trim down granted permissions to just the ones that exist in the API, improve output of permissions
This commit is contained in:
parent
3fd9aafe01
commit
25022c35fb
|
@ -50,7 +50,22 @@ class GetAllPermissions(Script):
|
|||
pa.permission
|
||||
)
|
||||
|
||||
def replace_suffix(string: str, old: str, new: str) -> str:
|
||||
"""Replace_suffix."""
|
||||
if string.endswith(old):
|
||||
return string[: -len(old)] + new
|
||||
return string
|
||||
|
||||
# sort list of strings based on a specific order
|
||||
def sort_by_order(string_list: list, order: list) -> list:
|
||||
"""Sort_by_order."""
|
||||
return sorted(string_list, key=lambda x: order.index(x))
|
||||
|
||||
return [
|
||||
{"group_identifier": k[0], "uri": k[1], "permissions": sorted(v)}
|
||||
{
|
||||
"group_identifier": k[0],
|
||||
"uri": replace_suffix(k[1], "%", "*"),
|
||||
"permissions": sort_by_order(v, ["create", "read", "update", "delete"]),
|
||||
}
|
||||
for k, v in permissions.items()
|
||||
]
|
||||
|
|
|
@ -62,12 +62,17 @@ class PermissionToAssign:
|
|||
target_uri: str
|
||||
|
||||
|
||||
# the relevant permissions are the only API methods that are currently available for each path prefix.
|
||||
# if we add further API methods, we'll need to evaluate whether they should be added here.
|
||||
PATH_SEGMENTS_FOR_PERMISSION_ALL = [
|
||||
"/logs",
|
||||
"/process-instances",
|
||||
"/process-instance-suspend",
|
||||
"/process-instance-terminate",
|
||||
"/task-data",
|
||||
{"path": "/logs", "relevant_permissions": ["read"]},
|
||||
{
|
||||
"path": "/process-instances",
|
||||
"relevant_permissions": ["create", "read", "delete"],
|
||||
},
|
||||
{"path": "/process-instance-suspend", "relevant_permissions": ["create"]},
|
||||
{"path": "/process-instance-terminate", "relevant_permissions": ["create"]},
|
||||
{"path": "/task-data", "relevant_permissions": ["read", "update"]},
|
||||
]
|
||||
|
||||
|
||||
|
@ -589,8 +594,17 @@ class AuthorizationService:
|
|||
|
||||
else:
|
||||
if permission_set == "all":
|
||||
for path_segment in PATH_SEGMENTS_FOR_PERMISSION_ALL:
|
||||
target_uris.append(f"{path_segment}/{process_related_path_segment}")
|
||||
for path_segment_dict in PATH_SEGMENTS_FOR_PERMISSION_ALL:
|
||||
target_uri = (
|
||||
f"{path_segment_dict['path']}/{process_related_path_segment}"
|
||||
)
|
||||
relevant_permissions = path_segment_dict["relevant_permissions"]
|
||||
for permission in relevant_permissions:
|
||||
permissions_to_assign.append(
|
||||
PermissionToAssign(
|
||||
permission=permission, target_uri=target_uri
|
||||
)
|
||||
)
|
||||
|
||||
for target_uri in target_uris:
|
||||
for permission in permissions:
|
||||
|
|
|
@ -41,18 +41,18 @@ class TestGetAllPermissions(BaseTest):
|
|||
expected_permissions = [
|
||||
{
|
||||
"group_identifier": "my_test_group",
|
||||
"uri": "/process-instances/hey:group:%",
|
||||
"uri": "/process-instances/hey:group:*",
|
||||
"permissions": ["create"],
|
||||
},
|
||||
{
|
||||
"group_identifier": "my_test_group",
|
||||
"uri": "/process-instances/for-me/hey:group:%",
|
||||
"uri": "/process-instances/for-me/hey:group:*",
|
||||
"permissions": ["read"],
|
||||
},
|
||||
{
|
||||
"group_identifier": "my_test_group",
|
||||
"uri": "/tasks",
|
||||
"permissions": ["create", "delete", "read", "update"],
|
||||
"permissions": ["create", "read", "update", "delete"],
|
||||
},
|
||||
]
|
||||
|
||||
|
|
|
@ -157,10 +157,7 @@ class TestAuthorizationService(BaseTest):
|
|||
) -> None:
|
||||
"""Test_explode_permissions_all_on_process_group."""
