diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 96b7db85..24367c89 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -217,7 +217,7 @@ jobs: nox --version - name: Download coverage data - uses: actions/download-artifact@v3.0.0 + uses: actions/download-artifact@v3.0.1 with: name: coverage-data diff --git a/poetry.lock b/poetry.lock index b14dfa7e..30bd5add 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1293,16 +1293,16 @@ python-versions = ">=3.6" plugins = ["importlib-metadata"] [[package]] -name = "PyJWT" -version = "2.5.0" +name = "pyjwt" +version = "2.6.0" description = "JSON Web Token implementation in Python" category = "main" optional = false python-versions = ">=3.7" [package.extras] -crypto = ["cryptography (>=3.3.1)", "types-cryptography (>=3.3.21)"] -dev = ["coverage[toml] (==5.0.4)", "cryptography (>=3.3.1)", "pre-commit", "pytest (>=6.0.0,<7.0.0)", "sphinx (>=4.5.0,<5.0.0)", "sphinx-rtd-theme", "types-cryptography (>=3.3.21)", "zope.interface"] +crypto = ["cryptography (>=3.4.0)"] +dev = ["coverage[toml] (==5.0.4)", "cryptography (>=3.4.0)", "pre-commit", "pytest (>=6.0.0,<7.0.0)", "sphinx (>=4.5.0,<5.0.0)", "sphinx-rtd-theme", "zope.interface"] docs = ["sphinx (>=4.5.0,<5.0.0)", "sphinx-rtd-theme", "zope.interface"] tests = ["coverage[toml] (==5.0.4)", "pytest (>=6.0.0,<7.0.0)"] @@ -2248,7 +2248,7 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools" [metadata] lock-version = "1.1" python-versions = ">=3.9,<3.11" -content-hash = "5c08dfcad4346a47966aec0ca7198d6d85eddd3d3673e059f367d6c4845738c5" +content-hash = "524b9ac3945a16190fcd322c42a835b868105c9d9e7894ac5e507c48854d3ee1" [metadata.files] alabaster = [ @@ -3070,9 +3070,9 @@ Pygments = [ {file = "Pygments-2.13.0-py3-none-any.whl", hash = "sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42"}, {file = "Pygments-2.13.0.tar.gz", hash = "sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1"}, ] -PyJWT = [ - {file = "PyJWT-2.5.0-py3-none-any.whl", hash = "sha256:8d82e7087868e94dd8d7d418e5088ce64f7daab4b36db654cbaedb46f9d1ca80"}, - {file = "PyJWT-2.5.0.tar.gz", hash = "sha256:e77ab89480905d86998442ac5788f35333fa85f65047a534adc38edf3c88fc3b"}, +pyjwt = [ + {file = "PyJWT-2.6.0-py3-none-any.whl", hash = "sha256:d83c3d892a77bbb74d3e1a2cfa90afaadb60945205d1095d9221f04466f64c14"}, + {file = "PyJWT-2.6.0.tar.gz", hash = "sha256:69285c7e31fc44f68a1feb309e948e0df53259d579295e6cfe2b1792329f05fd"}, ] pyparsing = [ {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"}, diff --git a/pyproject.toml b/pyproject.toml index dcbecc58..87d7405f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -45,7 +45,7 @@ connexion = {extras = [ "swagger-ui",], version = "^2"} lxml = "^4.9.1" marshmallow-enum = "^1.5.1" marshmallow-sqlalchemy = "^0.28.0" -PyJWT = "^2.4.0" +PyJWT = "^2.6.0" gunicorn = "^20.1.0" python-keycloak = "^2.5.0" APScheduler = "^3.9.1" diff --git a/src/spiffworkflow_backend/config/permissions/demo.yml b/src/spiffworkflow_backend/config/permissions/demo.yml index c0cacf33..73ccfc6c 100644 --- a/src/spiffworkflow_backend/config/permissions/demo.yml +++ b/src/spiffworkflow_backend/config/permissions/demo.yml @@ -3,29 +3,45 @@ default_group: everybody groups: admin: users: - [jakub, kb, alex, dan, mike, jason, amir, jarrad, elizabeth, jon, natalia] + [jakub, kb, alex, dan, mike, jason, amir, jarrad, elizabeth, jon, natalia, harmeet, sasha, manuchehr] - finance: - users: [harmeet, sasha] + Finance Team: + users: [jakub, alex, dan, mike, jason, amir, jarrad, elizabeth, jon, natalia, harmeet, sasha, manuchehr] + + Team Lead: + users: [jakub, alex, dan, mike, jason, jarrad, elizabeth, jon, natalia, harmeet, sasha, manuchehr] hr: users: [manuchehr] permissions: + tasks-crud: + groups: [everybody] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /v1.0/tasks/* + admin: groups: [admin] users: [] allowed_permissions: [create, read, update, delete, list, instantiate] uri: /* + # TODO: all uris should really have the same structure + finance-admin-group: + groups: ["Finance Team"] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /v1.0/process-groups/finance/* + finance-admin: - groups: [finance] + groups: ["Finance Team"] users: [] allowed_permissions: [create, read, update, delete] uri: /v1.0/process-groups/finance/* read-all: - groups: [finance, hr, admin] + groups: ["Finance Team", "Team Lead", hr, admin] users: [] allowed_permissions: [read] uri: /*