pyl w/ burnettk

2022-12-22 12:32:26 -05:00 · 2022-12-22 12:32:26 -05:00 · ff61026ff5
parent a855df858b
commit ff61026ff5
4 changed files with 49 additions and 42 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/add_permission.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/add_permission.py
@ -6,7 +6,6 @@ from spiffworkflow_backend.models.script_attributes_context import (
 )
 from spiffworkflow_backend.scripts.script import Script
 from spiffworkflow_backend.services.authorization_service import AuthorizationService
-from spiffworkflow_backend.services.group_service import GroupService

 # add_permission("read", "test/*", "Editors")

--- a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_all_permissions.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_all_permissions.py
@ -1,25 +1,22 @@
 """Get_env."""
-from typing import Any, Set
-from typing import Union
+from collections import OrderedDict
+from typing import Any
+
 from spiffworkflow_backend.models.group import GroupModel
+from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
 from spiffworkflow_backend.models.permission_target import PermissionTargetModel
 from spiffworkflow_backend.models.principal import PrincipalModel
-from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
-
 from spiffworkflow_backend.models.script_attributes_context import (
    ScriptAttributesContext,
 )
 from spiffworkflow_backend.scripts.script import Script
-from spiffworkflow_backend.services.authorization_service import AuthorizationService
-from spiffworkflow_backend.services.group_service import GroupService
-
-from collections import OrderedDict


 # add_permission("read", "test/*", "Editors")


 class GetAllPermissions(Script):
+    """GetAllPermissions."""

    def get_description(self) -> str:
        """Get_description."""
@ -33,20 +30,30 @@ class GetAllPermissions(Script):
    ) -> Any:
        """Run."""
        permission_assignments = (
-            PermissionAssignmentModel.query
-            .join(PrincipalModel, PrincipalModel.id == PermissionAssignmentModel.principal_id)
+            PermissionAssignmentModel.query.join(
+                PrincipalModel,
+                PrincipalModel.id == PermissionAssignmentModel.principal_id,
+            )
            .join(GroupModel, GroupModel.id == PrincipalModel.group_id)
-            .join(PermissionTargetModel, PermissionTargetModel.id == PermissionAssignmentModel.permission_target_id)
+            .join(
+                PermissionTargetModel,
+                PermissionTargetModel.id
+                == PermissionAssignmentModel.permission_target_id,
+            )
            .add_columns(
                PermissionAssignmentModel.permission,
                PermissionTargetModel.uri,
-                GroupModel.identifier.label('group_identifier')
+                GroupModel.identifier.label("group_identifier"),
            )
        )

        permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict()
        for pa in permission_assignments:
-            permissions.setdefault((pa.group_identifier, pa.uri), []).append(pa.permission)
+            permissions.setdefault((pa.group_identifier, pa.uri), []).append(
+                pa.permission
+            )

-        return [{'group_identifier': k[0], 'uri': k[1], 'permissions': sorted(v)}
-                for k, v in permissions.items()]
+        return [
+            {"group_identifier": k[0], "uri": k[1], "permissions": sorted(v)}
+            for k, v in permissions.items()
+        ]
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py
@ -1,26 +1,18 @@
 """Test_get_localtime."""
-import pytest
 from flask.app import Flask
 from flask.testing import FlaskClient
-from flask_bpmn.api.api_error import ApiError
-from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
 from tests.spiffworkflow_backend.helpers.base_test import BaseTest
-from tests.spiffworkflow_backend.helpers.test_data import load_test_spec

-from spiffworkflow_backend.models.group import GroupModel
-from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
-from spiffworkflow_backend.models.permission_target import PermissionTargetModel
 from spiffworkflow_backend.models.script_attributes_context import (
    ScriptAttributesContext,
 )
 from spiffworkflow_backend.models.user import UserModel
 from spiffworkflow_backend.scripts.add_permission import AddPermission
-from spiffworkflow_backend.services.process_instance_processor import (
-    ProcessInstanceProcessor,
-)
+from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions


 class TestGetAllPermissions(BaseTest):
+    """TestGetAllPermissions."""

    def test_can_get_all_permissions(
        self,
@ -29,6 +21,7 @@ class TestGetAllPermissions(BaseTest):
        with_db_and_bpmn_file_cleanup: None,
        with_super_admin_user: UserModel,
    ) -> None:
+        """Test_can_get_all_permissions."""
        self.find_or_create_user("test_user")

        # now that we have everything, try to clear it out...
@ -41,14 +34,24 @@ class TestGetAllPermissions(BaseTest):
        AddPermission().run(
            script_attributes_context, "start", "PG:hey:group", "my_test_group"
        )
-        AddPermission().run(
-            script_attributes_context, "all", "/tasks", "my_test_group"
-        )
+        AddPermission().run(script_attributes_context, "all", "/tasks", "my_test_group")

        expected_permissions = [
-            {'group_identifier': 'my_test_group', 'uri': '/process-instances/hey:group:%', 'permissions': ['create']},
-            {'group_identifier': 'my_test_group', 'uri': '/process-instances/for-me/hey:group:%', 'permissions': ['read']},
-            {'group_identifier': 'my_test_group', 'uri': '/tasks', 'permissions': ['create', 'delete', 'read', 'update']}
+            {
+                "group_identifier": "my_test_group",
+                "uri": "/process-instances/hey:group:%",
+                "permissions": ["create"],
+            },
+            {
+                "group_identifier": "my_test_group",
+                "uri": "/process-instances/for-me/hey:group:%",
+                "permissions": ["read"],
+            },
+            {
+                "group_identifier": "my_test_group",
+                "uri": "/tasks",
+                "permissions": ["create", "delete", "read", "update"],
+            },
        ]

        permissions = GetAllPermissions().run(script_attributes_context)
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@ -1,7 +1,5 @@
 """Test_message_service."""
 import pytest
-from spiffworkflow_backend.services.group_service import GroupService
-from spiffworkflow_backend.services.user_service import UserService
 from flask import Flask
 from flask.testing import FlaskClient
 from tests.spiffworkflow_backend.helpers.base_test import BaseTest
@ -10,6 +8,7 @@ from spiffworkflow_backend.models.user import UserModel
 from spiffworkflow_backend.models.user import UserNotFoundError
 from spiffworkflow_backend.services.authorization_service import AuthorizationService
 from spiffworkflow_backend.services.authorization_service import InvalidPermissionError
+from spiffworkflow_backend.services.group_service import GroupService
 from spiffworkflow_backend.services.process_instance_processor import (
    ProcessInstanceProcessor,
 )
@ -17,6 +16,7 @@ from spiffworkflow_backend.services.process_instance_service import (
    ProcessInstanceService,
 )
 from spiffworkflow_backend.services.process_model_service import ProcessModelService
+from spiffworkflow_backend.services.user_service import UserService


 class TestAuthorizationService(BaseTest):
@ -400,16 +400,14 @@ class TestAuthorizationService(BaseTest):
        with_db_and_bpmn_file_cleanup: None,
    ) -> None:
        """Test_granting_access_to_group_gives_access_to_group_and_subgroups."""
-        user = self.find_or_create_user(username='user_one')
-        user_group = GroupService.find_or_create_group('group_one')
+        user = self.find_or_create_user(username="user_one")
+        user_group = GroupService.find_or_create_group("group_one")
        UserService.add_user_to_group(user, user_group)
-        AuthorizationService.add_permission_from_uri_or_macro(user_group.identifier, "read", "PG:hey")
-        self.assert_user_has_permission(
-            user, "read", "/v1.0/process-groups/hey"
-        )
-        self.assert_user_has_permission(
-            user, "read", "/v1.0/process-groups/hey:yo"
+        AuthorizationService.add_permission_from_uri_or_macro(
+            user_group.identifier, "read", "PG:hey"
        )
+        self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey")
+        self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey:yo")

    def test_explode_permissions_with_invalid_target_uri(
        self,