From 8e6e90d52761341dd410fe86d7023849493071d1 Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Wed, 14 Dec 2022 15:03:22 -0500
Subject: [PATCH] fixed perms for readonly for staging w/ burnettk

---
 .../config/permissions/development.yml        | 19 +++++++++++++++++--
 .../config/permissions/staging.yml            |  2 +-
 .../services/process_model_service.py         |  2 +-
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
index 419c925fa..99790fed7 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
@@ -17,7 +17,6 @@ groups:
         dan,
         mike,
         jason,
-        j,
         jarrad,
         elizabeth,
         jon,
@@ -32,7 +31,6 @@ groups:
         dan,
         mike,
         jason,
-        j,
         amir,
         jarrad,
         elizabeth,
@@ -63,6 +61,12 @@ groups:
         harmeet,
       ]
 
+  admin-ro:
+    users:
+      [
+        j,
+      ]
+
 permissions:
   admin:
     groups: [admin]
@@ -70,6 +74,17 @@ permissions:
     allowed_permissions: [create, read, update, delete]
     uri: /*
 
+  admin-readonly:
+    groups: [admin-ro]
+    users: []
+    allowed_permissions: [read]
+    uri: /*
+  admin-process-instances-for-readonly:
+    groups: [admin-ro]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /v1.0/process-instances/*
+
   tasks-crud:
     groups: [everybody]
     users: []
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml
index 90c157bf1..982b945c6 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml
@@ -67,7 +67,7 @@ permissions:
     groups: [admin]
     users: []
     allowed_permissions: [create, read, update, delete]
-    uri: /process-instances/*
+    uri: /v1.0/process-instances/*
 
   tasks-crud:
     groups: [everybody]
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_service.py
index 964981a85..67be986e1 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_service.py
@@ -223,7 +223,7 @@ class ProcessModelService(FileSystemService):
             user = UserService.current_user()
             new_process_model_list = []
             for process_model in process_models:
-                uri = f"/v1.0/process-models/{process_model.id.replace('/', ':')}/process-instances"
+                uri = f"/v1.0/process-instances/{process_model.id.replace('/', ':')}"
                 result = AuthorizationService.user_has_permission(
                     user=user, permission="create", target_uri=uri
                 )