pyl w/ burnettk
This commit is contained in:
parent
0ad3708965
commit
2b5d03bebd
|
@ -6,7 +6,6 @@ from spiffworkflow_backend.models.script_attributes_context import (
|
||||||
)
|
)
|
||||||
from spiffworkflow_backend.scripts.script import Script
|
from spiffworkflow_backend.scripts.script import Script
|
||||||
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
||||||
from spiffworkflow_backend.services.group_service import GroupService
|
|
||||||
|
|
||||||
# add_permission("read", "test/*", "Editors")
|
# add_permission("read", "test/*", "Editors")
|
||||||
|
|
||||||
|
|
|
@ -1,25 +1,22 @@
|
||||||
"""Get_env."""
|
"""Get_env."""
|
||||||
from typing import Any, Set
|
from collections import OrderedDict
|
||||||
from typing import Union
|
from typing import Any
|
||||||
|
|
||||||
from spiffworkflow_backend.models.group import GroupModel
|
from spiffworkflow_backend.models.group import GroupModel
|
||||||
|
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
|
||||||
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
|
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
|
||||||
from spiffworkflow_backend.models.principal import PrincipalModel
|
from spiffworkflow_backend.models.principal import PrincipalModel
|
||||||
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
|
|
||||||
|
|
||||||
from spiffworkflow_backend.models.script_attributes_context import (
|
from spiffworkflow_backend.models.script_attributes_context import (
|
||||||
ScriptAttributesContext,
|
ScriptAttributesContext,
|
||||||
)
|
)
|
||||||
from spiffworkflow_backend.scripts.script import Script
|
from spiffworkflow_backend.scripts.script import Script
|
||||||
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
|
||||||
from spiffworkflow_backend.services.group_service import GroupService
|
|
||||||
|
|
||||||
from collections import OrderedDict
|
|
||||||
|
|
||||||
|
|
||||||
# add_permission("read", "test/*", "Editors")
|
# add_permission("read", "test/*", "Editors")
|
||||||
|
|
||||||
|
|
||||||
class GetAllPermissions(Script):
|
class GetAllPermissions(Script):
|
||||||
|
"""GetAllPermissions."""
|
||||||
|
|
||||||
def get_description(self) -> str:
|
def get_description(self) -> str:
|
||||||
"""Get_description."""
|
"""Get_description."""
|
||||||
|
@ -33,20 +30,30 @@ class GetAllPermissions(Script):
|
||||||
) -> Any:
|
) -> Any:
|
||||||
"""Run."""
|
"""Run."""
|
||||||
permission_assignments = (
|
permission_assignments = (
|
||||||
PermissionAssignmentModel.query
|
PermissionAssignmentModel.query.join(
|
||||||
.join(PrincipalModel, PrincipalModel.id == PermissionAssignmentModel.principal_id)
|
PrincipalModel,
|
||||||
|
PrincipalModel.id == PermissionAssignmentModel.principal_id,
|
||||||
|
)
|
||||||
.join(GroupModel, GroupModel.id == PrincipalModel.group_id)
|
.join(GroupModel, GroupModel.id == PrincipalModel.group_id)
|
||||||
.join(PermissionTargetModel, PermissionTargetModel.id == PermissionAssignmentModel.permission_target_id)
|
.join(
|
||||||
|
PermissionTargetModel,
|
||||||
|
PermissionTargetModel.id
|
||||||
|
== PermissionAssignmentModel.permission_target_id,
|
||||||
|
)
|
||||||
.add_columns(
|
.add_columns(
|
||||||
PermissionAssignmentModel.permission,
|
PermissionAssignmentModel.permission,
|
||||||
PermissionTargetModel.uri,
|
PermissionTargetModel.uri,
|
||||||
GroupModel.identifier.label('group_identifier')
|
GroupModel.identifier.label("group_identifier"),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict()
|
permissions: OrderedDict[tuple[str, str], list[str]] = OrderedDict()
|
||||||
for pa in permission_assignments:
|
for pa in permission_assignments:
|
||||||
permissions.setdefault((pa.group_identifier, pa.uri), []).append(pa.permission)
|
permissions.setdefault((pa.group_identifier, pa.uri), []).append(
|
||||||
|
pa.permission
|
||||||
|
)
|
||||||
|
|
||||||
return [{'group_identifier': k[0], 'uri': k[1], 'permissions': sorted(v)}
|
return [
|
||||||
for k, v in permissions.items()]
|
{"group_identifier": k[0], "uri": k[1], "permissions": sorted(v)}
|
||||||
|
for k, v in permissions.items()
|
||||||
|
]
|
||||||
|
|
|
@ -1,26 +1,18 @@
|
||||||
"""Test_get_localtime."""
