diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py index ee77a242..035d779d 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -145,12 +145,11 @@ class TestAuthorizationService(BaseTest): processor, spiff_task, {}, finance_user, human_task ) - def test_explode_permissions_all_on_process_model( + def test_explode_permissions_all_on_process_group( self, app: Flask, client: FlaskClient, with_db_and_bpmn_file_cleanup: None, - with_super_admin_user: UserModel, ) -> None: expected_permissions = [ ('/logs/some-process-group/some-process-model/*', 'create'), @@ -185,3 +184,91 @@ class TestAuthorizationService(BaseTest): permissions_to_assign = AuthorizationService.explode_permissions('all', 'PG:/some-process-group/some-process-model') permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign]) assert permissions_to_assign_tuples == expected_permissions + + def test_explode_permissions_start_on_process_group( + self, + app: Flask, + client: FlaskClient, + with_db_and_bpmn_file_cleanup: None, + ) -> None: + expected_permissions = [ + ('/process-instances/for-me/some-process-group/some-process-model/*', 'read'), + ('/process-instances/some-process-group/some-process-model/*', 'create'), + ] + permissions_to_assign = AuthorizationService.explode_permissions('start', 'PG:/some-process-group/some-process-model') + permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign]) + assert permissions_to_assign_tuples == expected_permissions + + def test_explode_permissions_all_on_process_model( + self, + app: Flask, + client: FlaskClient, + with_db_and_bpmn_file_cleanup: None, + ) -> None: + expected_permissions = [ + ('/logs/some-process-group/some-process-model/*', 'create'), + ('/logs/some-process-group/some-process-model/*', 'delete'), + ('/logs/some-process-group/some-process-model/*', 'read'), + ('/logs/some-process-group/some-process-model/*', 'update'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'create'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'delete'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'read'), + ('/process-instance-suspend/some-process-group/some-process-model/*', 'update'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'create'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'delete'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'read'), + ('/process-instance-terminate/some-process-group/some-process-model/*', 'update'), + ('/process-instances/some-process-group/some-process-model/*', 'create'), + ('/process-instances/some-process-group/some-process-model/*', 'delete'), + ('/process-instances/some-process-group/some-process-model/*', 'read'), + ('/process-instances/some-process-group/some-process-model/*', 'update'), + ('/process-models/some-process-group/some-process-model/*', 'create'), + ('/process-models/some-process-group/some-process-model/*', 'delete'), + ('/process-models/some-process-group/some-process-model/*', 'read'), + ('/process-models/some-process-group/some-process-model/*', 'update'), + ('/task-data/some-process-group/some-process-model/*', 'create'), + ('/task-data/some-process-group/some-process-model/*', 'delete'), + ('/task-data/some-process-group/some-process-model/*', 'read'), + ('/task-data/some-process-group/some-process-model/*', 'update'), + ] + permissions_to_assign = AuthorizationService.explode_permissions('all', 'PM:/some-process-group/some-process-model') + permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign]) + assert permissions_to_assign_tuples == expected_permissions + + def test_explode_permissions_start_on_process_model( + self, + app: Flask, + client: FlaskClient, + with_db_and_bpmn_file_cleanup: None, + ) -> None: + expected_permissions = [ + ('/process-instances/for-me/some-process-group/some-process-model/*', 'read'), + ('/process-instances/some-process-group/some-process-model/*', 'create'), + ] + permissions_to_assign = AuthorizationService.explode_permissions('start', 'PM:/some-process-group/some-process-model') + permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign]) + assert permissions_to_assign_tuples == expected_permissions + + def test_explode_permissions_basic( + self, + app: Flask, + client: FlaskClient, + with_db_and_bpmn_file_cleanup: None, + ) -> None: + expected_permissions = [ + ('/process-instances/for-me', 'read'), + ('/process-instances/reports/*', 'create'), + ('/process-instances/reports/*', 'delete'), + ('/process-instances/reports/*', 'read'), + ('/process-instances/reports/*', 'update'), + ('/processes', 'read'), + ('/service-tasks', 'read'), + ('/tasks/*', 'create'), + ('/tasks/*', 'delete'), + ('/tasks/*', 'read'), + ('/tasks/*', 'update'), + ('/user-groups/for-current-user', 'read'), + ] + permissions_to_assign = AuthorizationService.explode_permissions('all', 'BASIC') + permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign]) + assert permissions_to_assign_tuples == expected_permissions