From ff61026ff53e0ecbd95ab875e8b29676a85962ad Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 22 Dec 2022 12:32:26 -0500 Subject: [PATCH] pyl w/ burnettk --- .../scripts/add_permission.py | 1 - .../scripts/get_all_permissions.py | 37 +++++++++++-------- .../scripts/test_get_all_permissions.py | 35 ++++++++++-------- .../unit/test_authorization_service.py | 18 ++++----- 4 files changed, 49 insertions(+), 42 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/add_permission.py b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/add_permission.py index ce365fe95..113a92dab 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/add_permission.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/add_permission.py @@ -6,7 +6,6 @@ from spiffworkflow_backend.models.script_attributes_context import ( ) from spiffworkflow_backend.scripts.script import Script from spiffworkflow_backend.services.authorization_service import AuthorizationService -from spiffworkflow_backend.services.group_service import GroupService # add_permission("read", "test/*", "Editors") diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_all_permissions.py b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_all_permissions.py index 5a7d87f9b..83a7e582f 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_all_permissions.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_all_permissions.py @@ -1,25 +1,22 @@ """Get_env.""" -from typing import Any, Set -from typing import Union +from collections import OrderedDict +from typing import Any + from spiffworkflow_backend.models.group import GroupModel +from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel from spiffworkflow_backend.models.permission_target import PermissionTargetModel from spiffworkflow_backend.models.principal import PrincipalModel -from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel - from spiffworkflow_backend.models.script_attributes_context import ( ScriptAttributesContext, ) from spiffworkflow_backend.scripts.script import Script -from spiffworkflow_backend.services.authorization_service import AuthorizationService -from spiffworkflow_backend.services.group_service import GroupService - -from collections import OrderedDict # add_permission("read", "test/*", "Editors") class GetAllPermissions(Script): + """GetAllPermissions.""" def get_description(self) -> str: """Get_description.""" @@ -33,20 +30,30 @@ class GetAllPermissions(Script): ) -> Any: """Run.""" permission_assignments = ( - PermissionAssignmentModel.query - .join(PrincipalModel, PrincipalModel.id == PermissionAssignmentModel.principal_id) + PermissionAssignmentModel.query.join( + PrincipalModel, + PrincipalModel.id == PermissionAssignmentModel.principal_id, + ) .join(GroupModel, GroupModel.id == PrincipalModel.group_id) - .join(PermissionTargetModel, PermissionTargetModel.id == PermissionAssignmentModel.permission_target_id) + .join( + PermissionTargetModel, + PermissionTargetModel.id + == PermissionAssignmentModel.permission_target_id, + ) .add_columns( PermissionAssignmentModel.permission, PermissionTargetModel.uri, - GroupModel.identifier.label('group_identifier') + GroupModel.identifier.label("group_identifier"), ) ) permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict() for pa in permission_assignments: - permissions.setdefault((pa.group_identifier, pa.uri), []).append(pa.permission) + permissions.setdefault((pa.group_identifier, pa.uri), []).append( + pa.permission + ) - return [{'group_identifier': k[0], 'uri': k[1], 'permissions': sorted(v)} - for k, v in permissions.items()] + return [ + {"group_identifier": k[0], "uri": k[1], "permissions": sorted(v)} + for k, v in permissions.items() + ] diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py index d6a5a178c..9f1594999 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py @@ -1,26 +1,18 @@ """Test_get_localtime.""" -import pytest from flask.app import Flask from flask.testing import FlaskClient -from flask_bpmn.api.api_error import ApiError -from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions from tests.spiffworkflow_backend.helpers.base_test import BaseTest -from tests.spiffworkflow_backend.helpers.test_data import load_test_spec -from spiffworkflow_backend.models.group import GroupModel -from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel -from spiffworkflow_backend.models.permission_target import PermissionTargetModel from spiffworkflow_backend.models.script_attributes_context import ( ScriptAttributesContext, ) from spiffworkflow_backend.models.user import UserModel from spiffworkflow_backend.scripts.add_permission import AddPermission -from spiffworkflow_backend.services.process_instance_processor import ( - ProcessInstanceProcessor, -) +from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions class TestGetAllPermissions(BaseTest): + """TestGetAllPermissions.""" def test_can_get_all_permissions( self, @@ -29,6 +21,7 @@ class TestGetAllPermissions(BaseTest): with_db_and_bpmn_file_cleanup: None, with_super_admin_user: UserModel, ) -> None: + """Test_can_get_all_permissions.""" self.find_or_create_user("test_user") # now that we have everything, try to clear it out... @@ -41,14 +34,24 @@ class TestGetAllPermissions(BaseTest): AddPermission().run( script_attributes_context, "start", "PG:hey:group", "my_test_group" ) - AddPermission().run( - script_attributes_context, "all", "/tasks", "my_test_group" - ) + AddPermission().run(script_attributes_context, "all", "/tasks", "my_test_group") expected_permissions = [ - {'group_identifier': 'my_test_group', 'uri': '/process-instances/hey:group:%', 'permissions': ['create']}, - {'group_identifier': 'my_test_group', 'uri': '/process-instances/for-me/hey:group:%', 'permissions': ['read']}, - {'group_identifier': 'my_test_group', 'uri': '/tasks', 'permissions': ['create', 'delete', 'read', 'update']} + { + "group_identifier": "my_test_group", + "uri": "/process-instances/hey:group:%", + "permissions": ["create"], + }, + { + "group_identifier": "my_test_group", + "uri": "/process-instances/for-me/hey:group:%", + "permissions": ["read"], + }, + { + "group_identifier": "my_test_group", + "uri": "/tasks", + "permissions": ["create", "delete", "read", "update"], + }, ] permissions = GetAllPermissions().run(script_attributes_context) diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py index 413e26015..b149ac540 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -1,7 +1,5 @@ """Test_message_service.""" import pytest -from spiffworkflow_backend.services.group_service import GroupService -from spiffworkflow_backend.services.user_service import UserService from flask import Flask from flask.testing import FlaskClient from tests.spiffworkflow_backend.helpers.base_test import BaseTest @@ -10,6 +8,7 @@ from spiffworkflow_backend.models.user import UserModel from spiffworkflow_backend.models.user import UserNotFoundError from spiffworkflow_backend.services.authorization_service import AuthorizationService from spiffworkflow_backend.services.authorization_service import InvalidPermissionError +from spiffworkflow_backend.services.group_service import GroupService from spiffworkflow_backend.services.process_instance_processor import ( ProcessInstanceProcessor, ) @@ -17,6 +16,7 @@ from spiffworkflow_backend.services.process_instance_service import ( ProcessInstanceService, ) from spiffworkflow_backend.services.process_model_service import ProcessModelService +from spiffworkflow_backend.services.user_service import UserService class TestAuthorizationService(BaseTest): @@ -400,16 +400,14 @@ class TestAuthorizationService(BaseTest): with_db_and_bpmn_file_cleanup: None, ) -> None: """Test_granting_access_to_group_gives_access_to_group_and_subgroups.""" - user = self.find_or_create_user(username='user_one') - user_group = GroupService.find_or_create_group('group_one') + user = self.find_or_create_user(username="user_one") + user_group = GroupService.find_or_create_group("group_one") UserService.add_user_to_group(user, user_group) - AuthorizationService.add_permission_from_uri_or_macro(user_group.identifier, "read", "PG:hey") - self.assert_user_has_permission( - user, "read", "/v1.0/process-groups/hey" - ) - self.assert_user_has_permission( - user, "read", "/v1.0/process-groups/hey:yo" + AuthorizationService.add_permission_from_uri_or_macro( + user_group.identifier, "read", "PG:hey" ) + self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey") + self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey:yo") def test_explode_permissions_with_invalid_target_uri( self,