From 93ec91148419c576cf58607364cd4e919875e717 Mon Sep 17 00:00:00 2001 From: burnettk Date: Thu, 27 Apr 2023 07:20:52 -0400 Subject: [PATCH] fix permissions for process callers api --- .../src/spiffworkflow_backend/api.yml | 8 ++++---- .../src/spiffworkflow_backend/config/__init__.py | 12 ++++++------ .../spiffworkflow_backend/models/process_instance.py | 6 +++--- .../routes/process_api_blueprint.py | 2 +- .../services/authorization_service.py | 1 + .../services/process_instance_processor.py | 12 ++++++------ .../integration/test_process_api.py | 2 +- .../unit/test_authorization_service.py | 1 + .../src/routes/ProcessModelEditDiagram.tsx | 2 +- 9 files changed, 24 insertions(+), 22 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/api.yml b/spiffworkflow-backend/src/spiffworkflow_backend/api.yml index c37bd3801..b1eb5cc40 100755 --- a/spiffworkflow-backend/src/spiffworkflow_backend/api.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/api.yml @@ -519,16 +519,16 @@ paths: schema: type: string - /processes/{bpmn_process_identifier}/callers: + /processes/callers: parameters: - name: bpmn_process_identifier - in: path + in: query required: true - description: the modified process model id + description: the bpmn process identifier/id (not the name with spaces and not the process model identifier) schema: type: string get: - operationId: spiffworkflow_backend.routes.process_api_blueprint.process_caller_lists + operationId: spiffworkflow_backend.routes.process_api_blueprint.process_caller_list summary: Return a list of information about all processes that call the provided process id tags: diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py index eaf67f6c9..7711c36f9 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py @@ -18,13 +18,13 @@ def setup_database_uri(app: Flask) -> None: if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_URI") is None: database_name = f"spiffworkflow_backend_{app.config['ENV_IDENTIFIER']}" if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "sqlite": - app.config[ - "SQLALCHEMY_DATABASE_URI" - ] = f"sqlite:///{app.instance_path}/db_{app.config['ENV_IDENTIFIER']}.sqlite3" + app.config["SQLALCHEMY_DATABASE_URI"] = ( + f"sqlite:///{app.instance_path}/db_{app.config['ENV_IDENTIFIER']}.sqlite3" + ) elif app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "postgres": - app.config[ - "SQLALCHEMY_DATABASE_URI" - ] = f"postgresql://spiffworkflow_backend:spiffworkflow_backend@localhost:5432/{database_name}" + app.config["SQLALCHEMY_DATABASE_URI"] = ( + f"postgresql://spiffworkflow_backend:spiffworkflow_backend@localhost:5432/{database_name}" + ) else: # use pswd to trick flake8 with hardcoded passwords db_pswd = app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD") diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/models/process_instance.py b/spiffworkflow-backend/src/spiffworkflow_backend/models/process_instance.py index 44fe82764..009a7486e 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/models/process_instance.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/models/process_instance.py @@ -127,9 +127,9 @@ class ProcessInstanceModel(SpiffworkflowBaseDBModel): def serialized_with_metadata(self) -> dict[str, Any]: process_instance_attributes = self.serialized process_instance_attributes["process_metadata"] = self.process_metadata - process_instance_attributes[ - "process_model_with_diagram_identifier" - ] = self.process_model_with_diagram_identifier + process_instance_attributes["process_model_with_diagram_identifier"] = ( + self.process_model_with_diagram_identifier + ) return process_instance_attributes @property diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py index 6c3c361f1..0543d9bc1 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py @@ -78,7 +78,7 @@ def process_list() -> Any: return SpecReferenceSchema(many=True).dump(references) -def process_caller_lists(bpmn_process_identifier: str) -> Any: +def process_caller_list(bpmn_process_identifier: str) -> Any: callers = ProcessCallerService.callers(bpmn_process_identifier) references = ( SpecReferenceCache.query.filter_by(type="process").filter(SpecReferenceCache.identifier.in_(callers)).all() diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index fbbf367ea..85bb6fdaf 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -572,6 +572,7 @@ class AuthorizationService: permissions_to_assign: list[PermissionToAssign] = [] permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-instances/for-me")) permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/processes")) + permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/processes/callers")) permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/service-tasks")) permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/user-groups/for-current-user")) permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/users/exists/by-username")) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py index 017d9e79c..45d27509c 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py @@ -423,9 +423,9 @@ class ProcessInstanceProcessor: tld.process_instance_id = process_instance_model.id # we want this to be the fully qualified path to the process model including all group subcomponents - current_app.config[ - "THREAD_LOCAL_DATA" - ].process_model_identifier = f"{process_instance_model.process_model_identifier}" + current_app.config["THREAD_LOCAL_DATA"].process_model_identifier = ( + f"{process_instance_model.process_model_identifier}" + ) self.process_instance_model = process_instance_model self.process_model_service = ProcessModelService() @@ -585,9 +585,9 @@ class ProcessInstanceProcessor: bpmn_subprocess_definition.bpmn_identifier ] = bpmn_process_definition_dict spiff_bpmn_process_dict["subprocess_specs"][bpmn_subprocess_definition.bpmn_identifier]["task_specs"] = {} - bpmn_subprocess_definition_bpmn_identifiers[ - bpmn_subprocess_definition.id - ] = bpmn_subprocess_definition.bpmn_identifier + bpmn_subprocess_definition_bpmn_identifiers[bpmn_subprocess_definition.id] = ( + bpmn_subprocess_definition.bpmn_identifier + ) task_definitions = TaskDefinitionModel.query.filter( TaskDefinitionModel.bpmn_process_definition_id.in_( # type: ignore diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_process_api.py b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_process_api.py index 06a9f8d38..fa49cac07 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_process_api.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_process_api.py @@ -591,7 +591,7 @@ class TestProcessApi(BaseTest): # get the results response = client.get( - "/v1.0/processes/Level2/callers", + "/v1.0/processes/callers?bpmn_process_identifier=Level2", headers=self.logged_in_headers(with_super_admin_user), ) assert response.json is not None diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py index 2dd4de8d3..d0c3a5014 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -296,6 +296,7 @@ class TestAuthorizationService(BaseTest): ("/process-instances/reports/*", "read"), ("/process-instances/reports/*", "update"), ("/processes", "read"), + ("/processes/callers", "read"), ("/service-tasks", "read"), ("/tasks/*", "create"), ("/tasks/*", "delete"), diff --git a/spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx b/spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx index 6e17c873a..c82bc7a2f 100644 --- a/spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx +++ b/spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx @@ -168,7 +168,7 @@ export default function ProcessModelEditDiagram() { useEffect(() => { if (processModel !== null) { HttpService.makeCallToBackend({ - path: `/processes/${processModel.primary_process_id}/callers`, + path: `/processes/callers?bpmn_process_identifier=${processModel.primary_process_id}`, successCallback: setCallers, }); }