From aee973fcb1886c74f1cf78d000a4d543f6714edd Mon Sep 17 00:00:00 2001 From: burnettk Date: Fri, 25 Nov 2022 12:49:41 -0500 Subject: [PATCH 1/6] upgrade keycloak --- spiffworkflow-backend/bin/start_keycloak | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spiffworkflow-backend/bin/start_keycloak b/spiffworkflow-backend/bin/start_keycloak index 002c2668..32b502ca 100755 --- a/spiffworkflow-backend/bin/start_keycloak +++ b/spiffworkflow-backend/bin/start_keycloak @@ -27,7 +27,7 @@ docker run \ -e KEYCLOAK_LOGLEVEL=ALL \ -e ROOT_LOGLEVEL=ALL \ -e KEYCLOAK_ADMIN=admin \ - -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:19.0.3 start-dev \ + -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:20.0.1 start-dev \ -Dkeycloak.profile.feature.token_exchange=enabled \ -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled From dca27804100d9d99b761861255ef9f69e1491e34 Mon Sep 17 00:00:00 2001 From: Dan Date: Fri, 25 Nov 2022 12:57:23 -0500 Subject: [PATCH 2/6] Change permissions changed from vendor to core-contributor for everyone. --- .../config/permissions/development.yml | 26 +++++++++---------- .../terraform_deployed_environment.yml | 26 +++++++++---------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml index fe48bf66..f3c7d96b 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml @@ -136,68 +136,68 @@ permissions: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* finance-admin-slash: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* finance-admin-models: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* finance-admin-models-slash: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* finance-admin-instances: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* finance-admin-instances-slash: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* core-admin: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-slash: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* core-admin-models: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-models-slash: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* core-admin-models-instantiate: groups: ["core-contributor"] users: [] allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:invoice-approval/process-instances core-admin-instances: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-instances-slash: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* core1-admin: groups: ["core-contributor"] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml index a0736e52..eb33e1fd 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml @@ -136,65 +136,65 @@ permissions: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* finance-admin-slash: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* finance-admin-models: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* finance-admin-models-slash: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* finance-admin-instances: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* finance-admin-instances-slash: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* core-admin: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-slash: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* core-admin-models: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-models-slash: groups: ["core-contributor"] users: [] allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* core-admin-models-instantiate: groups: ["core-contributor"] users: [] allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:invoice-approval/process-instances core-admin-instances: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management:* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* core-admin-instances-slash: groups: ["core-contributor"] users: [] allowed_permissions: [create, read] - uri: /v1.0/process-instances/manage-procurement:procurement:vendor-invoice-management/* + uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* From 36868b6052c76cf5cd28cb8aa6eddd4771b90a14 Mon Sep 17 00:00:00 2001 From: Dan Date: Fri, 25 Nov 2022 13:31:01 -0500 Subject: [PATCH 3/6] Change permissions per request -- want everyone to have access to 4 process models. --- .../terraform_deployed_environment.yml | 77 ++++++++----------- 1 file changed, 34 insertions(+), 43 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml index eb33e1fd..3a01062e 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml @@ -58,6 +58,16 @@ groups: lead1, ] + demo: + users: + [ + core, + fin, + fin1, + lead, + lead1 + ] + core-contributor: users: [core] @@ -136,58 +146,39 @@ permissions: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* - finance-admin-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* - finance-admin-models: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* - finance-admin-models-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* - finance-admin-instances: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* - finance-admin-instances-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:* - core-admin: - groups: ["core-contributor"] + demo-models-instantiate-vendor-block: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* - core-admin-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-block/process-instances + demo-models-instantiate-vendor-change: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* - core-admin-models: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-change/process-instances + demo-models-instantiate-vendor-creation: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* - core-admin-models-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances + demo-models-instantiate-invoice-approval: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances + demo-models-instantiate-vendor-core-invoice_appoval: + groups: ["demo"] + users: [] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances + core-admin-models-instantiate: groups: ["core-contributor"] users: [] allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:invoice-approval/process-instances + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances core-admin-instances: groups: ["core-contributor"] users: [] From f83b166f186e32bfb260a3f1abc0b66d25b3da5e Mon Sep 17 00:00:00 2001 From: Dan Date: Fri, 25 Nov 2022 13:31:17 -0500 Subject: [PATCH 4/6] Change permissions per request -- want everyone to have access to 4 process models. --- .../config/permissions/development.yml | 97 +++++++------------ 1 file changed, 34 insertions(+), 63 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml index f3c7d96b..ad300711 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml @@ -58,6 +58,16 @@ groups: lead1, ] + demo: + users: + [ + core, + fin, + fin1, + lead, + lead1 + ] + core-contributor: users: [core] @@ -136,58 +146,39 @@ permissions: groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* - finance-admin-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* - finance-admin-models: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* - finance-admin-models-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* - finance-admin-instances: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management:* - finance-admin-instances-slash: - groups: ["Finance Team"] - users: [] - allowed_permissions: [create, read, update, delete] - uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* + uri: /v1.0/process-groups/manage-procurement:procurement:* - core-admin: - groups: ["core-contributor"] + demo-models-instantiate-vendor-block: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management:* - core-admin-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-block/process-instances + demo-models-instantiate-vendor-change: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/manage-procurement:procurement:core-contributor-invoice-management/* - core-admin-models: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-change/process-instances + demo-models-instantiate-vendor-creation: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:* - core-admin-models-slash: - groups: ["core-contributor"] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances + demo-models-instantiate-invoice-approval: + groups: ["demo"] users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management/* + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances + demo-models-instantiate-vendor-core-invoice_appoval: + groups: ["demo"] + users: [] + allowed_permissions: [create] + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances + core-admin-models-instantiate: groups: ["core-contributor"] users: [] allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:invoice-approval/process-instances + uri: /v1.0/process-models/manage-procurement:procurement:core-contributor-invoice-management:cc-invoice-approval/process-instances core-admin-instances: groups: ["core-contributor"] users: [] @@ -199,26 +190,6 @@ permissions: allowed_permissions: [create, read] uri: /v1.0/process-instances/manage-procurement:procurement:core-contributor-invoice-management/* - core1-admin: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/misc:category_number_one:* - core1-admin-slash: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-groups/misc:category_number_one/* - core1-admin-models: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/misc:category_number_one:process-model-with-form:* - core1-admin-models-slash: - groups: ["core-contributor"] - users: [] - allowed_permissions: [read] - uri: /v1.0/process-models/misc:category_number_one:process-model-with-form/* core1-admin-models-instantiate: groups: ["core-contributor"] users: [] From 7f13c00ac111fa0dde8a30ef6cd438135ee98170 Mon Sep 17 00:00:00 2001 From: burnettk Date: Fri, 25 Nov 2022 13:32:44 -0500 Subject: [PATCH 5/6] do not allow starting vendor invoice approval process for demo users --- .../spiffworkflow_backend/config/permissions/development.yml | 5 ----- .../config/permissions/terraform_deployed_environment.yml | 5 ----- 2 files changed, 10 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml index ad300711..b236d157 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml @@ -163,11 +163,6 @@ permissions: users: [] allowed_permissions: [create] uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances - demo-models-instantiate-invoice-approval: - groups: ["demo"] - users: [] - allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances demo-models-instantiate-vendor-core-invoice_appoval: groups: ["demo"] users: [] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml index 3a01062e..a36aa7e5 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml @@ -163,11 +163,6 @@ permissions: users: [] allowed_permissions: [create] uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances - demo-models-instantiate-invoice-approval: - groups: ["demo"] - users: [] - allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances demo-models-instantiate-vendor-core-invoice_appoval: groups: ["demo"] users: [] From 813c1176e61370f344e840189f21562927007f7a Mon Sep 17 00:00:00 2001 From: burnettk Date: Fri, 25 Nov 2022 14:37:50 -0500 Subject: [PATCH 6/6] no global read since that gives configuration as well --- .../config/permissions/development.yml | 24 ++++++++----------- .../terraform_deployed_environment.yml | 24 ++++++++----------- 2 files changed, 20 insertions(+), 28 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml index b236d157..81ea9225 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml @@ -72,24 +72,19 @@ groups: users: [core] permissions: + admin: + groups: [admin] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /* + tasks-crud: groups: [everybody] users: [] allowed_permissions: [create, read, update, delete] uri: /v1.0/tasks/* - admin: - groups: [admin] - users: [] - allowed_permissions: [create, read, update, delete, list, instantiate] - uri: /* - - read-all: - groups: ["Finance Team", "Project Lead", admin] - users: [] - allowed_permissions: [read] - uri: /* - + # read all for everybody read-all-process-groups: groups: [everybody] users: [] @@ -100,17 +95,18 @@ permissions: users: [] allowed_permissions: [read] uri: /v1.0/process-models/* - read-process-instance-list: + read-all-process-instance: groups: [everybody] users: [] allowed_permissions: [read] - uri: /v1.0/process-instances + uri: /v1.0/process-instances/* read-process-instance-reports: groups: [everybody] users: [] allowed_permissions: [read] uri: /v1.0/process-instances/reports/* + manage-procurement-admin: groups: ["Project Lead"] users: [] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml index a36aa7e5..23389273 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml @@ -72,24 +72,19 @@ groups: users: [core] permissions: + admin: + groups: [admin] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /* + tasks-crud: groups: [everybody] users: [] allowed_permissions: [create, read, update, delete] uri: /v1.0/tasks/* - admin: - groups: [admin] - users: [] - allowed_permissions: [create, read, update, delete, list, instantiate] - uri: /* - - read-all: - groups: ["Finance Team", "Project Lead", admin] - users: [] - allowed_permissions: [read] - uri: /* - + # read all for everybody read-all-process-groups: groups: [everybody] users: [] @@ -100,17 +95,18 @@ permissions: users: [] allowed_permissions: [read] uri: /v1.0/process-models/* - read-process-instance-list: + read-all-process-instance: groups: [everybody] users: [] allowed_permissions: [read] - uri: /v1.0/process-instances + uri: /v1.0/process-instances/* read-process-instance-reports: groups: [everybody] users: [] allowed_permissions: [read] uri: /v1.0/process-instances/reports/* + manage-procurement-admin: groups: ["Project Lead"] users: []