remove colons as well when checking wildcard permissions and updated test to ensure it works as expected

spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py

@@ -164,9 +164,8 @@ class AuthorizationService:
     @classmethod
     def target_uri_matches_actual_uri(cls, target_uri: str, actual_uri: str) -> bool:
         if target_uri.endswith("%"):
-            return actual_uri.startswith(target_uri.removesuffix("%")) or actual_uri == target_uri.removesuffix(
-                "%"
-            ).removesuffix("/")
+            target_uri_without_suffix = target_uri.removesuffix("%").removesuffix(":").removesuffix("/")
+            return actual_uri.startswith(target_uri_without_suffix) or actual_uri == target_uri_without_suffix
         return actual_uri == target_uri
 
     @classmethod

spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_process_api.py

@@ -106,15 +106,20 @@ class TestProcessApi(BaseTest):
         principal = group.principal
         UserService.add_user_to_group(user, group)
         self.add_permissions_to_principal(principal, target_uri="/v1.0/process-groups/%", permission_names=["read"])
+        self.add_permissions_to_principal(
+            principal, target_uri="/v1.0/process-groups/test_group:%", permission_names=["create"]
+        )
         request_body = {
             "requests_to_check": {
                 "/v1.0/process-groups": ["GET", "POST"],
+                "/v1.0/process-groups/test_group": ["GET", "POST"],
                 "/v1.0/process-models": ["GET"],
             }
         }
         expected_response_body = {
             "results": {
                 "/v1.0/process-groups": {"GET": True, "POST": False},
+                "/v1.0/process-groups/test_group": {"GET": True, "POST": True},
                 "/v1.0/process-models": {"GET": False},
             }
         }