folks who can start instances can also view their logs
This commit is contained in:
parent
adcb841214
commit
cb4429e837
|
@ -551,7 +551,9 @@ class AuthorizationService:
|
||||||
|
|
||||||
permissions_to_assign: list[PermissionToAssign] = []
|
permissions_to_assign: list[PermissionToAssign] = []
|
||||||
|
|
||||||
# we were thinking that if you can start an instance, you ought to be able to view your own instances.
|
# we were thinking that if you can start an instance, you ought to be able to:
|
||||||
|
# 1. view your own instances.
|
||||||
|
# 2. view the logs for these instances.
|
||||||
if permission_set == "start":
|
if permission_set == "start":
|
||||||
target_uri = f"/process-instances/{process_related_path_segment}"
|
target_uri = f"/process-instances/{process_related_path_segment}"
|
||||||
permissions_to_assign.append(
|
permissions_to_assign.append(
|
||||||
|
@ -561,6 +563,10 @@ class AuthorizationService:
|
||||||
permissions_to_assign.append(
|
permissions_to_assign.append(
|
||||||
PermissionToAssign(permission="read", target_uri=target_uri)
|
PermissionToAssign(permission="read", target_uri=target_uri)
|
||||||
)
|
)
|
||||||
|
target_uri = f"/logs/{process_related_path_segment}"
|
||||||
|
permissions_to_assign.append(
|
||||||
|
PermissionToAssign(permission="read", target_uri=target_uri)
|
||||||
|
)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
if permission_set == "all":
|
if permission_set == "all":
|
||||||
|
|
|
@ -41,6 +41,11 @@ class TestGetAllPermissions(BaseTest):
|
||||||
)
|
)
|
||||||
|
|
||||||
expected_permissions = [
|
expected_permissions = [
|
||||||
|
{
|
||||||
|
"group_identifier": "my_test_group",
|
||||||
|
"uri": "/logs/hey:group:*",
|
||||||
|
"permissions": ["read"],
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"group_identifier": "my_test_group",
|
"group_identifier": "my_test_group",
|
||||||
"uri": "/process-instances/hey:group:*",
|
"uri": "/process-instances/hey:group:*",
|
||||||
|
|
|
@ -197,6 +197,10 @@ class TestAuthorizationService(BaseTest):
|
||||||
) -> None:
|
) -> None:
|
||||||
"""Test_explode_permissions_start_on_process_group."""
|
"""Test_explode_permissions_start_on_process_group."""
|
||||||
expected_permissions = [
|
expected_permissions = [
|
||||||
|
(
|
||||||
|
"/logs/some-process-group:some-process-model:*",
|
||||||
|
"read",
|
||||||
|
),
|
||||||
(
|
(
|
||||||
"/process-instances/for-me/some-process-group:some-process-model:*",
|
"/process-instances/for-me/some-process-group:some-process-model:*",
|
||||||
"read",
|
"read",
|
||||||
|
@ -255,6 +259,10 @@ class TestAuthorizationService(BaseTest):
|
||||||
) -> None:
|
) -> None:
|
||||||
"""Test_explode_permissions_start_on_process_model."""
|
"""Test_explode_permissions_start_on_process_model."""
|
||||||
expected_permissions = [
|
expected_permissions = [
|
||||||
|
(
|
||||||
|
"/logs/some-process-group:some-process-model/*",
|
||||||
|
"read",
|
||||||
|
),
|
||||||
(
|
(
|
||||||
"/process-instances/for-me/some-process-group:some-process-model/*",
|
"/process-instances/for-me/some-process-group:some-process-model/*",
|
||||||
"read",
|
"read",
|
||||||
|
|
Loading…
Reference in New Issue