added test for perm macros w/ burnettk

This commit is contained in:
jasquat 2022-12-21 17:38:56 -05:00
parent 6171eef87b
commit 5def5acdf8
2 changed files with 47 additions and 6 deletions

View File

@ -575,20 +575,20 @@ class AuthorizationService:
""" """
permissions_to_assign: list[PermissionToAssign] = [] permissions_to_assign: list[PermissionToAssign] = []
if target.startswith("PG:"): if target.startswith("PG:"):
process_group_identifier = target.removeprefix("PG:").replace(":", "/") process_group_identifier = target.removeprefix("PG:").replace(":", "/").removeprefix('/')
process_related_path_segment = f"{process_group_identifier}/*" process_related_path_segment = f"{process_group_identifier}/*"
target_uris = []
if process_group_identifier == "ALL": if process_group_identifier == "ALL":
process_related_path_segment = "*" process_related_path_segment = "*"
target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"] target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"]
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris) permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
elif target.startswith("PM:"): elif target.startswith("PM:"):
process_model_identifier = target.removeprefix("PM:").replace(":", "/") process_model_identifier = target.removeprefix("PM:").replace(":", "/").removeprefix('/')
process_related_path_segment = f"{process_model_identifier}/*" process_related_path_segment = f"{process_model_identifier}/*"
target_uris = []
if process_model_identifier == "ALL": if process_model_identifier == "ALL":
process_related_path_segment = "*" process_related_path_segment = "*"
target_uris = [f"/process-models/{process_related_path_segment}"] target_uris = [f"/process-models/{process_related_path_segment}"]
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris) permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)

View File

@ -144,3 +144,44 @@ class TestAuthorizationService(BaseTest):
ProcessInstanceService.complete_form_task( ProcessInstanceService.complete_form_task(
processor, spiff_task, {}, finance_user, human_task processor, spiff_task, {}, finance_user, human_task
) )
def test_explode_permissions_all_on_process_model(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
expected_permissions = [
('/logs/some-process-group/some-process-model/*', 'create'),
('/logs/some-process-group/some-process-model/*', 'delete'),
('/logs/some-process-group/some-process-model/*', 'read'),
('/logs/some-process-group/some-process-model/*', 'update'),
('/process-groups/some-process-group/some-process-model/*', 'create'),
('/process-groups/some-process-group/some-process-model/*', 'delete'),
('/process-groups/some-process-group/some-process-model/*', 'read'),
('/process-groups/some-process-group/some-process-model/*', 'update'),
('/process-instance-suspend/some-process-group/some-process-model/*', 'create'),
('/process-instance-suspend/some-process-group/some-process-model/*', 'delete'),
('/process-instance-suspend/some-process-group/some-process-model/*', 'read'),
('/process-instance-suspend/some-process-group/some-process-model/*', 'update'),
('/process-instance-terminate/some-process-group/some-process-model/*', 'create'),
('/process-instance-terminate/some-process-group/some-process-model/*', 'delete'),
('/process-instance-terminate/some-process-group/some-process-model/*', 'read'),
('/process-instance-terminate/some-process-group/some-process-model/*', 'update'),
('/process-instances/some-process-group/some-process-model/*', 'create'),
('/process-instances/some-process-group/some-process-model/*', 'delete'),
('/process-instances/some-process-group/some-process-model/*', 'read'),
('/process-instances/some-process-group/some-process-model/*', 'update'),
('/process-models/some-process-group/some-process-model/*', 'create'),
('/process-models/some-process-group/some-process-model/*', 'delete'),
('/process-models/some-process-group/some-process-model/*', 'read'),
('/process-models/some-process-group/some-process-model/*', 'update'),
('/task-data/some-process-group/some-process-model/*', 'create'),
('/task-data/some-process-group/some-process-model/*', 'delete'),
('/task-data/some-process-group/some-process-model/*', 'read'),
('/task-data/some-process-group/some-process-model/*', 'update'),
]
permissions_to_assign = AuthorizationService.explode_permissions('all', 'PG:/some-process-group/some-process-model')
permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign])
assert permissions_to_assign_tuples == expected_permissions