changed publish endpoint to precede model id so we can grant publish access but read only to a model otherwise w/ burnettk
This commit is contained in:
parent
9ff0169fd3
commit
83f7849685
|
@ -564,7 +564,7 @@ paths:
|
|||
schema:
|
||||
$ref: "#/components/schemas/ProcessModel"
|
||||
|
||||
/process-models/{modified_process_model_identifier}/publish:
|
||||
/process-model-publish/{modified_process_model_identifier}:
|
||||
parameters:
|
||||
- name: modified_process_model_identifier
|
||||
in: path
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
groups:
|
||||
admin:
|
||||
users: [admin@spiffworkflow.org]
|
||||
|
||||
permissions:
|
||||
process-groups-ro:
|
||||
groups: [admin]
|
||||
allowed_permissions: [read]
|
||||
uri: PG:ALL
|
||||
basic:
|
||||
groups: [admin]
|
||||
allowed_permissions: [ALL]
|
||||
uri: BASIC
|
||||
elevated-operations:
|
||||
groups: [admin]
|
||||
allowed_permissions: [ALL]
|
||||
uri: ELEVATED
|
||||
process-model-publish:
|
||||
groups: [admin]
|
||||
allowed_permissions: [create]
|
||||
uri: /process-model-publish/*
|
|
@ -75,10 +75,11 @@ PATH_SEGMENTS_FOR_PERMISSION_ALL = [
|
|||
"path": "/process-instances",
|
||||
"relevant_permissions": ["create", "read", "delete"],
|
||||
},
|
||||
{"path": "/process-instance-suspend", "relevant_permissions": ["create"]},
|
||||
{"path": "/process-instance-terminate", "relevant_permissions": ["create"]},
|
||||
{"path": "/process-data", "relevant_permissions": ["read"]},
|
||||
{"path": "/process-data-file-download", "relevant_permissions": ["read"]},
|
||||
{"path": "/process-instance-suspend", "relevant_permissions": ["create"]},
|
||||
{"path": "/process-instance-terminate", "relevant_permissions": ["create"]},
|
||||
{"path": "/process-model-publish", "relevant_permissions": ["create"]},
|
||||
{"path": "/task-data", "relevant_permissions": ["read", "update"]},
|
||||
]
|
||||
|
||||
|
@ -524,6 +525,7 @@ class AuthorizationService:
|
|||
|
||||
permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/send-event/*"))
|
||||
permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/task-complete/*"))
|
||||
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/users/search"))
|
||||
|
||||
# read comes from PG and PM permissions
|
||||
permissions_to_assign.append(PermissionToAssign(permission="update", target_uri="/task-data/*"))
|
||||
|
|
|
@ -3033,7 +3033,7 @@ class TestProcessApi(BaseTest):
|
|||
#
|
||||
# # modified_process_model_id = process_model_identifier.replace("/", ":")
|
||||
# # response = client.post(
|
||||
# # f"/v1.0/process-models/{modified_process_model_id}/publish?branch_to_update=staging",
|
||||
# # f"/v1.0/process-model-publish/{modified_process_model_id}?branch_to_update=staging",
|
||||
# # headers=self.logged_in_headers(with_super_admin_user),
|
||||
# # )
|
||||
#
|
||||
|
|
|
@ -141,6 +141,7 @@ class TestAuthorizationService(BaseTest):
|
|||
"delete",
|
||||
),
|
||||
("/process-instances/some-process-group:some-process-model:*", "read"),
|
||||
("/process-model-publish/some-process-group:some-process-model:*", "create"),
|
||||
("/process-models/some-process-group:some-process-model:*", "create"),
|
||||
("/process-models/some-process-group:some-process-model:*", "delete"),
|
||||
("/process-models/some-process-group:some-process-model:*", "read"),
|
||||
|
@ -194,7 +195,6 @@ class TestAuthorizationService(BaseTest):
|
|||
client: FlaskClient,
|
||||
with_db_and_bpmn_file_cleanup: None,
|
||||
) -> None:
|
||||
"""Test_explode_permissions_all_on_process_model."""
|
||||
expected_permissions = sorted(
|
||||
[
|
||||
("/event-error-details/some-process-group:some-process-model/*", "read"),
|
||||
|
@ -222,6 +222,7 @@ class TestAuthorizationService(BaseTest):
|
|||
"delete",
|
||||
),
|
||||
("/process-instances/some-process-group:some-process-model/*", "read"),
|
||||
("/process-model-publish/some-process-group:some-process-model/*", "create"),
|
||||
("/process-models/some-process-group:some-process-model/*", "create"),
|
||||
("/process-models/some-process-group:some-process-model/*", "delete"),
|
||||
("/process-models/some-process-group:some-process-model/*", "read"),
|
||||
|
@ -324,6 +325,7 @@ class TestAuthorizationService(BaseTest):
|
|||
("/send-event/*", "create"),
|
||||
("/task-complete/*", "create"),
|
||||
("/task-data/*", "update"),
|
||||
("/users/search", "read"),
|
||||
]
|
||||
permissions_to_assign = AuthorizationService.explode_permissions("all", "ELEVATED")
|
||||
permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign])
|
||||
|
|
|
@ -27,7 +27,7 @@ export const useUriListForPermissions = () => {
|
|||
processModelCreatePath: `/v1.0/process-models/${params.process_group_id}`,
|
||||
processModelFileCreatePath: `/v1.0/process-models/${params.process_model_id}/files`,
|
||||
processModelFileShowPath: `/v1.0/process-models/${params.process_model_id}/files/${params.file_name}`,
|
||||
processModelPublishPath: `/v1.0/process-models/${params.process_model_id}/publish`,
|
||||
processModelPublishPath: `/v1.0/process-model-publish/${params.process_model_id}`,
|
||||
processModelShowPath: `/v1.0/process-models/${params.process_model_id}`,
|
||||
secretListPath: `/v1.0/secrets`,
|
||||
userSearch: `/v1.0/users/search`,
|
||||
|
|
|
@ -214,7 +214,7 @@ export default function ProcessModelShow() {
|
|||
setPublishDisabled(true);
|
||||
setProcessModelPublished(null);
|
||||
HttpService.makeCallToBackend({
|
||||
path: `/process-models/${modifiedProcessModelId}/publish`,
|
||||
path: targetUris.processModelPublishPath,
|
||||
successCallback: postPublish,
|
||||
httpMethod: 'POST',
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue