fix permissions for process callers api

2025-02-22 22:28:15 +00:00 · 2023-04-27 07:20:52 -04:00 · 2023-04-27 07:20:52 -04:00 · c7b69e0fd9
commit c7b69e0fd9
parent 451bc4bbc9
9 changed files with 24 additions and 22 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/api.yml
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/api.yml
@ -519,16 +519,16 @@ paths:
              schema:
                type: string

-  /processes/{bpmn_process_identifier}/callers:
+  /processes/callers:
    parameters:
      - name: bpmn_process_identifier
-        in: path
+        in: query
        required: true
-        description: the modified process model id
+        description: the bpmn process identifier/id (not the name with spaces and not the process model identifier)
        schema:
          type: string
    get:
-      operationId: spiffworkflow_backend.routes.process_api_blueprint.process_caller_lists
+      operationId: spiffworkflow_backend.routes.process_api_blueprint.process_caller_list
      summary:
        Return a list of information about all processes that call the provided process id
      tags:
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/init.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/init.py
@ -18,13 +18,13 @@ def setup_database_uri(app: Flask) -> None:
    if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_URI") is None:
        database_name = f"spiffworkflow_backend_{app.config['ENV_IDENTIFIER']}"
        if app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "sqlite":
-            app.config[
-                "SQLALCHEMY_DATABASE_URI"
-            ] = f"sqlite:///{app.instance_path}/db_{app.config['ENV_IDENTIFIER']}.sqlite3"
+            app.config["SQLALCHEMY_DATABASE_URI"] = (
+                f"sqlite:///{app.instance_path}/db_{app.config['ENV_IDENTIFIER']}.sqlite3"
+            )
        elif app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_TYPE") == "postgres":
-            app.config[
-                "SQLALCHEMY_DATABASE_URI"
-            ] = f"postgresql://spiffworkflow_backend:spiffworkflow_backend@localhost:5432/{database_name}"
+            app.config["SQLALCHEMY_DATABASE_URI"] = (
+                f"postgresql://spiffworkflow_backend:spiffworkflow_backend@localhost:5432/{database_name}"
+            )
        else:
            # use pswd to trick flake8 with hardcoded passwords
            db_pswd = app.config.get("SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD")
--- a/spiffworkflow-backend/src/spiffworkflow_backend/models/process_instance.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/models/process_instance.py
@ -127,9 +127,9 @@ class ProcessInstanceModel(SpiffworkflowBaseDBModel):
    def serialized_with_metadata(self) -> dict[str, Any]:
        process_instance_attributes = self.serialized
        process_instance_attributes["process_metadata"] = self.process_metadata
-        process_instance_attributes[
-            "process_model_with_diagram_identifier"
-        ] = self.process_model_with_diagram_identifier
+        process_instance_attributes["process_model_with_diagram_identifier"] = (
+            self.process_model_with_diagram_identifier
+        )
        return process_instance_attributes

    @property
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py
@ -78,7 +78,7 @@ def process_list() -> Any:
    return SpecReferenceSchema(many=True).dump(references)


-def process_caller_lists(bpmn_process_identifier: str) -> Any:
+def process_caller_list(bpmn_process_identifier: str) -> Any:
    callers = ProcessCallerService.callers(bpmn_process_identifier)
    references = (
        SpecReferenceCache.query.filter_by(type="process").filter(SpecReferenceCache.identifier.in_(callers)).all()
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@ -572,6 +572,7 @@ class AuthorizationService:
        permissions_to_assign: list[PermissionToAssign] = []
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-instances/for-me"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/processes"))
+        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/processes/callers"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/service-tasks"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/user-groups/for-current-user"))
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/users/exists/by-username"))
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_instance_processor.py
@ -423,9 +423,9 @@ class ProcessInstanceProcessor:
        tld.process_instance_id = process_instance_model.id

        # we want this to be the fully qualified path to the process model including all group subcomponents
-        current_app.config[
-            "THREAD_LOCAL_DATA"
-        ].process_model_identifier = f"{process_instance_model.process_model_identifier}"
+        current_app.config["THREAD_LOCAL_DATA"].process_model_identifier = (
+            f"{process_instance_model.process_model_identifier}"
+        )

        self.process_instance_model = process_instance_model
        self.process_model_service = ProcessModelService()
@ -585,9 +585,9 @@ class ProcessInstanceProcessor:
                bpmn_subprocess_definition.bpmn_identifier
            ] = bpmn_process_definition_dict
            spiff_bpmn_process_dict["subprocess_specs"][bpmn_subprocess_definition.bpmn_identifier]["task_specs"] = {}
-            bpmn_subprocess_definition_bpmn_identifiers[
-                bpmn_subprocess_definition.id
-            ] = bpmn_subprocess_definition.bpmn_identifier
+            bpmn_subprocess_definition_bpmn_identifiers[bpmn_subprocess_definition.id] = (
+                bpmn_subprocess_definition.bpmn_identifier
+            )

        task_definitions = TaskDefinitionModel.query.filter(
            TaskDefinitionModel.bpmn_process_definition_id.in_(  # type: ignore
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_process_api.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_process_api.py
@ -591,7 +591,7 @@ class TestProcessApi(BaseTest):

        # get the results
        response = client.get(
-            "/v1.0/processes/Level2/callers",
+            "/v1.0/processes/callers?bpmn_process_identifier=Level2",
            headers=self.logged_in_headers(with_super_admin_user),
        )
        assert response.json is not None
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@ -296,6 +296,7 @@ class TestAuthorizationService(BaseTest):
            ("/process-instances/reports/*", "read"),
            ("/process-instances/reports/*", "update"),
            ("/processes", "read"),
+            ("/processes/callers", "read"),
            ("/service-tasks", "read"),
            ("/tasks/*", "create"),
            ("/tasks/*", "delete"),
--- a/spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx
+++ b/spiffworkflow-frontend/src/routes/ProcessModelEditDiagram.tsx
@ -168,7 +168,7 @@ export default function ProcessModelEditDiagram() {
  useEffect(() => {
    if (processModel !== null) {
      HttpService.makeCallToBackend({
-        path: `/processes/${processModel.primary_process_id}/callers`,
+        path: `/processes/callers?bpmn_process_identifier=${processModel.primary_process_id}`,
        successCallback: setCallers,
      });
    }