diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index 793a3f9b..19f9f418 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -551,7 +551,9 @@ class AuthorizationService: permissions_to_assign: list[PermissionToAssign] = [] - # we were thinking that if you can start an instance, you ought to be able to view your own instances. + # we were thinking that if you can start an instance, you ought to be able to: + # 1. view your own instances. + # 2. view the logs for these instances. if permission_set == "start": target_uri = f"/process-instances/{process_related_path_segment}" permissions_to_assign.append( @@ -561,6 +563,10 @@ class AuthorizationService: permissions_to_assign.append( PermissionToAssign(permission="read", target_uri=target_uri) ) + target_uri = f"/logs/{process_related_path_segment}" + permissions_to_assign.append( + PermissionToAssign(permission="read", target_uri=target_uri) + ) else: if permission_set == "all": diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py index b31c7228..95d15fbf 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py @@ -41,6 +41,11 @@ class TestGetAllPermissions(BaseTest): ) expected_permissions = [ + { + "group_identifier": "my_test_group", + "uri": "/logs/hey:group:*", + "permissions": ["read"], + }, { "group_identifier": "my_test_group", "uri": "/process-instances/hey:group:*", diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py index 2736693e..d414616c 100644 --- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -197,6 +197,10 @@ class TestAuthorizationService(BaseTest): ) -> None: """Test_explode_permissions_start_on_process_group.""" expected_permissions = [ + ( + "/logs/some-process-group:some-process-model:*", + "read", + ), ( "/process-instances/for-me/some-process-group:some-process-model:*", "read", @@ -255,6 +259,10 @@ class TestAuthorizationService(BaseTest): ) -> None: """Test_explode_permissions_start_on_process_model.""" expected_permissions = [ + ( + "/logs/some-process-group:some-process-model/*", + "read", + ), ( "/process-instances/for-me/some-process-group:some-process-model/*", "read",