From 1fd3cfd5377e66e6f07a8cb917eabb683209ecb9 Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Fri, 16 Dec 2022 15:31:05 -0500
Subject: [PATCH] fixed permissions w/ burnettk

---
 .../config/permissions/acceptance_tests.yml   |  2 +-
 .../config/permissions/development.yml        | 35 +++++--------------
 .../config/permissions/staging.yml            |  5 +++
 .../terraform_deployed_environment.yml        | 11 +++---
 4 files changed, 19 insertions(+), 34 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/acceptance_tests.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/acceptance_tests.yml
index a10b5685..65ba240a 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/acceptance_tests.yml
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/acceptance_tests.yml
@@ -9,5 +9,5 @@ permissions:
   admin:
     groups: [admin, common-user]
     users: []
-    allowed_permissions: [create, read, update, delete, list, instantiate]
+    allowed_permissions: [create, read, update, delete]
     uri: /*
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
index 248f2d93..10045b88 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
@@ -20,7 +20,6 @@ groups:
         jarrad,
         elizabeth,
         jon,
-        natalia,
       ]
 
   Finance Team:
@@ -35,7 +34,6 @@ groups:
         jarrad,
         elizabeth,
         jon,
-        natalia,
         sasha,
         fin,
         fin1,
@@ -68,6 +66,9 @@ groups:
         j,
       ]
 
+  test:
+    users: [natalia]
+
 permissions:
   admin:
     groups: [admin]
@@ -129,12 +130,6 @@ permissions:
     users: []
     allowed_permissions: [read]
     uri: /v1.0/processes
-  #
-  # task-data-read:
-  #   groups: [demo]
-  #   users: []
-  #   allowed_permissions: [read]
-  #   uri: /v1.0/task-data/*
 
 
   manage-procurement-admin:
@@ -174,44 +169,30 @@ permissions:
     allowed_permissions: [create, read, update, delete]
     uri: /v1.0/process-groups/manage-procurement:procurement:*
 
-  manage-revenue-streams-instantiate:
-    groups: ["core-contributor", "demo"]
-    users: []
-    allowed_permissions: [create]
-    uri: /v1.0/process-models/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
   manage-revenue-streams-instances:
     groups: ["core-contributor", "demo"]
     users: []
     allowed_permissions: [create, read]
     uri: /v1.0/process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
 
-  manage-procurement-invoice-instantiate:
-    groups: ["core-contributor", "demo"]
-    users: []
-    allowed_permissions: [create]
-    uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:*
   manage-procurement-invoice-instances:
     groups: ["core-contributor", "demo"]
     users: []
     allowed_permissions: [create, read]
     uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
 
-  manage-procurement-instantiate:
-    groups: ["core-contributor", "demo"]
-    users: []
-    allowed_permissions: [create]
-    uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:*
   manage-procurement-instances:
     groups: ["core-contributor", "demo"]
     users: []
     allowed_permissions: [create, read]
     uri: /v1.0/process-instances/manage-procurement:vendor-lifecycle-management:*
 
-  core1-admin-models-instantiate:
-    groups: ["core-contributor", "Finance Team"]
+  create-test-instances:
+    groups: ["test"]
     users: []
-    allowed_permissions: [create]
-    uri: /v1.0/process-models/misc:category_number_one:process-model-with-form/process-instances
+    allowed_permissions: [create, read]
+    uri: /v1.0/process-instances/misc:test:*
+
   core1-admin-instances:
     groups: ["core-contributor", "Finance Team"]
     users: []
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml
index 982b945c..1300f36b 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml
@@ -80,6 +80,11 @@ permissions:
     users: []
     allowed_permissions: [read]
     uri: /v1.0/service-tasks
+  user-groups-for-current-user:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/user-groups/for-current-user
 
 
   # read all for everybody
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml
index 2adf3d9c..19ce385d 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml
@@ -75,6 +75,11 @@ permissions:
     users: []
     allowed_permissions: [read]
     uri: /v1.0/service-tasks
+  user-groups-for-current-user:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /v1.0/user-groups/for-current-user
 
 
   # read all for everybody
@@ -104,12 +109,6 @@ permissions:
     allowed_permissions: [read]
     uri: /v1.0/processes
 
-  task-data-read:
-    groups: [demo]
-    users: []
-    allowed_permissions: [read]
-    uri: /v1.0/task-data/*
-
 
   manage-procurement-admin:
     groups: ["Project Lead"]