added script to get all permissions for the confirmation page when adding permissions from a process model w/ burnettk
This commit is contained in:
parent
d67ec16879
commit
0ad3708965
|
@ -74,98 +74,98 @@ permissions:
|
||||||
users: []
|
users: []
|
||||||
allowed_permissions: [create, read, update, delete]
|
allowed_permissions: [create, read, update, delete]
|
||||||
uri: /*
|
uri: /*
|
||||||
# admin-readonly:
|
admin-readonly:
|
||||||
# groups: [admin-ro]
|
groups: [admin-ro]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [read]
|
allowed_permissions: [read]
|
||||||
# uri: /*
|
uri: /*
|
||||||
# admin-process-instances-for-readonly:
|
admin-process-instances-for-readonly:
|
||||||
# groups: [admin-ro]
|
groups: [admin-ro]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read, update, delete]
|
allowed_permissions: [create, read, update, delete]
|
||||||
# uri: /process-instances/*
|
uri: /process-instances/*
|
||||||
#
|
|
||||||
# tasks-crud:
|
tasks-crud:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read, update, delete]
|
allowed_permissions: [create, read, update, delete]
|
||||||
# uri: /tasks/*
|
uri: /tasks/*
|
||||||
# service-tasks:
|
service-tasks:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [read]
|
allowed_permissions: [read]
|
||||||
# uri: /service-tasks
|
uri: /service-tasks
|
||||||
# user-groups-for-current-user:
|
user-groups-for-current-user:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [read]
|
allowed_permissions: [read]
|
||||||
# uri: /user-groups/for-current-user
|
uri: /user-groups/for-current-user
|
||||||
#
|
|
||||||
# # read all for everybody
|
# read all for everybody
|
||||||
# read-all-process-groups:
|
read-all-process-groups:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [read]
|
allowed_permissions: [read]
|
||||||
# uri: /process-groups/*
|
uri: /process-groups/*
|
||||||
# read-all-process-models:
|
read-all-process-models:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [read]
|
allowed_permissions: [read]
|
||||||
# uri: /process-models/*
|
uri: /process-models/*
|
||||||
# read-all-process-instances-for-me:
|
read-all-process-instances-for-me:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [read]
|
allowed_permissions: [read]
|
||||||
# uri: /process-instances/for-me/*
|
uri: /process-instances/for-me/*
|
||||||
# read-process-instance-reports:
|
read-process-instance-reports:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read, update, delete]
|
allowed_permissions: [create, read, update, delete]
|
||||||
# uri: /process-instances/reports/*
|
uri: /process-instances/reports/*
|
||||||
# processes-read:
|
processes-read:
|
||||||
# groups: [everybody]
|
groups: [everybody]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [read]
|
allowed_permissions: [read]
|
||||||
# uri: /processes
|
uri: /processes
|
||||||
#
|
|
||||||
#
|
|
||||||
# finance-admin:
|
finance-admin:
|
||||||
# groups: ["Finance Team"]
|
groups: ["Finance Team"]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read, update, delete]
|
allowed_permissions: [create, read, update, delete]
|
||||||
# uri: /process-groups/manage-procurement:procurement:*
|
uri: /process-groups/manage-procurement:procurement:*
|
||||||
#
|
|
||||||
# manage-revenue-streams-instances:
|
manage-revenue-streams-instances:
|
||||||
# groups: ["core-contributor", "demo"]
|
groups: ["core-contributor", "demo"]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read]
|
allowed_permissions: [create, read]
|
||||||
# uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
|
uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
|
||||||
#
|
|
||||||
# manage-procurement-invoice-instances:
|
manage-procurement-invoice-instances:
|
||||||
# groups: ["core-contributor", "demo"]
|
groups: ["core-contributor", "demo"]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read]
|
allowed_permissions: [create, read]
|
||||||
# uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
|
uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
|
||||||
#
|
|
||||||
# manage-procurement-instances:
|
manage-procurement-instances:
|
||||||
# groups: ["core-contributor", "demo"]
|
groups: ["core-contributor", "demo"]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read]
|
allowed_permissions: [create, read]
|
||||||
# uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
|
uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
|
||||||
#
|
|
||||||
# create-test-instances:
|
create-test-instances:
|
||||||
# groups: ["test"]
|
groups: ["test"]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read]
|
allowed_permissions: [create, read]
|
||||||
# uri: /process-instances/misc:test:*
|
uri: /process-instances/misc:test:*
|
||||||
#
|
|
||||||
# core1-admin-instances:
|
core1-admin-instances:
|
||||||
# groups: ["core-contributor", "Finance Team"]
|
groups: ["core-contributor", "Finance Team"]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read]
|
allowed_permissions: [create, read]
|
||||||
# uri: /process-instances/misc:category_number_one:process-model-with-form:*
|
uri: /process-instances/misc:category_number_one:process-model-with-form:*
|
||||||
# core1-admin-instances-slash:
|
core1-admin-instances-slash:
|
||||||
# groups: ["core-contributor", "Finance Team"]
|
groups: ["core-contributor", "Finance Team"]
|
||||||
# users: []
|
users: []
|
||||||
# allowed_permissions: [create, read]
|
allowed_permissions: [create, read]
|
||||||
# uri: /process-instances/misc:category_number_one:process-model-with-form/*
|
uri: /process-instances/misc:category_number_one:process-model-with-form/*
|
||||||
|
|
|
@ -28,8 +28,6 @@ class AddPermission(Script):
|
||||||
allowed_permission = args[0]
|
allowed_permission = args[0]
|
||||||
uri = args[1]
|
uri = args[1]
|
||||||
group_identifier = args[2]
|
group_identifier = args[2]
|
||||||
group = GroupService.find_or_create_group(group_identifier)
|
AuthorizationService.add_permission_from_uri_or_macro(
|
||||||
target = AuthorizationService.find_or_create_permission_target(uri)
|
group_identifier=group_identifier, target=uri, permission=allowed_permission
|
||||||
AuthorizationService.create_permission_for_principal(
|
|
||||||
group.principal, target, allowed_permission
|
|
||||||
)
|
)
|
||||||
|
|
|
@ -0,0 +1,52 @@
|
||||||
|
"""Get_env."""
|
||||||
|
from typing import Any, Set
|
||||||
|
from typing import Union
|
||||||
|
from spiffworkflow_backend.models.group import GroupModel
|
||||||
|
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
|
||||||
|
from spiffworkflow_backend.models.principal import PrincipalModel
|
||||||
|
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
|
||||||
|
|
||||||
|
from spiffworkflow_backend.models.script_attributes_context import (
|
||||||
|
ScriptAttributesContext,
|
||||||
|
)
|
||||||
|
from spiffworkflow_backend.scripts.script import Script
|
||||||
|
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
||||||
|
from spiffworkflow_backend.services.group_service import GroupService
|
||||||
|
|
||||||
|
from collections import OrderedDict
|
||||||
|
|
||||||
|
|
||||||
|
# add_permission("read", "test/*", "Editors")
|
||||||
|
|
||||||
|
|
||||||
|
class GetAllPermissions(Script):
|
||||||
|
|
||||||
|
def get_description(self) -> str:
|
||||||
|
"""Get_description."""
|
||||||
|
return """Get all permissions currently in the system."""
|
||||||
|
|
||||||
|
def run(
|
||||||
|
self,
|
||||||
|
script_attributes_context: ScriptAttributesContext,
|
||||||
|
*args: Any,
|
||||||
|
**kwargs: Any,
|
||||||
|
) -> Any:
|
||||||
|
"""Run."""
|
||||||
|
permission_assignments = (
|
||||||
|
PermissionAssignmentModel.query
|
||||||
|
.join(PrincipalModel, PrincipalModel.id == PermissionAssignmentModel.principal_id)
|
||||||
|
.join(GroupModel, GroupModel.id == PrincipalModel.group_id)
|
||||||
|
.join(PermissionTargetModel, PermissionTargetModel.id == PermissionAssignmentModel.permission_target_id)
|
||||||
|
.add_columns(
|
||||||
|
PermissionAssignmentModel.permission,
|
||||||
|
PermissionTargetModel.uri,
|
||||||
|
GroupModel.identifier.label('group_identifier')
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict()
|
||||||
|
for pa in permission_assignments:
|
||||||
|
permissions.setdefault((pa.group_identifier, pa.uri), []).append(pa.permission)
|
||||||
|
|
||||||
|
return [{'group_identifier': k[0], 'uri': k[1], 'permissions': sorted(v)}
|
||||||
|
for k, v in permissions.items()]
|
|
@ -0,0 +1,55 @@
|
||||||
|
"""Test_get_localtime."""
|
||||||
|
import pytest
|
||||||
|
from flask.app import Flask
|
||||||
|
from flask.testing import FlaskClient
|
||||||
|
from flask_bpmn.api.api_error import ApiError
|
||||||
|
from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
|
||||||
|
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||||
|
from tests.spiffworkflow_backend.helpers.test_data import load_test_spec
|
||||||
|
|
||||||
|
from spiffworkflow_backend.models.group import GroupModel
|
||||||
|
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
|
||||||
|
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
|
||||||
|
from spiffworkflow_backend.models.script_attributes_context import (
|
||||||
|
ScriptAttributesContext,
|
||||||
|
)
|
||||||
|
from spiffworkflow_backend.models.user import UserModel
|
||||||
|
from spiffworkflow_backend.scripts.add_permission import AddPermission
|
||||||
|
from spiffworkflow_backend.services.process_instance_processor import (
|
||||||
|
ProcessInstanceProcessor,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class TestGetAllPermissions(BaseTest):
|
||||||
|
|
||||||
|
def test_can_get_all_permissions(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
self.find_or_create_user("test_user")
|
||||||
|
|
||||||
|
# now that we have everything, try to clear it out...
|
||||||
|
script_attributes_context = ScriptAttributesContext(
|
||||||
|
task=None,
|
||||||
|
environment_identifier="testing",
|
||||||
|
process_instance_id=1,
|
||||||
|
process_model_identifier="my_test_user",
|
||||||
|
)
|
||||||
|
AddPermission().run(
|
||||||
|
script_attributes_context, "start", "PG:hey:group", "my_test_group"
|
||||||
|
)
|
||||||
|
AddPermission().run(
|
||||||
|
script_attributes_context, "all", "/tasks", "my_test_group"
|
||||||
|
)
|
||||||
|
|
||||||
|
expected_permissions = [
|
||||||
|
{'group_identifier': 'my_test_group', 'uri': '/process-instances/hey:group:%', 'permissions': ['create']},
|
||||||
|
{'group_identifier': 'my_test_group', 'uri': '/process-instances/for-me/hey:group:%', 'permissions': ['read']},
|
||||||
|
{'group_identifier': 'my_test_group', 'uri': '/tasks', 'permissions': ['create', 'delete', 'read', 'update']}
|
||||||
|
]
|
||||||
|
|
||||||
|
permissions = GetAllPermissions().run(script_attributes_context)
|
||||||
|
assert permissions == expected_permissions
|
Loading…
Reference in New Issue