sartography
/
spiffworkflow-backend
mirror of https://github.com/sartography/spiffworkflow-backend.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed tests w/ burnettk

This commit is contained in:
jasquat 2023-02-21 15:28:54 -05:00
parent 40db077e35
commit 182d657d67
4 changed files with 27 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/spiffworkflow_backend/services/authorization_service.py
View File

@ -576,7 +576,8 @@ class AuthorizationService:
# both for-me and NOT for-me URLs for the instance in question to see if you should get access to its logs.
# if we implemented things this way, there would also be no way to restrict access to logs when you do not
# restrict access to instances. everything would be inheriting permissions from instances.
# if we want to really codify this rule, we could change logs from a prefix to a suffix (just add it to the end of the process instances path).
# if we want to really codify this rule, we could change logs from a prefix to a suffix
# (just add it to the end of the process instances path).
# but that makes it harder to change our minds in the future.
for target_uri in [
f"/process-instances/for-me/{process_related_path_segment}",

16
src/spiffworkflow_backend/services/git_service.py
View File

@ -154,17 +154,21 @@ class GitService:
cls, command: list[str], return_success_state: bool = False
) -> Union[subprocess.CompletedProcess[bytes], bool]:
"""Run_shell_command."""
env = {
'GIT_COMMITTER_NAME': current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME", "unknown"),
'GIT_COMMITTER_EMAIL': current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", "unknown@example.org"),
git_env_options = {
"GIT_COMMITTER_NAME": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") or 'unknown',
"GIT_COMMITTER_EMAIL": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") or "unknown@example.org",
}
# SSH authentication can be also provided via gitconfig.
ssh_key_path = current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH")
ssh_key_path = current_app.config.get(
"SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH"
)
if ssh_key_path is not None:
env['GIT_SSH_COMMAND'] = 'ssh -F /dev/null -i %s' % ssh_key_path
git_env_options["GIT_SSH_COMMAND"] = "ssh -F /dev/null -i %s" % ssh_key_path
# this is fine since we pass the commands directly
result = subprocess.run(command, check=False, capture_output=True, env=env) # noqa
result = subprocess.run( # noqa
command, check=False, capture_output=True, env=git_env_options
)
if return_success_state:
return result.returncode == 0

1
tests/spiffworkflow_backend/scripts/test_get_all_permissions.py
View File

@ -61,6 +61,7 @@ class TestGetAllPermissions(BaseTest):
"uri": "/tasks",
"permissions": ["create", "read", "update", "delete"],
},
{'group_identifier': 'my_test_group', 'uri': '/process-data-file-download/hey:group:*', 'permissions': ['read']}
]
permissions = GetAllPermissions().run(script_attributes_context)

18
tests/spiffworkflow_backend/unit/test_authorization_service.py
View File

@ -156,9 +156,10 @@ class TestAuthorizationService(BaseTest):
with_db_and_bpmn_file_cleanup: None,
) -> None:
"""Test_explode_permissions_all_on_process_group."""
expected_permissions = [
expected_permissions = sorted([
("/logs/some-process-group:some-process-model:*", "read"),
("/process-data/some-process-group:some-process-model:*", "read"),
("/process-data-file-download/some-process-group:some-process-model:*", "read"),
("/process-groups/some-process-group:some-process-model:*", "create"),
("/process-groups/some-process-group:some-process-model:*", "delete"),
("/process-groups/some-process-group:some-process-model:*", "read"),
@ -180,7 +181,7 @@ class TestAuthorizationService(BaseTest):
("/process-models/some-process-group:some-process-model:*", "update"),
("/task-data/some-process-group:some-process-model:*", "read"),
("/task-data/some-process-group:some-process-model:*", "update"),
]
])
permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PG:/some-process-group/some-process-model"
)
@ -201,6 +202,10 @@ class TestAuthorizationService(BaseTest):
"/logs/some-process-group:some-process-model:*",
"read",
),
(
"/process-data-file-download/some-process-group:some-process-model:*",
"read",
),
(
"/process-instances/for-me/some-process-group:some-process-model:*",
"read",
@ -222,8 +227,9 @@ class TestAuthorizationService(BaseTest):
with_db_and_bpmn_file_cleanup: None,
) -> None:
"""Test_explode_permissions_all_on_process_model."""
expected_permissions = [
expected_permissions = sorted([
("/logs/some-process-group:some-process-model/*", "read"),
("/process-data-file-download/some-process-group:some-process-model/*", "read"),
("/process-data/some-process-group:some-process-model/*", "read"),
(
"/process-instance-suspend/some-process-group:some-process-model/*",
@ -242,7 +248,7 @@ class TestAuthorizationService(BaseTest):
("/process-models/some-process-group:some-process-model/*", "update"),
("/task-data/some-process-group:some-process-model/*", "read"),
("/task-data/some-process-group:some-process-model/*", "update"),
]
])
permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PM:/some-process-group/some-process-model"
)
@ -263,6 +269,10 @@ class TestAuthorizationService(BaseTest):
"/logs/some-process-group:some-process-model/*",
"read",
),
(
"/process-data-file-download/some-process-group:some-process-model/*",
"read",
),
(
"/process-instances/for-me/some-process-group:some-process-model/*",
"read",