/users/search`,
|
userSearch: `/v1.0/users/search`,
|
||||||
|
|
|
@ -214,7 +214,7 @@ export default function ProcessModelShow() {
|
||||||
setPublishDisabled(true);
|
setPublishDisabled(true);
|
||||||
setProcessModelPublished(null);
|
setProcessModelPublished(null);
|
||||||
HttpService.makeCallToBackend({
|
HttpService.makeCallToBackend({
|
||||||
path: `/process-models/${modifiedProcessModelId}/publish`,
|
path: targetUris.processModelPublishPath,
|
||||||
successCallback: postPublish,
|
successCallback: postPublish,
|
||||||
httpMethod: 'POST',
|
httpMethod: 'POST',
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in New Issue