|
"""Test_get_localtime."""
|
||||||
import pytest
|
|
||||||
from flask.app import Flask
|
from flask.app import Flask
|
||||||
from flask.testing import FlaskClient
|
from flask.testing import FlaskClient
|
||||||
from flask_bpmn.api.api_error import ApiError
|
|
||||||
from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
|
|
||||||
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||||
from tests.spiffworkflow_backend.helpers.test_data import load_test_spec
|
|
||||||
|
|
||||||
from spiffworkflow_backend.models.group import GroupModel
|
|
||||||
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel
|
|
||||||
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
|
|
||||||
from spiffworkflow_backend.models.script_attributes_context import (
|
from spiffworkflow_backend.models.script_attributes_context import (
|
||||||
ScriptAttributesContext,
|
ScriptAttributesContext,
|
||||||
)
|
)
|
||||||
from spiffworkflow_backend.models.user import UserModel
|
from spiffworkflow_backend.models.user import UserModel
|
||||||
from spiffworkflow_backend.scripts.add_permission import AddPermission
|
from spiffworkflow_backend.scripts.add_permission import AddPermission
|
||||||
from spiffworkflow_backend.services.process_instance_processor import (
|
from spiffworkflow_backend.scripts.get_all_permissions import GetAllPermissions
|
||||||
ProcessInstanceProcessor,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class TestGetAllPermissions(BaseTest):
|
class TestGetAllPermissions(BaseTest):
|
||||||
|
"""TestGetAllPermissions."""
|
||||||
|
|
||||||
def test_can_get_all_permissions(
|
def test_can_get_all_permissions(
|
||||||
self,
|
self,
|
||||||
|
@ -29,6 +21,7 @@ class TestGetAllPermissions(BaseTest):
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
with_super_admin_user: UserModel,
|
with_super_admin_user: UserModel,
|
||||||
) -> None:
|
) -> None:
|
||||||
|
"""Test_can_get_all_permissions."""
|
||||||
self.find_or_create_user("test_user")
|
self.find_or_create_user("test_user")
|
||||||
|
|
||||||
# now that we have everything, try to clear it out...
|
# now that we have everything, try to clear it out...
|
||||||
|
@ -41,14 +34,24 @@ class TestGetAllPermissions(BaseTest):
|
||||||
AddPermission().run(
|
AddPermission().run(
|
||||||
script_attributes_context, "start", "PG:hey:group", "my_test_group"
|
script_attributes_context, "start", "PG:hey:group", "my_test_group"
|
||||||
)
|
)
|
||||||
AddPermission().run(
|
AddPermission().run(script_attributes_context, "all", "/tasks", "my_test_group")
|
||||||
script_attributes_context, "all", "/tasks", "my_test_group"
|
|
||||||
)
|
|
||||||
|
|
||||||
expected_permissions = [
|
expected_permissions = [
|
||||||
{'group_identifier': 'my_test_group', 'uri': '/process-instances/hey:group:%', 'permissions': ['create']},
|
{
|
||||||
{'group_identifier': 'my_test_group', 'uri': '/process-instances/for-me/hey:group:%', 'permissions': ['read']},
|
"group_identifier": "my_test_group",
|
||||||
{'group_identifier': 'my_test_group', 'uri': '/tasks', 'permissions': ['create', 'delete', 'read', 'update']}
|
"uri": "/process-instances/hey:group:%",
|
||||||
|
"permissions": ["create"],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"group_identifier": "my_test_group",
|
||||||
|
"uri": "/process-instances/for-me/hey:group:%",
|
||||||
|
"permissions": ["read"],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"group_identifier": "my_test_group",
|
||||||
|
"uri": "/tasks",
|
||||||
|
"permissions": ["create", "delete", "read", "update"],
|
||||||
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
permissions = GetAllPermissions().run(script_attributes_context)
|
permissions = GetAllPermissions().run(script_attributes_context)
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
"""Test_message_service."""
