folks who can start instances can also view their logs

This commit is contained in:
burnettk 2023-01-31 17:11:11 -05:00
parent 17fb81bcbd
commit 8a98e8d9be
3 changed files with 20 additions and 1 deletions

View File

@ -551,7 +551,9 @@ class AuthorizationService:
permissions_to_assign: list[PermissionToAssign] = []
# we were thinking that if you can start an instance, you ought to be able to view your own instances.
# we were thinking that if you can start an instance, you ought to be able to:
# 1. view your own instances.
# 2. view the logs for these instances.
if permission_set == "start":
target_uri = f"/process-instances/{process_related_path_segment}"
permissions_to_assign.append(
@ -561,6 +563,10 @@ class AuthorizationService:
permissions_to_assign.append(
PermissionToAssign(permission="read", target_uri=target_uri)
)
target_uri = f"/logs/{process_related_path_segment}"
permissions_to_assign.append(
PermissionToAssign(permission="read", target_uri=target_uri)
)
else:
if permission_set == "all":

View File

@ -41,6 +41,11 @@ class TestGetAllPermissions(BaseTest):
)
expected_permissions = [
{
"group_identifier": "my_test_group",
"uri": "/logs/hey:group:*",
"permissions": ["read"],
},
{
"group_identifier": "my_test_group",
"uri": "/process-instances/hey:group:*",

View File

@ -197,6 +197,10 @@ class TestAuthorizationService(BaseTest):
) -> None:
"""Test_explode_permissions_start_on_process_group."""
expected_permissions = [
(
"/logs/some-process-group:some-process-model:*",
"read",
),
(
"/process-instances/for-me/some-process-group:some-process-model:*",
"read",
@ -255,6 +259,10 @@ class TestAuthorizationService(BaseTest):
) -> None:
"""Test_explode_permissions_start_on_process_model."""
expected_permissions = [
(
"/logs/some-process-group:some-process-model/*",
"read",
),
(
"/process-instances/for-me/some-process-group:some-process-model/*",
"read",