use a better var name to check perms against w/ burnettk

2025-02-26 16:10:44 +00:00 · 2023-05-08 14:25:49 -04:00 · 2023-05-08 14:25:49 -04:00 · fcbbb4a22a
commit fcbbb4a22a
parent 1b0f71579b
1 changed files with 9 additions and 2 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_service.py
@ -2,6 +2,7 @@
 import json
 import os
 import shutil
+import uuid
 from glob import glob
 from typing import Any
 from typing import List
@ -222,8 +223,11 @@ class ProcessModelService(FileSystemService):
            permission_base_uri = "/v1.0/process-instances"

        # if user has access to uri/* with that permission then there's no reason to check each one individually
+        guid_of_non_existent_item_to_check_perms_against = str(uuid.uuid4())
        has_permission = AuthorizationService.user_has_permission(
-            user=user, permission=permission_to_check, target_uri=f"{permission_base_uri}/%"
+            user=user,
+            permission=permission_to_check,
+            target_uri=f"{permission_base_uri}/{guid_of_non_existent_item_to_check_perms_against}",
        )
        if has_permission:
            return process_models
@ -286,8 +290,11 @@ class ProcessModelService(FileSystemService):
        user = UserService.current_user()

        # if user has access to uri/* with that permission then there's no reason to check each one individually
+        guid_of_non_existent_item_to_check_perms_against = str(uuid.uuid4())
        has_permission = AuthorizationService.user_has_permission(
-            user=user, permission=permission_to_check, target_uri=f"{permission_base_uri}/%"
+            user=user,
+            permission=permission_to_check,
+            target_uri=f"{permission_base_uri}/{guid_of_non_existent_item_to_check_perms_against}",
        )
        if has_permission:
            return process_groups