rename grant to permit and work on test. w/ mike

2022-10-07 16:40:22 -04:00 · 2022-10-07 16:40:22 -04:00 · 7577b5619e
parent 9bcd5a73a2
commit 7577b5619e
5 changed files with 29 additions and 11 deletions
--- a/migrations/env.py
+++ b/migrations/env.py
@ -1,3 +1,5 @@
+from __future__ import with_statement
+
 import logging
 from logging.config import fileConfig

--- a/migrations/versions/399879a03735_.py
+++ b/migrations/versions/399879a03735_.py
@ -1,8 +1,8 @@
 """empty message

-Revision ID: 99ea062e142f
+Revision ID: 399879a03735
 Revises: 
-Create Date: 2022-10-07 15:46:35.144987
+Create Date: 2022-10-07 16:39:31.688247

 """
 from alembic import op
@ -10,7 +10,7 @@ import sqlalchemy as sa


 # revision identifiers, used by Alembic.
-revision = '99ea062e142f'
+revision = '399879a03735'
 down_revision = None
 branch_labels = None
 depends_on = None
@ -226,7 +226,7 @@ def upgrade():
    sa.Column('id', sa.Integer(), nullable=False),
    sa.Column('principal_id', sa.Integer(), nullable=False),
    sa.Column('permission_target_id', sa.Integer(), nullable=False),
-    sa.Column('grant_type', sa.Enum('grant', 'deny', name='grantdeny'), nullable=True),
+    sa.Column('grant_type', sa.Enum('permit', 'deny', name='permitdeny'), nullable=True),
    sa.Column('permission', sa.Enum('create', 'read', 'update', 'delete', 'list', 'instantiate', name='permission'), nullable=True),
    sa.ForeignKeyConstraint(['permission_target_id'], ['permission_target.id'], ),
    sa.ForeignKeyConstraint(['principal_id'], ['principal.id'], ),
--- a/src/spiffworkflow_backend/models/permission_assignment.py
+++ b/src/spiffworkflow_backend/models/permission_assignment.py
@ -10,11 +10,12 @@ from spiffworkflow_backend.models.permission_target import PermissionTargetModel
 from spiffworkflow_backend.models.principal import PrincipalModel


-class GrantDeny(enum.Enum):
-    """GrantDeny."""
+class PermitDeny(enum.Enum):
+    """PermitDeny."""

-    grant = 1
-    deny = 2
+    # permit, aka grant
+    permit = "permit"
+    deny = "deny"


 class Permission(enum.Enum):
@ -42,5 +43,5 @@ class PermissionAssignmentModel(SpiffworkflowBaseDBModel):
    permission_target_id = db.Column(
        ForeignKey(PermissionTargetModel.id), nullable=False
    )
-    grant_type = db.Column(Enum(GrantDeny))
+    grant_type = db.Column(Enum(PermitDeny))
    permission = db.Column(Enum(Permission))
--- a/src/spiffworkflow_backend/services/authorization_service.py
+++ b/src/spiffworkflow_backend/services/authorization_service.py
@ -12,6 +12,14 @@ from flask_bpmn.api.api_error import ApiError
 class AuthorizationService:
    """Determine whether a user has permission to perform their request."""

+    @staticmethod
+    def has_permission(
+        principal: 'PrincipalModel', permission: str, target_uri: str
+    ) -> bool:
+        """Has_permission."""
+        return True
+
+
    @staticmethod
    def get_open_id_args() -> tuple:
        """Get_open_id_args."""
--- a/tests/spiffworkflow_backend/unit/test_permissions.py
+++ b/tests/spiffworkflow_backend/unit/test_permissions.py
@ -1,6 +1,7 @@
 """Test Permissions."""
 from flask.app import Flask
 from flask_bpmn.models.db import db
+from spiffworkflow_backend.services.authorization_service import AuthorizationService
 from tests.spiffworkflow_backend.helpers.base_test import BaseTest
 from tests.spiffworkflow_backend.helpers.test_data import load_test_spec

@ -38,7 +39,7 @@ class TestPermissions(BaseTest):
            permission_target_id=permission_target.id,
            principal_id=principal.id,
            permission="delete",
-            grant_type="grant",
+            grant_type="permit",
        )
        db.session.add(permission_assignment)
        db.session.commit()
@ -49,6 +50,7 @@ class TestPermissions(BaseTest):
        """Test_group_a_admin_needs_to_stay_away_from_group_b."""
        process_group_ids = ["group-a", "group-b"]
        process_group_a_id = process_group_ids[0]
+        process_group_b_id = process_group_ids[1]
        for process_group_id in process_group_ids:
            load_test_spec(
                "timers_intermediate_catch_event",
@ -65,7 +67,12 @@ class TestPermissions(BaseTest):
            permission_target_id=permission_target.id,
            principal_id=principal.id,
            permission="update",
-            grant_type="grant",
+            grant_type="permit",
        )
        db.session.add(permission_assignment)
        db.session.commit()
+
+        has_permission_to_a = AuthorizationService.has_permission(principal=principal, permission="update", target_uri=f"/{process_group_a_id}")
+        assert has_permission_to_a is True
+        has_permission_to_b = AuthorizationService.has_permission(principal=principal, permission="update", target_uri=f"/{process_group_b_id}")
+        assert has_permission_to_b is False