added remaining path segment all perms to elevated options (#326)

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
2023-06-12 11:05:33 -04:00 · 2023-06-12 11:05:33 -04:00 · 1ce51cbc57
parent d9b303db78
commit 1ce51cbc57
2 changed files with 7 additions and 3 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@ -532,11 +532,13 @@ class AuthorizationService:
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/send-event/*"))
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/task-complete/*"))

-        # read comes from PG and PM permissions
+        # read comes from PG and PM ALL permissions as well
        permissions_to_assign.append(PermissionToAssign(permission="update", target_uri="/task-data/*"))
-        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/task-data/*"))
-        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-data/*"))
+        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/event-error-details/*"))
+        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/logs/*"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-data-file-download/*"))
+        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/process-data/*"))
+        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/task-data/*"))

        for permission in ["create", "read", "update", "delete"]:
            permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/process-instances/*"))
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@ -311,6 +311,8 @@ class TestAuthorizationService(BaseTest):
                ("/authentications", "read"),
                ("/can-run-privileged-script/*", "create"),
                ("/debug/*", "create"),
+                ("/event-error-details/*", "read"),
+                ("/logs/*", "read"),
                ("/messages", "read"),
                ("/messages/*", "create"),
                ("/process-data-file-download/*", "read"),