sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed slashes to colons in permission macros w/ burnettk

This commit is contained in:
jasquat 2022-12-22 10:34:19 -05:00
parent 99839a3e1b
commit ed2a744502
5 changed files with 156 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
View File

@ -74,98 +74,98 @@ permissions:
users: []
allowed_permissions: [create, read, update, delete]
uri: /*
admin-readonly:
groups: [admin-ro]
users: []
allowed_permissions: [read]
uri: /*
admin-process-instances-for-readonly:
groups: [admin-ro]
users: []
allowed_permissions: [create, read, update, delete]
uri: /process-instances/*
tasks-crud:
groups: [everybody]
users: []
allowed_permissions: [create, read, update, delete]
uri: /tasks/*
service-tasks:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /service-tasks
user-groups-for-current-user:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /user-groups/for-current-user
# read all for everybody
read-all-process-groups:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /process-groups/*
read-all-process-models:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /process-models/*
read-all-process-instances-for-me:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /process-instances/for-me/*
read-process-instance-reports:
groups: [everybody]
users: []
allowed_permissions: [create, read, update, delete]
uri: /process-instances/reports/*
processes-read:
groups: [everybody]
users: []
allowed_permissions: [read]
uri: /processes
finance-admin:
groups: ["Finance Team"]
users: []
allowed_permissions: [create, read, update, delete]
uri: /process-groups/manage-procurement:procurement:*
manage-revenue-streams-instances:
groups: ["core-contributor", "demo"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
manage-procurement-invoice-instances:
groups: ["core-contributor", "demo"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
manage-procurement-instances:
groups: ["core-contributor", "demo"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
create-test-instances:
groups: ["test"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/misc:test:*
core1-admin-instances:
groups: ["core-contributor", "Finance Team"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/misc:category_number_one:process-model-with-form:*
core1-admin-instances-slash:
groups: ["core-contributor", "Finance Team"]
users: []
allowed_permissions: [create, read]
uri: /process-instances/misc:category_number_one:process-model-with-form/*
# admin-readonly:
# groups: [admin-ro]
# users: []
# allowed_permissions: [read]
# uri: /*
# admin-process-instances-for-readonly:
# groups: [admin-ro]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /process-instances/*
#
# tasks-crud:
# groups: [everybody]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /tasks/*
# service-tasks:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /service-tasks
# user-groups-for-current-user:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /user-groups/for-current-user
#
# # read all for everybody
# read-all-process-groups:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /process-groups/*
# read-all-process-models:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /process-models/*
# read-all-process-instances-for-me:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /process-instances/for-me/*
# read-process-instance-reports:
# groups: [everybody]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /process-instances/reports/*
# processes-read:
# groups: [everybody]
# users: []
# allowed_permissions: [read]
# uri: /processes
#
#
# finance-admin:
# groups: ["Finance Team"]
# users: []
# allowed_permissions: [create, read, update, delete]
# uri: /process-groups/manage-procurement:procurement:*
#
# manage-revenue-streams-instances:
# groups: ["core-contributor", "demo"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
#
# manage-procurement-invoice-instances:
# groups: ["core-contributor", "demo"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
#
# manage-procurement-instances:
# groups: ["core-contributor", "demo"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
#
# create-test-instances:
# groups: ["test"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/misc:test:*
#
# core1-admin-instances:
# groups: ["core-contributor", "Finance Team"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/misc:category_number_one:process-model-with-form:*
# core1-admin-instances-slash:
# groups: ["core-contributor", "Finance Team"]
# users: []
# allowed_permissions: [create, read]
# uri: /process-instances/misc:category_number_one:process-model-with-form/*

2
spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/testing.yml
View File

@ -21,7 +21,7 @@ permissions:
admin:
groups: [admin]
users: []
allowed_permissions: [create, read, update, delete, list, instantiate]
allowed_permissions: [create, read, update, delete]
uri: /*
read-all:

8
spiffworkflow-backend/src/spiffworkflow_backend/models/permission_assignment.py
View File

@ -32,14 +32,6 @@ class Permission(enum.Enum):
update = "update"
delete = "delete"
# maybe read to GET process_model/process-instances instead?
list = "list"
# maybe use create instead on
# POST http://localhost:7000/v1.0/process-models/category_number_one/call-activity/process-instances/*
# POST http://localhost:7000/v1.0/process-models/category_number_one/call-activity/process-instances/332/run
instantiate = "instantiate" # this is something you do to a process model
class PermissionAssignmentModel(SpiffworkflowBaseDBModel):
"""PermissionAssignmentModel."""