|
||||
expected_permissions = [
|
||||
("/logs/some-process-group:some-process-model:*", "create"),
|
||||
("/logs/some-process-group:some-process-model:*", "delete"),
|
||||
("/logs/some-process-group:some-process-model:*", "read"),
|
||||
("/logs/some-process-group:some-process-model:*", "update"),
|
||||
("/process-groups/some-process-group:some-process-model:*", "create"),
|
||||
("/process-groups/some-process-group:some-process-model:*", "delete"),
|
||||
("/process-groups/some-process-group:some-process-model:*", "read"),
|
||||
|
@ -169,44 +166,17 @@ class TestAuthorizationService(BaseTest):
|
|||
"/process-instance-suspend/some-process-group:some-process-model:*",
|
||||
"create",
|
||||
),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model:*",
|
||||
"delete",
|
||||
),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model:*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model:*",
|
||||
"update",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model:*",
|
||||
"create",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model:*",
|
||||
"delete",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model:*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model:*",
|
||||
"update",
|
||||
),
|
||||
("/process-instances/some-process-group:some-process-model:*", "create"),
|
||||
("/process-instances/some-process-group:some-process-model:*", "delete"),
|
||||
("/process-instances/some-process-group:some-process-model:*", "read"),
|
||||
("/process-instances/some-process-group:some-process-model:*", "update"),
|
||||
("/process-models/some-process-group:some-process-model:*", "create"),
|
||||
("/process-models/some-process-group:some-process-model:*", "delete"),
|
||||
("/process-models/some-process-group:some-process-model:*", "read"),
|
||||
("/process-models/some-process-group:some-process-model:*", "update"),
|
||||
("/task-data/some-process-group:some-process-model:*", "create"),
|
||||
("/task-data/some-process-group:some-process-model:*", "delete"),
|
||||
("/task-data/some-process-group:some-process-model:*", "read"),
|
||||
("/task-data/some-process-group:some-process-model:*", "update"),
|
||||
]
|
||||
|
@ -248,52 +218,22 @@ class TestAuthorizationService(BaseTest):
|
|||
) -> None:
|
||||
"""Test_explode_permissions_all_on_process_model."""
|
||||
expected_permissions = [
|
||||
("/logs/some-process-group:some-process-model/*", "create"),
|
||||
("/logs/some-process-group:some-process-model/*", "delete"),
|
||||
("/logs/some-process-group:some-process-model/*", "read"),
|
||||
("/logs/some-process-group:some-process-model/*", "update"),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model/*",
|
||||
"create",
|
||||
),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model/*",
|
||||
"delete",
|
||||
),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model/*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model/*",
|
||||
"update",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model/*",
|
||||
"create",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model/*",
|
||||
"delete",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model/*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-instance-terminate/some-process-group:some-process-model/*",
|
||||
"update",
|
||||
),
|
||||
("/process-instances/some-process-group:some-process-model/*", "create"),
|
||||
("/process-instances/some-process-group:some-process-model/*", "delete"),
|
||||
("/process-instances/some-process-group:some-process-model/*", "read"),
|
||||
("/process-instances/some-process-group:some-process-model/*", "update"),
|
||||
("/process-models/some-process-group:some-process-model/*", "create"),
|
||||
("/process-models/some-process-group:some-process-model/*", "delete"),
|
||||
("/process-models/some-process-group:some-process-model/*", "read"),
|
||||
("/process-models/some-process-group:some-process-model/*", "update"),
|
||||
("/task-data/some-process-group:some-process-model/*", "create"),
|
||||
("/task-data/some-process-group:some-process-model/*", "delete"),
|
||||
("/task-data/some-process-group:some-process-model/*", "read"),
|
||||
("/task-data/some-process-group:some-process-model/*", "update"),
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue