pyl w/ burnettk

This commit is contained in:
jasquat 2022-12-22 12:32:26 -05:00
parent a855df858b
commit ff61026ff5
4 changed files with 49 additions and 42 deletions

View File

@ -6,7 +6,6 @@ from spiffworkflow_backend.models.script_attributes_context import (
) )
from spiffworkflow_backend.scripts.script import Script from spiffworkflow_backend.scripts.script import Script
from spiffworkflow_backend.services.authorization_service import AuthorizationService from spiffworkflow_backend.services.authorization_service import AuthorizationService
from spiffworkflow_backend.services.group_service import GroupService
# add_permission("read", "test/*", "Editors") # add_permission("read", "test/*", "Editors")

View File

@ -1,25 +1,22 @@
"""Get_env.""" """Get_env."""
from typing import Any, Set from collections import OrderedDict
from typing import Union from typing import Any
from spiffworkflow_backend.models.group import GroupModel from spiffworkflow_backend.models.group import GroupModel
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
from spiffworkflow_backend.models.permission_target import PermissionTargetModel from spiffworkflow_backend.models.permission_target import PermissionTargetModel
from spiffworkflow_backend.models.principal import PrincipalModel from spiffworkflow_backend.models.principal import PrincipalModel
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
from spiffworkflow_backend.models.script_attributes_context import ( from spiffworkflow_backend.models.script_attributes_context import (
ScriptAttributesContext, ScriptAttributesContext,
) )
from spiffworkflow_backend.scripts.script import Script from spiffworkflow_backend.scripts.script import Script
from spiffworkflow_backend.services.authorization_service import AuthorizationService
from spiffworkflow_backend.services.group_service import GroupService
from collections import OrderedDict
# add_permission("read", "test/*", "Editors") # add_permission("read", "test/*", "Editors")
class GetAllPermissions(Script): class GetAllPermissions(Script):
"""GetAllPermissions."""
def get_description(self) -> str: def get_description(self) -> str:
"""Get_description.""" """Get_description."""
@ -33,20 +30,30 @@ class GetAllPermissions(Script):
) -> Any: ) -> Any:
"""Run.""" """Run."""
permission_assignments = ( permission_assignments = (
PermissionAssignmentModel.query PermissionAssignmentModel.query.join(
.join(PrincipalModel, PrincipalModel.id == PermissionAssignmentModel.principal_id) PrincipalModel,
PrincipalModel.id == PermissionAssignmentModel.principal_id,
)
.join(GroupModel, GroupModel.id == PrincipalModel.group_id) .join(GroupModel, GroupModel.id == PrincipalModel.group_id)
.join(PermissionTargetModel, PermissionTargetModel.id == PermissionAssignmentModel.permission_target_id) .join(
PermissionTargetModel,
PermissionTargetModel.id
== PermissionAssignmentModel.permission_target_id,
)
.add_columns( .add_columns(
PermissionAssignmentModel.permission, PermissionAssignmentModel.permission,
PermissionTargetModel.uri, PermissionTargetModel.uri,
GroupModel.identifier.label('group_identifier') GroupModel.identifier.label("group_identifier"),
) )
) )
permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict() permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict()
for pa in permission_assignments: for pa in permission_assignments:
permissions.setdefault((pa.group_identifier, pa.uri), []).append(pa.permission) permissions.setdefault((pa.group_identifier, pa.uri), []).append(
pa.permission
)
return [{'group_identifier': k[0], 'uri': k[1], 'permissions': sorted(v)} return [
for k, v in permissions.items()] {"group_identifier": k[0], "uri": k[1], "permissions": sorted(v)}
for k, v in permissions.items()
]