8
spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View File

@ -112,7 +112,7 @@ class AuthorizationService:
# to check for exact matches as well
# see test_user_can_access_base_path_when_given_wildcard_permission unit test
text(
f"'{target_uri_normalized}' = replace(permission_target.uri, '/%', '')"
f"'{target_uri_normalized}' = replace(replace(permission_target.uri, '/%', ''), ':%', '')"
),
)
)
@ -605,9 +605,9 @@ class AuthorizationService:
if target.startswith("PG:"):
process_group_identifier = (
target.removeprefix("PG:").replace(":", "/").removeprefix("/")
target.removeprefix("PG:").replace("/", ":").removeprefix(":")
)
process_related_path_segment = f"{process_group_identifier}/*"
process_related_path_segment = f"{process_group_identifier}:*"
if process_group_identifier == "ALL":
process_related_path_segment = "*"
target_uris = [
@ -623,7 +623,7 @@ class AuthorizationService:
elif target.startswith("PM:"):
process_model_identifier = (
target.removeprefix("PM:").replace(":", "/").removeprefix("/")
target.removeprefix("PM:").replace("/", ":").removeprefix(":")
)
process_related_path_segment = f"{process_model_identifier}/*"

112
spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
View File

@ -154,58 +154,58 @@ class TestAuthorizationService(BaseTest):
) -> None:
"""Test_explode_permissions_all_on_process_group."""
expected_permissions = [
("/logs/some-process-group/some-process-model/*", "create"),
("/logs/some-process-group/some-process-model/*", "delete"),
("/logs/some-process-group/some-process-model/*", "read"),
("/logs/some-process-group/some-process-model/*", "update"),
("/process-groups/some-process-group/some-process-model/*", "create"),
("/process-groups/some-process-group/some-process-model/*", "delete"),
("/process-groups/some-process-group/some-process-model/*", "read"),
("/process-groups/some-process-group/some-process-model/*", "update"),
("/logs/some-process-group:some-process-model:*", "create"),
("/logs/some-process-group:some-process-model:*", "delete"),
("/logs/some-process-group:some-process-model:*", "read"),
("/logs/some-process-group:some-process-model:*", "update"),
("/process-groups/some-process-group:some-process-model:*", "create"),
("/process-groups/some-process-group:some-process-model:*", "delete"),
("/process-groups/some-process-group:some-process-model:*", "read"),
("/process-groups/some-process-group:some-process-model:*", "update"),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model:*",
"create",
),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model:*",
"delete",
),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model:*",
"read",
),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model:*",
"update",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model:*",
"create",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model:*",
"delete",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model:*",
"read",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model:*",
"update",
),
("/process-instances/some-process-group/some-process-model/*", "create"),
("/process-instances/some-process-group/some-process-model/*", "delete"),
("/process-instances/some-process-group/some-process-model/*", "read"),
("/process-instances/some-process-group/some-process-model/*", "update"),
("/process-models/some-process-group/some-process-model/*", "create"),
("/process-models/some-process-group/some-process-model/*", "delete"),
("/process-models/some-process-group/some-process-model/*", "read"),
("/process-models/some-process-group/some-process-model/*", "update"),
("/task-data/some-process-group/some-process-model/*", "create"),
("/task-data/some-process-group/some-process-model/*", "delete"),
("/task-data/some-process-group/some-process-model/*", "read"),
("/task-data/some-process-group/some-process-model/*", "update"),
("/process-instances/some-process-group:some-process-model:*", "create"),
("/process-instances/some-process-group:some-process-model:*", "delete"),
("/process-instances/some-process-group:some-process-model:*", "read"),
("/process-instances/some-process-group:some-process-model:*", "update"),
("/process-models/some-process-group:some-process-model:*", "create"),
("/process-models/some-process-group:some-process-model:*", "delete"),
("/process-models/some-process-group:some-process-model:*", "read"),
("/process-models/some-process-group:some-process-model:*", "update"),
("/task-data/some-process-group:some-process-model:*", "create"),
("/task-data/some-process-group:some-process-model:*", "delete"),
