added script to get all permissions for the confirmation page when adding permissions from a process model w/ burnettk

This commit is contained in:
jasquat 2022-12-22 12:20:34 -05:00
parent 5522100bfc
commit a855df858b
4 changed files with 204 additions and 99 deletions

View File

@ -74,98 +74,98 @@ permissions:
users: []
allowed_permissions: [create, read, update, delete]
uri: /*
# admin-readonly:
# groups: [admin-ro]
# users: []
# allowed_permissions: [read]
# uri: /*
# admin-process-instances-for-readonly:
# groups: [admin-ro]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /process-instances/*
#
# tasks-crud:
# groups: [everybody]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /tasks/*
# service-tasks:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /service-tasks
# user-groups-for-current-user:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /user-groups/for-current-user
#
# # read all for everybody
# read-all-process-groups:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /process-groups/*
# read-all-process-models:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /process-models/*
# read-all-process-instances-for-me:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /process-instances/for-me/*
# read-process-instance-reports:
# groups: [everybody]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /process-instances/reports/*
# processes-read:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /processes
#
#
# finance-admin:
# groups: ["Finance Team"]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /process-groups/manage-procurement:procurement:*
#
# manage-revenue-streams-instances:
# groups: ["core-contributor", "demo"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
#
# manage-procurement-invoice-instances:
# groups: ["core-contributor", "demo"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
#
# manage-procurement-instances:
# groups: ["core-contributor", "demo"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
#
# create-test-instances:
# groups: ["test"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/misc:test:*
#
# core1-admin-instances:
# groups: ["core-contributor", "Finance Team"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/misc:category_number_one:process-model-with-form:*
# core1-admin-instances-slash:
# groups: ["core-contributor", "Finance Team"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/misc:category_number_one:process-model-with-form/*
admin-readonly:
groups: [admin-ro]
users: []
allowed_permissions: [read]
uri: /*
admin-process-instances-for-readonly:
groups: [admin-ro]
users: []
allowed_permissions: [create, read, update, delete]
uri: /process-instances/*
tasks-crud:
groups: [everybody]
users: []
allowed_permissions: [create, read, update, delete]
uri: /tasks/*
service-tasks:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /service-tasks
user-groups-for-current-user:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /user-groups/for-current-user
# read all for everybody
read-all-process-groups:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /process-groups/*
read-all-process-models:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /process-models/*
read-all-process-instances-for-me:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /process-instances/for-me/*
read-process-instance-reports:
groups: [everybody]
users: []
allowed_permissions: [create, read, update, delete]
uri: /process-instances/reports/*
processes-read:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /processes
finance-admin:
groups: ["Finance Team"]
users: []
allowed_permissions: [create, read, update, delete]
uri: /process-groups/manage-procurement:procurement:*
manage-revenue-streams-instances:
groups: ["core-contributor", "demo"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
manage-procurement-invoice-instances:
groups: ["core-contributor", "demo"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
manage-procurement-instances:
groups: ["core-contributor", "demo"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
create-test-instances:
groups: ["test"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/misc:test:*
core1-admin-instances:
groups: ["core-contributor", "Finance Team"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/misc:category_number_one:process-model-with-form:*
core1-admin-instances-slash:
groups: ["core-contributor", "Finance Team"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/misc:category_number_one:process-model-with-form/*

View File

@ -28,8 +28,6 @@ class AddPermission(Script):
allowed_permission = args[0]
uri = args[1]
group_identifier = args[2]
group = GroupService.find_or_create_group(group_identifier)
target = AuthorizationService.find_or_create_permission_target(uri)
AuthorizationService.create_permission_for_principal(
group.principal, target, allowed_permission
AuthorizationService.add_permission_from_uri_or_macro(
group_identifier=group_identifier, target=uri, permission=allowed_permission
)

View File

@ -0,0 +1,52 @@
"""Get_env."""
from typing import Any, Set
from typing import Union
from spiffworkflow_backend.models.group import GroupModel
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
from spiffworkflow_backend.models.principal import PrincipalModel
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
from spiffworkflow_backend.models.script_attributes_context import (
ScriptAttributesContext,
)
from spiffworkflow_backend.scripts.script import Script
from spiffworkflow_backend.services.authorization_service import AuthorizationService
from spiffworkflow_backend.services.group_service import GroupService
from collections import OrderedDict
# add_permission("read", "test/*", "Editors")
class GetAllPermissions(Script):
def get_description(self) -> str:
"""Get_description."""
return """Get all permissions currently in the system."""
def run(
self,
script_attributes_context: ScriptAttributesContext,
*args: Any,
**kwargs: Any,
) -> Any:
"""Run."""
permission_assignments = (
PermissionAssignmentModel.query
.join(PrincipalModel, PrincipalModel.id == PermissionAssignmentModel.principal_id)
.join(GroupModel, GroupModel.id == PrincipalModel.group_id)
.join(PermissionTargetModel, PermissionTargetModel.id == PermissionAssignmentModel.permission_target_id)
.add_columns(
PermissionAssignmentModel.permission,
PermissionTargetModel.uri,
GroupModel.identifier.label('group_identifier')
)
)
permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict()
for pa in permission_assignments:
permissions.setdefault((pa.group_identifier, pa.uri), []).append(pa.permission)
return [{'group_identifier': k[0], 'uri': k[1], 'permissions': sorted(v)}
for k, v in permissions.items()]

View File

@ -0,0 +1,55 @@
"""Test_get_localtime."""
import pytest
from flask.app import Flask
from flask.testing import FlaskClient
from flask_bpmn.api.api_error import ApiError
from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
from tests.spiffworkflow_backend.helpers.test_data import load_test_spec
from spiffworkflow_backend.models.group import GroupModel
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
from spiffworkflow_backend.models.script_attributes_context import (
ScriptAttributesContext,
)
from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.scripts.add_permission import AddPermission
from spiffworkflow_backend.services.process_instance_processor import (
ProcessInstanceProcessor,
)
class TestGetAllPermissions(BaseTest):
def test_can_get_all_permissions(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
self.find_or_create_user("test_user")
# now that we have everything, try to clear it out...
script_attributes_context = ScriptAttributesContext(
task=None,
environment_identifier="testing",
process_instance_id=1,
process_model_identifier="my_test_user",
)
AddPermission().run(
script_attributes_context, "start", "PG:hey:group", "my_test_group"
)
AddPermission().run(
script_attributes_context, "all", "/tasks", "my_test_group"
)
expected_permissions = [
{'group_identifier': 'my_test_group', 'uri': '/process-instances/hey:group:%', 'permissions': ['create']},
{'group_identifier': 'my_test_group', 'uri': '/process-instances/for-me/hey:group:%', 'permissions': ['read']},
{'group_identifier': 'my_test_group', 'uri': '/tasks', 'permissions': ['create', 'delete', 'read', 'update']}
]
permissions = GetAllPermissions().run(script_attributes_context)
assert permissions == expected_permissions