Merge pull request #120 from sartography/feature/logs-permissions

folks who can start instances can also view their logs
2023-01-31 14:11:47 -08:00 · 2023-01-31 14:11:47 -08:00 · 8a93fe0491
parent 1d68580ae6 7b4d714a06
commit 8a93fe0491
3 changed files with 20 additions and 1 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@ -551,7 +551,9 @@ class AuthorizationService:

        permissions_to_assign: list[PermissionToAssign] = []

-        # we were thinking that if you can start an instance, you ought to be able to view your own instances.
+        # we were thinking that if you can start an instance, you ought to be able to:
+        #   1. view your own instances.
+        #   2. view the logs for these instances.
        if permission_set == "start":
            target_uri = f"/process-instances/{process_related_path_segment}"
            permissions_to_assign.append(
@ -561,6 +563,10 @@ class AuthorizationService:
            permissions_to_assign.append(
                PermissionToAssign(permission="read", target_uri=target_uri)
            )
+            target_uri = f"/logs/{process_related_path_segment}"
+            permissions_to_assign.append(
+                PermissionToAssign(permission="read", target_uri=target_uri)
+            )

        else:
            if permission_set == "all":
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py
@ -41,6 +41,11 @@ class TestGetAllPermissions(BaseTest):
        )

        expected_permissions = [
+            {
+                "group_identifier": "my_test_group",
+                "uri": "/logs/hey:group:*",
+                "permissions": ["read"],
+            },
            {
                "group_identifier": "my_test_group",
                "uri": "/process-instances/hey:group:*",
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@ -197,6 +197,10 @@ class TestAuthorizationService(BaseTest):
    ) -> None:
        """Test_explode_permissions_start_on_process_group."""
        expected_permissions = [
+            (
+                "/logs/some-process-group:some-process-model:*",
+                "read",
+            ),
            (
                "/process-instances/for-me/some-process-group:some-process-model:*",
                "read",
@ -255,6 +259,10 @@ class TestAuthorizationService(BaseTest):
    ) -> None:
        """Test_explode_permissions_start_on_process_model."""
        expected_permissions = [
+            (
+                "/logs/some-process-group:some-process-model/*",
+                "read",
+            ),
            (
                "/process-instances/for-me/some-process-group:some-process-model/*",
                "read",