added script to get all permissions for the confirmation page when adding permissions from a process model w/ burnettk
This commit is contained in:
parent
d67ec16879
commit
0ad3708965
|
@ -74,98 +74,98 @@ permissions:
|
|||
users: []
|
||||
allowed_permissions: [create, read, update, delete]
|
||||
uri: /*
|
||||
# admin-readonly:
|
||||
# groups: [admin-ro]
|
||||
# users: []
|
||||
# allowed_permissions: [read]
|
||||
# uri: /*
|
||||
# admin-process-instances-for-readonly:
|
||||
# groups: [admin-ro]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read, update, delete]
|
||||
# uri: /process-instances/*
|
||||
#
|
||||
# tasks-crud:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read, update, delete]
|
||||
# uri: /tasks/*
|
||||
# service-tasks:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [read]
|
||||
# uri: /service-tasks
|
||||
# user-groups-for-current-user:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [read]
|
||||
# uri: /user-groups/for-current-user
|
||||
#
|
||||
# # read all for everybody
|
||||
# read-all-process-groups:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [read]
|
||||
# uri: /process-groups/*
|
||||
# read-all-process-models:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [read]
|
||||
# uri: /process-models/*
|
||||
# read-all-process-instances-for-me:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [read]
|
||||
# uri: /process-instances/for-me/*
|
||||
# read-process-instance-reports:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read, update, delete]
|
||||
# uri: /process-instances/reports/*
|
||||
# processes-read:
|
||||
# groups: [everybody]
|
||||
# users: []
|
||||
# allowed_permissions: [read]
|
||||
# uri: /processes
|
||||
#
|
||||
#
|
||||
# finance-admin:
|
||||
# groups: ["Finance Team"]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read, update, delete]
|
||||
# uri: /process-groups/manage-procurement:procurement:*
|
||||
#
|
||||
# manage-revenue-streams-instances:
|
||||
# groups: ["core-contributor", "demo"]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read]
|
||||
# uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
|
||||
#
|
||||
# manage-procurement-invoice-instances:
|
||||
# groups: ["core-contributor", "demo"]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read]
|
||||
# uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
|
||||
#
|
||||
# manage-procurement-instances:
|
||||
# groups: ["core-contributor", "demo"]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read]
|
||||
# uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
|
||||
#
|
||||
# create-test-instances:
|
||||
# groups: ["test"]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read]
|
||||
# uri: /process-instances/misc:test:*
|
||||
#
|
||||
# core1-admin-instances:
|
||||
# groups: ["core-contributor", "Finance Team"]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read]
|
||||
# uri: /process-instances/misc:category_number_one:process-model-with-form:*
|
||||
# core1-admin-instances-slash:
|
||||
# groups: ["core-contributor", "Finance Team"]
|
||||
# users: []
|
||||
# allowed_permissions: [create, read]
|
||||
# uri: /process-instances/misc:category_number_one:process-model-with-form/*
|
||||
admin-readonly:
|
||||
groups: [admin-ro]
|
||||
users: []
|
||||
allowed_permissions: [read]
|
||||
uri: /*
|
||||
admin-process-instances-for-readonly:
|
||||
groups: [admin-ro]
|
||||
users: []
|
||||
allowed_permissions: [create, read, update, delete]
|
||||
uri: /process-instances/*
|
||||
|
||||
tasks-crud:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [create, read, update, delete]
|
||||
uri: /tasks/*
|
||||
service-tasks:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [read]
|
||||
uri: /service-tasks
|
||||
user-groups-for-current-user:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [read]
|
||||
uri: /user-groups/for-current-user
|
||||
|
||||
# read all for everybody
|
||||
read-all-process-groups:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [read]
|
||||
uri: /process-groups/*
|
||||
read-all-process-models:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [read]
|
||||
uri: /process-models/*
|
||||
read-all-process-instances-for-me:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [read]
|
||||
uri: /process-instances/for-me/*
|
||||
read-process-instance-reports:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [create, read, update, delete]
|
||||
uri: /process-instances/reports/*
|
||||
processes-read:
|
||||
groups: [everybody]
|
||||
users: []
|
||||
allowed_permissions: [read]
|
||||
uri: /processes
|
||||
|
||||
|
||||
finance-admin:
|
||||
groups: ["Finance Team"]
|
||||
users: []
|
||||
allowed_permissions: [create, read, update, delete]
|
||||
uri: /process-groups/manage-procurement:procurement:*
|
||||
|
||||
manage-revenue-streams-instances:
|
||||
groups: ["core-contributor", "demo"]
|
||||
users: []
|
||||
allowed_permissions: [create, read]
|
||||
uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
|
||||
|
||||
manage-procurement-invoice-instances:
|
||||
groups: ["core-contributor", "demo"]
|
||||
users: []
|
||||
allowed_permissions: [create, read]
|
||||
uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
|
||||
|
||||
manage-procurement-instances:
|
||||
groups: ["core-contributor", "demo"]
|
||||
users: []
|
||||
allowed_permissions: [create, read]
|
||||
uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
|
||||
|
||||
create-test-instances:
|
||||
groups: ["test"]
|
||||
users: []
|
||||
allowed_permissions: [create, read]
|
||||
uri: /process-instances/misc:test:*
|
||||
|
||||
core1-admin-instances:
|
||||
groups: ["core-contributor", "Finance Team"]
|
||||
users: []
|
||||
allowed_permissions: [create, read]
|
||||
uri: /process-instances/misc:category_number_one:process-model-with-form:*
|
||||
core1-admin-instances-slash:
|
||||
groups: ["core-contributor", "Finance Team"]
|
||||
users: []
|
||||
allowed_permissions: [create, read]
|
||||
uri: /process-instances/misc:category_number_one:process-model-with-form/*
|
||||
|
|
|
@ -28,8 +28,6 @@ class AddPermission(Script):
|
|||
allowed_permission = args[0]
|
||||
uri = args[1]
|
||||
group_identifier = args[2]
|
||||
group = GroupService.find_or_create_group(group_identifier)
|
||||
target = AuthorizationService.find_or_create_permission_target(uri)
|
||||
AuthorizationService.create_permission_for_principal(
|
||||
group.principal, target, allowed_permission
|
||||
AuthorizationService.add_permission_from_uri_or_macro(
|
||||
group_identifier=group_identifier, target=uri, permission=allowed_permission
|
||||
)
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
"""Get_env."""
