added test for perm macros w/ burnettk
This commit is contained in:
parent
6171eef87b
commit
5def5acdf8
|
@ -575,20 +575,20 @@ class AuthorizationService:
|
|||
"""
|
||||
permissions_to_assign: list[PermissionToAssign] = []
|
||||
if target.startswith("PG:"):
|
||||
process_group_identifier = target.removeprefix("PG:").replace(":", "/")
|
||||
process_group_identifier = target.removeprefix("PG:").replace(":", "/").removeprefix('/')
|
||||
process_related_path_segment = f"{process_group_identifier}/*"
|
||||
target_uris = []
|
||||
if process_group_identifier == "ALL":
|
||||
process_related_path_segment = "*"
|
||||
target_uris = [f"/process-groups/{process_related_path_segment}", f"/process-models/{process_related_path_segment}"]
|
||||
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
|
||||
|
||||
elif target.startswith("PM:"):
|
||||
process_model_identifier = target.removeprefix("PM:").replace(":", "/")
|
||||
process_model_identifier = target.removeprefix("PM:").replace(":", "/").removeprefix('/')
|
||||
process_related_path_segment = f"{process_model_identifier}/*"
|
||||
target_uris = []
|
||||
|
||||
if process_model_identifier == "ALL":
|
||||
process_related_path_segment = "*"
|
||||
|
||||
target_uris = [f"/process-models/{process_related_path_segment}"]
|
||||
permissions_to_assign = permissions_to_assign + cls.get_permissions_to_assign(permission, process_related_path_segment, target_uris)
|
||||
|
||||
|
|
|
@ -144,3 +144,44 @@ class TestAuthorizationService(BaseTest):
|
|||
ProcessInstanceService.complete_form_task(
|
||||
processor, spiff_task, {}, finance_user, human_task
|
||||
)
|
||||
|
||||
def test_explode_permissions_all_on_process_model(
|
||||
self,
|
||||
app: Flask,
|
||||
client: FlaskClient,
|
||||
with_db_and_bpmn_file_cleanup: None,
|
||||
with_super_admin_user: UserModel,
|
||||
) -> None:
|
||||
expected_permissions = [
|
||||
('/logs/some-process-group/some-process-model/*', 'create'),
|
||||
('/logs/some-process-group/some-process-model/*', 'delete'),
|
||||
('/logs/some-process-group/some-process-model/*', 'read'),
|
||||
('/logs/some-process-group/some-process-model/*', 'update'),
|
||||
('/process-groups/some-process-group/some-process-model/*', 'create'),
|
||||
('/process-groups/some-process-group/some-process-model/*', 'delete'),
|
||||
('/process-groups/some-process-group/some-process-model/*', 'read'),
|
||||
('/process-groups/some-process-group/some-process-model/*', 'update'),
|
||||
('/process-instance-suspend/some-process-group/some-process-model/*', 'create'),
|
||||
('/process-instance-suspend/some-process-group/some-process-model/*', 'delete'),
|
||||
('/process-instance-suspend/some-process-group/some-process-model/*', 'read'),
|
||||
('/process-instance-suspend/some-process-group/some-process-model/*', 'update'),
|
||||
('/process-instance-terminate/some-process-group/some-process-model/*', 'create'),
|
||||
('/process-instance-terminate/some-process-group/some-process-model/*', 'delete'),
|
||||
('/process-instance-terminate/some-process-group/some-process-model/*', 'read'),
|
||||
('/process-instance-terminate/some-process-group/some-process-model/*', 'update'),
|
||||
('/process-instances/some-process-group/some-process-model/*', 'create'),
|
||||
('/process-instances/some-process-group/some-process-model/*', 'delete'),
|
||||
('/process-instances/some-process-group/some-process-model/*', 'read'),
|
||||
('/process-instances/some-process-group/some-process-model/*', 'update'),
|
||||
('/process-models/some-process-group/some-process-model/*', 'create'),
|
||||
('/process-models/some-process-group/some-process-model/*', 'delete'),
|
||||
('/process-models/some-process-group/some-process-model/*', 'read'),
|
||||
('/process-models/some-process-group/some-process-model/*', 'update'),
|
||||
('/task-data/some-process-group/some-process-model/*', 'create'),
|
||||
('/task-data/some-process-group/some-process-model/*', 'delete'),
|
||||
('/task-data/some-process-group/some-process-model/*', 'read'),
|
||||
('/task-data/some-process-group/some-process-model/*', 'update'),
|
||||
]
|
||||
permissions_to_assign = AuthorizationService.explode_permissions('all', 'PG:/some-process-group/some-process-model')
|
||||
permissions_to_assign_tuples = sorted([(p.target_uri, p.permission) for p in permissions_to_assign])
|
||||
assert permissions_to_assign_tuples == expected_permissions
|
||||
|
|
Loading…
Reference in New Issue