added test to check only privileged users can call refresh_permissions w/ burnettk
This commit is contained in:
parent
6aab66a554
commit
41c18ea4ec
|
@ -8,8 +8,8 @@ from spiffworkflow_backend.scripts.script import Script
|
||||||
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
||||||
|
|
||||||
|
|
||||||
class RecreatePermissions(Script):
|
class RefreshPermissions(Script):
|
||||||
"""RecreatePermissions."""
|
"""RefreshPermissions."""
|
||||||
|
|
||||||
def get_description(self) -> str:
|
def get_description(self) -> str:
|
||||||
"""Get_description."""
|
"""Get_description."""
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<bpmn:definitions xmlns:bpmn="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" id="Definitions_96f6665" targetNamespace="http://bpmn.io/schema/bpmn" exporter="Camunda Modeler" exporterVersion="3.0.0-dev">
|
||||||
|
<bpmn:process id="Process_02u675m" isExecutable="true">
|
||||||
|
<bpmn:startEvent id="StartEvent_1">
|
||||||
|
<bpmn:outgoing>Flow_01cweoc</bpmn:outgoing>
|
||||||
|
</bpmn:startEvent>
|
||||||
|
<bpmn:sequenceFlow id="Flow_01cweoc" sourceRef="StartEvent_1" targetRef="refresh_permission_script" />
|
||||||
|
<bpmn:endEvent id="Event_11584qn">
|
||||||
|
<bpmn:incoming>Flow_1xle2yo</bpmn:incoming>
|
||||||
|
</bpmn:endEvent>
|
||||||
|
<bpmn:sequenceFlow id="Flow_1xle2yo" sourceRef="refresh_permission_script" targetRef="Event_11584qn" />
|
||||||
|
<bpmn:scriptTask id="refresh_permission_script" name="Add Permission">
|
||||||
|
<bpmn:incoming>Flow_01cweoc</bpmn:incoming>
|
||||||
|
<bpmn:outgoing>Flow_1xle2yo</bpmn:outgoing>
|
||||||
|
<bpmn:script>refresh_permissions([])</bpmn:script>
|
||||||
|
</bpmn:scriptTask>
|
||||||
|
</bpmn:process>
|
||||||
|
<bpmndi:BPMNDiagram id="BPMNDiagram_1">
|
||||||
|
<bpmndi:BPMNPlane id="BPMNPlane_1" bpmnElement="Process_02u675m">
|
||||||
|
<bpmndi:BPMNShape id="_BPMNShape_StartEvent_2" bpmnElement="StartEvent_1">
|
||||||
|
<dc:Bounds x="179" y="159" width="36" height="36" />
|
||||||
|
</bpmndi:BPMNShape>
|
||||||
|
<bpmndi:BPMNShape id="Event_11584qn_di" bpmnElement="Event_11584qn">
|
||||||
|
<dc:Bounds x="432" y="159" width="36" height="36" />
|
||||||
|
</bpmndi:BPMNShape>
|
||||||
|
<bpmndi:BPMNShape id="Activity_1ymj79t_di" bpmnElement="refresh_permission_script">
|
||||||
|
<dc:Bounds x="270" y="137" width="100" height="80" />
|
||||||
|
</bpmndi:BPMNShape>
|
||||||
|
<bpmndi:BPMNEdge id="Flow_01cweoc_di" bpmnElement="Flow_01cweoc">
|
||||||
|
<di:waypoint x="215" y="177" />
|
||||||
|
<di:waypoint x="270" y="177" />
|
||||||
|
</bpmndi:BPMNEdge>
|
||||||
|
<bpmndi:BPMNEdge id="Flow_1xle2yo_di" bpmnElement="Flow_1xle2yo">
|
||||||
|
<di:waypoint x="370" y="177" />
|
||||||
|
<di:waypoint x="432" y="177" />
|
||||||
|
</bpmndi:BPMNEdge>
|
||||||
|
</bpmndi:BPMNPlane>
|
||||||
|
</bpmndi:BPMNDiagram>
|
||||||
|
</bpmn:definitions>
|
|
@ -0,0 +1,51 @@
|
||||||
|
"""Test_get_localtime."""
|
||||||
|
from flask_bpmn.api.api_error import ApiError
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
from flask.app import Flask
|
||||||
|
from flask.testing import FlaskClient
|
||||||
|
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||||
|
from tests.spiffworkflow_backend.helpers.test_data import load_test_spec
|
||||||
|
|
||||||
|
from spiffworkflow_backend.services.process_instance_processor import (
|
||||||
|
ProcessInstanceProcessor,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class TestRefreshPermissions(BaseTest):
|
||||||
|
"""TestRefreshPermissions."""
|
||||||
|
|
||||||
|
def test_refresh_permissions_requires_elevated_permission(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
) -> None:
|
||||||
|
"""Test_refresh_permissions_requires_elevated_permission."""
|
||||||
|
basic_user = self.find_or_create_user("basic_user")
|
||||||
|
privileged_user = self.find_or_create_user("privileged_user")
|
||||||
|
self.add_permissions_to_user(
|
||||||
|
privileged_user,
|
||||||
|
target_uri="/can-run-privileged-script/refresh_permissions",
|
||||||
|
permission_names=["create"],
|
||||||
|
)
|
||||||
|
process_model = load_test_spec(
|
||||||
|
process_model_id="refresh_permissions",
|
||||||
|
process_model_source_directory="script_refresh_permissions",
|
||||||
|
)
|
||||||
|
process_instance = self.create_process_instance_from_process_model(
|
||||||
|
process_model=process_model, user=basic_user
|
||||||
|
)
|
||||||
|
|
||||||
|
processor = ProcessInstanceProcessor(process_instance)
|
||||||
|
|
||||||
|
with pytest.raises(ApiError) as exception:
|
||||||
|
processor.do_engine_steps(save=True)
|
||||||
|
assert "ScriptUnauthorizedForUserError" in str(exception)
|
||||||
|
|
||||||
|
process_instance = self.create_process_instance_from_process_model(
|
||||||
|
process_model=process_model, user=privileged_user
|
||||||
|
)
|
||||||
|
processor = ProcessInstanceProcessor(process_instance)
|
||||||
|
processor.do_engine_steps(save=True)
|
||||||
|
assert process_instance.status == "complete"
|
Loading…
Reference in New Issue