View File

@ -1,26 +1,18 @@
"""Test_get_localtime.""" """Test_get_localtime."""
import pytest
from flask.app import Flask from flask.app import Flask
from flask.testing import FlaskClient from flask.testing import FlaskClient
from flask_bpmn.api.api_error import ApiError
from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
from tests.spiffworkflow_backend.helpers.base_test import BaseTest from tests.spiffworkflow_backend.helpers.base_test import BaseTest
from tests.spiffworkflow_backend.helpers.test_data import load_test_spec
from spiffworkflow_backend.models.group import GroupModel
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
from spiffworkflow_backend.models.script_attributes_context import ( from spiffworkflow_backend.models.script_attributes_context import (
ScriptAttributesContext, ScriptAttributesContext,
) )
from spiffworkflow_backend.models.user import UserModel from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.scripts.add_permission import AddPermission from spiffworkflow_backend.scripts.add_permission import AddPermission
from spiffworkflow_backend.services.process_instance_processor import ( from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
ProcessInstanceProcessor,
)
class TestGetAllPermissions(BaseTest): class TestGetAllPermissions(BaseTest):
"""TestGetAllPermissions."""
def test_can_get_all_permissions( def test_can_get_all_permissions(
self, self,
@ -29,6 +21,7 @@ class TestGetAllPermissions(BaseTest):
with_db_and_bpmn_file_cleanup: None, with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel, with_super_admin_user: UserModel,
) -> None: ) -> None:
"""Test_can_get_all_permissions."""
self.find_or_create_user("test_user") self.find_or_create_user("test_user")
# now that we have everything, try to clear it out... # now that we have everything, try to clear it out...
@ -41,14 +34,24 @@ class TestGetAllPermissions(BaseTest):
AddPermission().run( AddPermission().run(
script_attributes_context, "start", "PG:hey:group", "my_test_group" script_attributes_context, "start", "PG:hey:group", "my_test_group"
) )
AddPermission().run( AddPermission().run(script_attributes_context, "all", "/tasks", "my_test_group")
script_attributes_context, "all", "/tasks", "my_test_group"
)
expected_permissions = [ expected_permissions = [
{'group_identifier': 'my_test_group', 'uri': '/process-instances/hey:group:%', 'permissions': ['create']}, {
{'group_identifier': 'my_test_group', 'uri': '/process-instances/for-me/hey:group:%', 'permissions': ['read']}, "group_identifier": "my_test_group",
{'group_identifier': 'my_test_group', 'uri': '/tasks', 'permissions': ['create', 'delete', 'read', 'update']} "uri": "/process-instances/hey:group:%",
"permissions": ["create"],
},
{
"group_identifier": "my_test_group",
"uri": "/process-instances/for-me/hey:group:%",
"permissions": ["read"],
},
{
"group_identifier": "my_test_group",
"uri": "/tasks",
"permissions": ["create", "delete", "read", "update"],
},
] ]
permissions = GetAllPermissions().run(script_attributes_context) permissions = GetAllPermissions().run(script_attributes_context)

View File

@ -1,7 +1,5 @@
"""Test_message_service.""" """Test_message_service."""
import pytest import pytest
from spiffworkflow_backend.services.group_service import GroupService
from spiffworkflow_backend.services.user_service import UserService
from flask import Flask from flask import Flask
from flask.testing import FlaskClient from flask.testing import FlaskClient
from tests.spiffworkflow_backend.helpers.base_test import BaseTest from tests.spiffworkflow_backend.helpers.base_test import BaseTest
@ -10,6 +8,7 @@ from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.models.user import UserNotFoundError from spiffworkflow_backend.models.user import UserNotFoundError
from spiffworkflow_backend.services.authorization_service import AuthorizationService from spiffworkflow_backend.services.authorization_service import AuthorizationService
from spiffworkflow_backend.services.authorization_service import InvalidPermissionError from spiffworkflow_backend.services.authorization_service import InvalidPermissionError
from spiffworkflow_backend.services.group_service import GroupService
from spiffworkflow_backend.services.process_instance_processor import ( from spiffworkflow_backend.services.process_instance_processor import (
ProcessInstanceProcessor, ProcessInstanceProcessor,
) )
@ -17,6 +16,7 @@ from spiffworkflow_backend.services.process_instance_service import (
ProcessInstanceService, ProcessInstanceService,
) )
from spiffworkflow_backend.services.process_model_service import ProcessModelService from spiffworkflow_backend.services.process_model_service import ProcessModelService
from spiffworkflow_backend.services.user_service import UserService
class TestAuthorizationService(BaseTest): class TestAuthorizationService(BaseTest):
@ -400,16 +400,14 @@ class TestAuthorizationService(BaseTest):
with_db_and_bpmn_file_cleanup: None, with_db_and_bpmn_file_cleanup: None,
) -> None: ) -> None:
"""Test_granting_access_to_group_gives_access_to_group_and_subgroups.""" """Test_granting_access_to_group_gives_access_to_group_and_subgroups."""
user = self.find_or_create_user(username='user_one') user = self.find_or_create_user(username="user_one")
user_group = GroupService.find_or_create_group('group_one') user_group = GroupService.find_or_create_group("group_one")
UserService.add_user_to_group(user, user_group) UserService.add_user_to_group(user, user_group)
AuthorizationService.add_permission_from_uri_or_macro(user_group.identifier, "read", "PG:hey") AuthorizationService.add_permission_from_uri_or_macro(
self.assert_user_has_permission( user_group.identifier, "read", "PG:hey"
user, "read", "/v1.0/process-groups/hey"
)
self.assert_user_has_permission(
user, "read", "/v1.0/process-groups/hey:yo"
) )
self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey")
self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey:yo")
def test_explode_permissions_with_invalid_target_uri( def test_explode_permissions_with_invalid_target_uri(
self, self,