("/task-data/some-process-group:some-process-model:*", "read"),
("/task-data/some-process-group:some-process-model:*", "update"),
]
permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PG:/some-process-group/some-process-model"
@ -224,10 +224,10 @@ class TestAuthorizationService(BaseTest):
"""Test_explode_permissions_start_on_process_group."""
expected_permissions = [
(
"/process-instances/for-me/some-process-group/some-process-model/*",
"/process-instances/for-me/some-process-group:some-process-model:*",
"read",
),
("/process-instances/some-process-group/some-process-model/*", "create"),
("/process-instances/some-process-group:some-process-model:*", "create"),
]
permissions_to_assign = AuthorizationService.explode_permissions(
"start", "PG:/some-process-group/some-process-model"
@ -245,54 +245,54 @@ class TestAuthorizationService(BaseTest):
) -> None:
"""Test_explode_permissions_all_on_process_model."""
expected_permissions = [
("/logs/some-process-group/some-process-model/*", "create"),
("/logs/some-process-group/some-process-model/*", "delete"),
("/logs/some-process-group/some-process-model/*", "read"),
("/logs/some-process-group/some-process-model/*", "update"),
("/logs/some-process-group:some-process-model/*", "create"),
("/logs/some-process-group:some-process-model/*", "delete"),
("/logs/some-process-group:some-process-model/*", "read"),
("/logs/some-process-group:some-process-model/*", "update"),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model/*",
"create",
),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model/*",
"delete",
),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model/*",
"read",
),
(
"/process-instance-suspend/some-process-group/some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model/*",
"update",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model/*",
"create",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model/*",
"delete",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model/*",
"read",
),
(
"/process-instance-terminate/some-process-group/some-process-model/*",
"/process-instance-terminate/some-process-group:some-process-model/*",
"update",
),
("/process-instances/some-process-group/some-process-model/*", "create"),
("/process-instances/some-process-group/some-process-model/*", "delete"),
("/process-instances/some-process-group/some-process-model/*", "read"),
("/process-instances/some-process-group/some-process-model/*", "update"),
("/process-models/some-process-group/some-process-model/*", "create"),
("/process-models/some-process-group/some-process-model/*", "delete"),
("/process-models/some-process-group/some-process-model/*", "read"),
("/process-models/some-process-group/some-process-model/*", "update"),
("/task-data/some-process-group/some-process-model/*", "create"),
("/task-data/some-process-group/some-process-model/*", "delete"),
("/task-data/some-process-group/some-process-model/*", "read"),
("/task-data/some-process-group/some-process-model/*", "update"),
("/process-instances/some-process-group:some-process-model/*", "create"),
("/process-instances/some-process-group:some-process-model/*", "delete"),
("/process-instances/some-process-group:some-process-model/*", "read"),
("/process-instances/some-process-group:some-process-model/*", "update"),
("/process-models/some-process-group:some-process-model/*", "create"),
("/process-models/some-process-group:some-process-model/*", "delete"),
("/process-models/some-process-group:some-process-model/*", "read"),
("/process-models/some-process-group:some-process-model/*", "update"),
("/task-data/some-process-group:some-process-model/*", "create"),
("/task-data/some-process-group:some-process-model/*", "delete"),
("/task-data/some-process-group:some-process-model/*", "read"),
("/task-data/some-process-group:some-process-model/*", "update"),
]
permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PM:/some-process-group/some-process-model"
@ -311,10 +311,10 @@ class TestAuthorizationService(BaseTest):
"""Test_explode_permissions_start_on_process_model."""
expected_permissions = [
(
"/process-instances/for-me/some-process-group/some-process-model/*",
"/process-instances/for-me/some-process-group:some-process-model/*",
"read",
),
("/process-instances/some-process-group/some-process-model/*", "create"),
("/process-instances/some-process-group:some-process-model/*", "create"),
]
permissions_to_assign = AuthorizationService.explode_permissions(
"start", "PM:/some-process-group/some-process-model"