folks who can start instances can also view their logs

This commit is contained in:
burnettk 2023-01-31 17:11:11 -05:00
parent adcb841214
commit cb4429e837
3 changed files with 20 additions and 1 deletions

View File

@ -551,7 +551,9 @@ class AuthorizationService:
permissions_to_assign: list[PermissionToAssign] = [] permissions_to_assign: list[PermissionToAssign] = []
# we were thinking that if you can start an instance, you ought to be able to view your own instances. # we were thinking that if you can start an instance, you ought to be able to:
# 1. view your own instances.
# 2. view the logs for these instances.
if permission_set == "start": if permission_set == "start":
target_uri = f"/process-instances/{process_related_path_segment}" target_uri = f"/process-instances/{process_related_path_segment}"
permissions_to_assign.append( permissions_to_assign.append(
@ -561,6 +563,10 @@ class AuthorizationService:
permissions_to_assign.append( permissions_to_assign.append(
PermissionToAssign(permission="read", target_uri=target_uri) PermissionToAssign(permission="read", target_uri=target_uri)
) )
target_uri = f"/logs/{process_related_path_segment}"
permissions_to_assign.append(
PermissionToAssign(permission="read", target_uri=target_uri)
)
else: else:
if permission_set == "all": if permission_set == "all":

View File

@ -41,6 +41,11 @@ class TestGetAllPermissions(BaseTest):
) )
expected_permissions = [ expected_permissions = [
{
"group_identifier": "my_test_group",
"uri": "/logs/hey:group:*",
"permissions": ["read"],
},
{ {
"group_identifier": "my_test_group", "group_identifier": "my_test_group",
"uri": "/process-instances/hey:group:*", "uri": "/process-instances/hey:group:*",

View File

@ -197,6 +197,10 @@ class TestAuthorizationService(BaseTest):
) -> None: ) -> None:
"""Test_explode_permissions_start_on_process_group.""" """Test_explode_permissions_start_on_process_group."""
expected_permissions = [ expected_permissions = [
(
"/logs/some-process-group:some-process-model:*",
"read",
),
( (
"/process-instances/for-me/some-process-group:some-process-model:*", "/process-instances/for-me/some-process-group:some-process-model:*",
"read", "read",
@ -255,6 +259,10 @@ class TestAuthorizationService(BaseTest):
) -> None: ) -> None:
"""Test_explode_permissions_start_on_process_model.""" """Test_explode_permissions_start_on_process_model."""
expected_permissions = [ expected_permissions = [
(
"/logs/some-process-group:some-process-model/*",
"read",
),
( (
"/process-instances/for-me/some-process-group:some-process-model/*", "/process-instances/for-me/some-process-group:some-process-model/*",
"read", "read",