fixed perms for readonly for staging w/ burnettk

spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml

@@ -17,7 +17,6 @@ groups:
         dan,
         mike,
         jason,
-        j,
         jarrad,
         elizabeth,
         jon,
@@ -32,7 +31,6 @@ groups:
         dan,
         mike,
         jason,
-        j,
         amir,
         jarrad,
         elizabeth,
@@ -63,6 +61,12 @@ groups:
         harmeet,
       ]
 
+  admin-ro:
+    users:
+      [
+        j,
+      ]
+
 permissions:
   admin:
     groups: [admin]
@@ -70,6 +74,17 @@ permissions:
     allowed_permissions: [create, read, update, delete]
     uri: /*
 
+  admin-readonly:
+    groups: [admin-ro]
+    users: []
+    allowed_permissions: [read]
+    uri: /*
+  admin-process-instances-for-readonly:
+    groups: [admin-ro]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /v1.0/process-instances/*
+
   tasks-crud:
     groups: [everybody]
     users: []

spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/staging.yml

@@ -67,7 +67,7 @@ permissions:
     groups: [admin]
     users: []
     allowed_permissions: [create, read, update, delete]
-    uri: /process-instances/*
+    uri: /v1.0/process-instances/*
 
   tasks-crud:
     groups: [everybody]

spiffworkflow-backend/src/spiffworkflow_backend/services/process_model_service.py

@@ -223,7 +223,7 @@ class ProcessModelService(FileSystemService):
             user = UserService.current_user()
             new_process_model_list = []
             for process_model in process_models:
-                uri = f"/v1.0/process-models/{process_model.id.replace('/', ':')}/process-instances"
+                uri = f"/v1.0/process-instances/{process_model.id.replace('/', ':')}"
                 result = AuthorizationService.user_has_permission(
                     user=user, permission="create", target_uri=uri
                 )