|
"""Test_message_service."""
|
||||||
import pytest
|
import pytest
|
||||||
from spiffworkflow_backend.services.group_service import GroupService
|
|
||||||
from spiffworkflow_backend.services.user_service import UserService
|
|
||||||
from flask import Flask
|
from flask import Flask
|
||||||
from flask.testing import FlaskClient
|
from flask.testing import FlaskClient
|
||||||
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||||
|
@ -10,6 +8,7 @@ from spiffworkflow_backend.models.user import UserModel
|
||||||
from spiffworkflow_backend.models.user import UserNotFoundError
|
from spiffworkflow_backend.models.user import UserNotFoundError
|
||||||
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
||||||
from spiffworkflow_backend.services.authorization_service import InvalidPermissionError
|
from spiffworkflow_backend.services.authorization_service import InvalidPermissionError
|
||||||
|
from spiffworkflow_backend.services.group_service import GroupService
|
||||||
from spiffworkflow_backend.services.process_instance_processor import (
|
from spiffworkflow_backend.services.process_instance_processor import (
|
||||||
ProcessInstanceProcessor,
|
ProcessInstanceProcessor,
|
||||||
)
|
)
|
||||||
|
@ -17,6 +16,7 @@ from spiffworkflow_backend.services.process_instance_service import (
|
||||||
ProcessInstanceService,
|
ProcessInstanceService,
|
||||||
)
|
)
|
||||||
from spiffworkflow_backend.services.process_model_service import ProcessModelService
|
from spiffworkflow_backend.services.process_model_service import ProcessModelService
|
||||||
|
from spiffworkflow_backend.services.user_service import UserService
|
||||||
|
|
||||||
|
|
||||||
class TestAuthorizationService(BaseTest):
|
class TestAuthorizationService(BaseTest):
|
||||||
|
@ -400,16 +400,14 @@ class TestAuthorizationService(BaseTest):
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
) -> None:
|
) -> None:
|
||||||
"""Test_granting_access_to_group_gives_access_to_group_and_subgroups."""
|
"""Test_granting_access_to_group_gives_access_to_group_and_subgroups."""
|
||||||
user = self.find_or_create_user(username='user_one')
|
user = self.find_or_create_user(username="user_one")
|
||||||
user_group = GroupService.find_or_create_group('group_one')
|
user_group = GroupService.find_or_create_group("group_one")
|
||||||
UserService.add_user_to_group(user, user_group)
|
UserService.add_user_to_group(user, user_group)
|
||||||
AuthorizationService.add_permission_from_uri_or_macro(user_group.identifier, "read", "PG:hey")
|
AuthorizationService.add_permission_from_uri_or_macro(
|
||||||
self.assert_user_has_permission(
|
user_group.identifier, "read", "PG:hey"
|
||||||
user, "read", "/v1.0/process-groups/hey"
|
|
||||||
)
|
|
||||||
self.assert_user_has_permission(
|
|
||||||
user, "read", "/v1.0/process-groups/hey:yo"
|
|
||||||
)
|
)
|
||||||
|
self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey")
|
||||||
|
self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey:yo")
|
||||||
|
|
||||||
def test_explode_permissions_with_invalid_target_uri(
|
def test_explode_permissions_with_invalid_target_uri(
|
||||||
self,
|
self,
|
||||||
|
|
Loading…
Reference in New Issue