|
||||
from typing import Any, Set
|
||||
from typing import Union
|
||||
from spiffworkflow_backend.models.group import GroupModel
|
||||
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
|
||||
from spiffworkflow_backend.models.principal import PrincipalModel
|
||||
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
|
||||
|
||||
from spiffworkflow_backend.models.script_attributes_context import (
|
||||
ScriptAttributesContext,
|
||||
)
|
||||
from spiffworkflow_backend.scripts.script import Script
|
||||
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
||||
from spiffworkflow_backend.services.group_service import GroupService
|
||||
|
||||
from collections import OrderedDict
|
||||
|
||||
|
||||
# add_permission("read", "test/*", "Editors")
|
||||
|
||||
|
||||
class GetAllPermissions(Script):
|
||||
|
||||
def get_description(self) -> str:
|
||||
"""Get_description."""
|
||||
return """Get all permissions currently in the system."""
|
||||
|
||||
def run(
|
||||
self,
|
||||
script_attributes_context: ScriptAttributesContext,
|
||||
*args: Any,
|
||||
**kwargs: Any,
|
||||
) -> Any:
|
||||
"""Run."""
|
||||
permission_assignments = (
|
||||
PermissionAssignmentModel.query
|
||||
.join(PrincipalModel, PrincipalModel.id == PermissionAssignmentModel.principal_id)
|
||||
.join(GroupModel, GroupModel.id == PrincipalModel.group_id)
|
||||
.join(PermissionTargetModel, PermissionTargetModel.id == PermissionAssignmentModel.permission_target_id)
|
||||
.add_columns(
|
||||
PermissionAssignmentModel.permission,
|
||||
PermissionTargetModel.uri,
|
||||
GroupModel.identifier.label('group_identifier')
|
||||
)
|
||||
)
|
||||
|
||||
permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict()
|
||||
for pa in permission_assignments:
|
||||
permissions.setdefault((pa.group_identifier, pa.uri), []).append(pa.permission)
|
||||
|
||||
return [{'group_identifier': k[0], 'uri': k[1], 'permissions': sorted(v)}
|
||||
for k, v in permissions.items()]
|
|
@ -0,0 +1,55 @@
|
|||
"""Test_get_localtime."""
|
||||
import pytest
|
||||
from flask.app import Flask
|
||||
from flask.testing import FlaskClient
|
||||
from flask_bpmn.api.api_error import ApiError
|
||||
from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
|
||||
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||
from tests.spiffworkflow_backend.helpers.test_data import load_test_spec
|
||||
|
||||
from spiffworkflow_backend.models.group import GroupModel
|
||||
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
|
||||
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
|
||||
from spiffworkflow_backend.models.script_attributes_context import (
|
||||
ScriptAttributesContext,
|
||||
)
|
||||
from spiffworkflow_backend.models.user import UserModel
|
||||
from spiffworkflow_backend.scripts.add_permission import AddPermission
|
||||
from spiffworkflow_backend.services.process_instance_processor import (
|
||||
ProcessInstanceProcessor,
|
||||
)
|
||||
|
||||
|
||||
class TestGetAllPermissions(BaseTest):
|
||||
|
||||
def test_can_get_all_permissions(
|
||||
self,
|
||||
app: Flask,
|
||||
client: FlaskClient,
|
||||
with_db_and_bpmn_file_cleanup: None,
|
||||
with_super_admin_user: UserModel,
|
||||
) -> None:
|
||||
self.find_or_create_user("test_user")
|
||||
|
||||
# now that we have everything, try to clear it out...
|
||||
script_attributes_context = ScriptAttributesContext(
|
||||
task=None,
|
||||
environment_identifier="testing",
|
||||
process_instance_id=1,
|
||||
process_model_identifier="my_test_user",
|
||||
)
|
||||
AddPermission().run(
|
||||
script_attributes_context, "start", "PG:hey:group", "my_test_group"
|
||||
)
|
||||
AddPermission().run(
|
||||
script_attributes_context, "all", "/tasks", "my_test_group"
|
||||
)
|
||||
|
||||
expected_permissions = [
|
||||
{'group_identifier': 'my_test_group', 'uri': '/process-instances/hey:group:%', 'permissions': ['create']},
|
||||
{'group_identifier': 'my_test_group', 'uri': '/process-instances/for-me/hey:group:%', 'permissions': ['read']},
|
||||
{'group_identifier': 'my_test_group', 'uri': '/tasks', 'permissions': ['create', 'delete', 'read', 'update']}
|
||||
]
|
||||
|
||||
permissions = GetAllPermissions().run(script_attributes_context)
|
||||
assert permissions == expected_permissions
|
Loading…
Reference in New Issue