fixed tests w/ burnettk
This commit is contained in:
parent
2e0be30cbe
commit
b8b4734aea
|
@ -576,7 +576,8 @@ class AuthorizationService:
|
|||
# both for-me and NOT for-me URLs for the instance in question to see if you should get access to its logs.
|
||||
# if we implemented things this way, there would also be no way to restrict access to logs when you do not
|
||||
# restrict access to instances. everything would be inheriting permissions from instances.
|
||||
# if we want to really codify this rule, we could change logs from a prefix to a suffix (just add it to the end of the process instances path).
|
||||
# if we want to really codify this rule, we could change logs from a prefix to a suffix
|
||||
# (just add it to the end of the process instances path).
|
||||
# but that makes it harder to change our minds in the future.
|
||||
for target_uri in [
|
||||
f"/process-instances/for-me/{process_related_path_segment}",
|
||||
|
|
|
@ -154,17 +154,21 @@ class GitService:
|
|||
cls, command: list[str], return_success_state: bool = False
|
||||
) -> Union[subprocess.CompletedProcess[bytes], bool]:
|
||||
"""Run_shell_command."""
|
||||
env = {
|
||||
'GIT_COMMITTER_NAME': current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME", "unknown"),
|
||||
'GIT_COMMITTER_EMAIL': current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", "unknown@example.org"),
|
||||
git_env_options = {
|
||||
"GIT_COMMITTER_NAME": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") or 'unknown',
|
||||
"GIT_COMMITTER_EMAIL": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") or "unknown@example.org",
|
||||
}
|
||||
# SSH authentication can be also provided via gitconfig.
|
||||
ssh_key_path = current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH")
|
||||
ssh_key_path = current_app.config.get(
|
||||
"SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH"
|
||||
)
|
||||
if ssh_key_path is not None:
|
||||
env['GIT_SSH_COMMAND'] = 'ssh -F /dev/null -i %s' % ssh_key_path
|
||||
git_env_options["GIT_SSH_COMMAND"] = "ssh -F /dev/null -i %s" % ssh_key_path
|
||||
|
||||
# this is fine since we pass the commands directly
|
||||
result = subprocess.run(command, check=False, capture_output=True, env=env) # noqa
|
||||
result = subprocess.run( # noqa
|
||||
command, check=False, capture_output=True, env=git_env_options
|
||||
)
|
||||
if return_success_state:
|
||||
return result.returncode == 0
|
||||
|
||||
|
|
|
@ -61,6 +61,7 @@ class TestGetAllPermissions(BaseTest):
|
|||
"uri": "/tasks",
|
||||
"permissions": ["create", "read", "update", "delete"],
|
||||
},
|
||||
{'group_identifier': 'my_test_group', 'uri': '/process-data-file-download/hey:group:*', 'permissions': ['read']}
|
||||
]
|
||||
|
||||
permissions = GetAllPermissions().run(script_attributes_context)
|
||||
|
|
|
@ -156,9 +156,10 @@ class TestAuthorizationService(BaseTest):
|
|||
with_db_and_bpmn_file_cleanup: None,
|
||||
) -> None:
|
||||
"""Test_explode_permissions_all_on_process_group."""
|
||||
expected_permissions = [
|
||||
expected_permissions = sorted([
|
||||
("/logs/some-process-group:some-process-model:*", "read"),
|
||||
("/process-data/some-process-group:some-process-model:*", "read"),
|
||||
("/process-data-file-download/some-process-group:some-process-model:*", "read"),
|
||||
("/process-groups/some-process-group:some-process-model:*", "create"),
|
||||
("/process-groups/some-process-group:some-process-model:*", "delete"),
|
||||
("/process-groups/some-process-group:some-process-model:*", "read"),
|
||||
|
@ -180,7 +181,7 @@ class TestAuthorizationService(BaseTest):
|
|||
("/process-models/some-process-group:some-process-model:*", "update"),
|
||||
("/task-data/some-process-group:some-process-model:*", "read"),
|
||||
("/task-data/some-process-group:some-process-model:*", "update"),
|
||||
]
|
||||
])
|
||||
permissions_to_assign = AuthorizationService.explode_permissions(
|
||||
"all", "PG:/some-process-group/some-process-model"
|
||||
)
|
||||
|
@ -201,6 +202,10 @@ class TestAuthorizationService(BaseTest):
|
|||
"/logs/some-process-group:some-process-model:*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-data-file-download/some-process-group:some-process-model:*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-instances/for-me/some-process-group:some-process-model:*",
|
||||
"read",
|
||||
|
@ -222,8 +227,9 @@ class TestAuthorizationService(BaseTest):
|
|||
with_db_and_bpmn_file_cleanup: None,
|
||||
) -> None:
|
||||
"""Test_explode_permissions_all_on_process_model."""
|
||||
expected_permissions = [
|
||||
expected_permissions = sorted([
|
||||
("/logs/some-process-group:some-process-model/*", "read"),
|
||||
("/process-data-file-download/some-process-group:some-process-model/*", "read"),
|
||||
("/process-data/some-process-group:some-process-model/*", "read"),
|
||||
(
|
||||
"/process-instance-suspend/some-process-group:some-process-model/*",
|
||||
|
@ -242,7 +248,7 @@ class TestAuthorizationService(BaseTest):
|
|||
("/process-models/some-process-group:some-process-model/*", "update"),
|
||||
("/task-data/some-process-group:some-process-model/*", "read"),
|
||||
("/task-data/some-process-group:some-process-model/*", "update"),
|
||||
]
|
||||
])
|
||||
permissions_to_assign = AuthorizationService.explode_permissions(
|
||||
"all", "PM:/some-process-group/some-process-model"
|
||||
)
|
||||
|
@ -263,6 +269,10 @@ class TestAuthorizationService(BaseTest):
|
|||
"/logs/some-process-group:some-process-model/*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-data-file-download/some-process-group:some-process-model/*",
|
||||
"read",
|
||||
),
|
||||
(
|
||||
"/process-instances/for-me/some-process-group:some-process-model/*",
|
||||
"read",
|
||||
|
|
Loading…
Reference in New Issue