From b9fbedc63c708282a6ccb157b1e635060f162842 Mon Sep 17 00:00:00 2001
From: Dan <daniel.h.funk@gmail.com>
Date: Thu, 1 Dec 2022 13:29:57 -0500
Subject: [PATCH] Adding a demo permissions file.

---
 .../config/permissions/demo.yml               | 88 +++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/demo.yml

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/demo.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/demo.yml
new file mode 100644
index 000000000..79bfed81d
--- /dev/null
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/demo.yml
@@ -0,0 +1,88 @@
+default_group: everybody
+
+users:
+  admin:
+    email: admin@spiffworkflow.org
+    password: admin
+    preferred_username: Admin
+  nelson:
+    email: nelson@spiffworkflow.org
+    password: nelson
+    preferred_username: Nelson
+  malala:
+    email: malala@spiffworkflow.org
+    password: malala
+    preferred_username: Malala
+
+groups:
+  admin:
+    users:
+      [
+        admin,
+      ]
+  Education:
+    users:
+      [
+        malala
+      ]
+  President:
+    users:
+      [
+        nelson
+      ]
+
+permissions:
+  # Admins have access to everything.
+  admin:
+    groups: [admin]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /*
+
+  # Everybody can participate in tasks assigned to them.
+  tasks-crud:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /v1.0/tasks/*
+
+  # Everyone can see everything (all groups, and processes are visible)
+  read-all-process-groups:
+    groups: [ everybody ]
+    users: [ ]
+    allowed_permissions: [ read ]
+    uri: /v1.0/process-groups/*
+  read-all-process-models:
+    groups: [ everybody ]
+    users: [ ]
+    allowed_permissions: [ read ]
+    uri: /v1.0/process-models/*
+  read-all-process-instance:
+    groups: [ everybody ]
+    users: [ ]
+    allowed_permissions: [ read ]
+    uri: /v1.0/process-instances/*
+  read-process-instance-reports:
+    groups: [ everybody ]
+    users: [ ]
+    allowed_permissions: [ read ]
+    uri: /v1.0/process-instances/reports/*
+  processes-read:
+    groups: [ everybody ]
+    users: [ ]
+    allowed_permissions: [ read ]
+    uri: /v1.0/processes
+
+  # Members of the Education group can change they processes work.
+  education-admin:
+    groups: ["Education", "President"]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /v1.0/process-groups/education:*
+
+  # Anyone can start an education process.
+  education-everybody:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [create, read]
+    uri: /v1.0/process-instances/misc:category_number_one:process-model-with-form/*