status-im
/
spiff-arena
mirror of https://github.com/status-im/spiff-arena.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allow removing users from groups when refreshing permissions w/ burnettk

This commit is contained in:
jasquat 2023-01-25 15:12:48 -05:00
parent 1702521ccb
commit d9cffcb963
6 changed files with 72 additions and 942 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
spiffworkflow-backend/bpmn_json_67.json
View File

File diff suppressed because one or more lines are too long

316
spiffworkflow-backend/bpmn_json_67_2.json
View File

@ -1,316 +0,0 @@
{
"data": {
"validate_only": false,
"my_var_now": 2,
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
},
"last_task": "b6e341d6-4bc5-4ec0-a93e-9d2154bcf58f",
"success": true,
"tasks": {
"8156eb2b-8edb-425b-a775-2bd37fd891af": {
"id": "8156eb2b-8edb-425b-a775-2bd37fd891af",
"parent": null,
"children": [
"d070c7f3-be9e-4f6e-b81a-7647ee6b7582"
],
"last_state_change": 1674674629.05859,
"state": 32,
"task_spec": "Root",
"triggered": false,
"workflow_name": "process_to_call",
"internal_data": {},
"data": {}
},
"d070c7f3-be9e-4f6e-b81a-7647ee6b7582": {
"id": "d070c7f3-be9e-4f6e-b81a-7647ee6b7582",
"parent": "8156eb2b-8edb-425b-a775-2bd37fd891af",
"children": [
"3e542841-075e-4e18-906e-4ac68168fda7"
],
"last_state_change": 1674674629.094655,
"state": 32,
"task_spec": "Start",
"triggered": false,
"workflow_name": "process_to_call",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
}
}
},
"3e542841-075e-4e18-906e-4ac68168fda7": {
"id": "3e542841-075e-4e18-906e-4ac68168fda7",
"parent": "d070c7f3-be9e-4f6e-b81a-7647ee6b7582",
"children": [
"1685edde-09eb-4363-88b7-9b12f37ea1ef"
],
"last_state_change": 1674674629.1414993,
"state": 32,
"task_spec": "StartEvent_1",
"triggered": false,
"workflow_name": "process_to_call",
"internal_data": {
"event_fired": true
},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
}
}
},
"1685edde-09eb-4363-88b7-9b12f37ea1ef": {
"id": "1685edde-09eb-4363-88b7-9b12f37ea1ef",
"parent": "3e542841-075e-4e18-906e-4ac68168fda7",
"children": [
"380f4e01-bb6c-42e0-9ed8-e7a14f1bd756"
],
"last_state_change": 1674674629.1694856,
"state": 32,
"task_spec": "super_awesome_script",
"triggered": false,
"workflow_name": "process_to_call",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"380f4e01-bb6c-42e0-9ed8-e7a14f1bd756": {
"id": "380f4e01-bb6c-42e0-9ed8-e7a14f1bd756",
"parent": "1685edde-09eb-4363-88b7-9b12f37ea1ef",
"children": [
"f4846e08-8e5f-47db-87f0-41daacbd3e5b"
],
"last_state_change": 1674674629.2164488,
"state": 32,
"task_spec": "Event_08g7f08",
"triggered": false,
"workflow_name": "process_to_call",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"f4846e08-8e5f-47db-87f0-41daacbd3e5b": {
"id": "f4846e08-8e5f-47db-87f0-41daacbd3e5b",
"parent": "380f4e01-bb6c-42e0-9ed8-e7a14f1bd756",
"children": [
"b6e341d6-4bc5-4ec0-a93e-9d2154bcf58f"
],
"last_state_change": 1674674629.2567987,
"state": 32,
"task_spec": "process_to_call.EndJoin",
"triggered": false,
"workflow_name": "process_to_call",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"b6e341d6-4bc5-4ec0-a93e-9d2154bcf58f": {
"id": "b6e341d6-4bc5-4ec0-a93e-9d2154bcf58f",
"parent": "f4846e08-8e5f-47db-87f0-41daacbd3e5b",
"children": [],
"last_state_change": 1674674629.28801,
"state": 32,
"task_spec": "End",
"triggered": false,
"workflow_name": "process_to_call",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
}
},
"root": "8156eb2b-8edb-425b-a775-2bd37fd891af",
"spec": {
"name": "process_to_call",
"description": "Process to call",
"file": "callable_process.bpmn",
"task_specs": {
"Start": {
"id": "process_to_call_1",
"name": "Start",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [],
"outputs": [
"StartEvent_1"
],
"typename": "StartTask"
},
"process_to_call.EndJoin": {
"id": "process_to_call_2",
"name": "process_to_call.EndJoin",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"Event_08g7f08"
],
"outputs": [
"End"
],
"typename": "_EndJoin"
},
"End": {
"id": "process_to_call_3",
"name": "End",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"process_to_call.EndJoin"
],
"outputs": [],
"typename": "Simple"
},
"StartEvent_1": {
"id": "process_to_call_4",
"name": "StartEvent_1",
"description": null,
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"Start"
],
"outputs": [
"super_awesome_script"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 179,
"y": 159
},
"data_input_associations": [],
"data_output_associations": [],
"event_definition": {
"internal": false,
"external": false,
"typename": "NoneEventDefinition"
},
"typename": "StartEvent",
"extensions": {}
},
"super_awesome_script": {
"id": "process_to_call_5",
"name": "super_awesome_script",
"description": "Super Awesome Script",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"StartEvent_1"
],
"outputs": [
"Event_08g7f08"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 380,
"y": 137
},
"data_input_associations": [],
"data_output_associations": [
{
"name": "my_var_now",
"description": "my_var_now",
"typename": "BpmnDataSpecification"
}
],
"prescript": null,
"postscript": null,
"script": "a = 1\nmy_var_now = 2",
"typename": "ScriptTask",
"extensions": {}
},
"Event_08g7f08": {
"id": "process_to_call_6",
"name": "Event_08g7f08",
"description": null,
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"super_awesome_script"
],
"outputs": [
"process_to_call.EndJoin"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 522,
"y": 159
},
"data_input_associations": [],
"data_output_associations": [],
"event_definition": {
"internal": false,
"external": false,
"typename": "NoneEventDefinition"
},
"typename": "EndEvent",
"extensions": {}
},
"Root": {
"id": "process_to_call_7",
"name": "Root",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [],
"outputs": [],
"typename": "Simple"
}
},
"data_inputs": [],
"data_outputs": [],
"data_objects": {
"my_var_now": {
"name": "my_var_now",
"description": "my_var_now",
"typename": "BpmnDataSpecification"
}
},
"correlation_keys": {},
"typename": "BpmnProcessSpec"
},
"subprocess_specs": {},
"subprocesses": {},
"bpmn_messages": [],
"serializer_version": "1.0-spiffworkflow-backend"
}

1
spiffworkflow-backend/bpmn_json_68.json
View File

File diff suppressed because one or more lines are too long

621
spiffworkflow-backend/bpmn_json_68_2.json
View File

@ -1,621 +0,0 @@
{
"data": {
"validate_only": false,
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
},
"last_task": "9655e709-3600-43d0-a08d-bb52892333e9",
"success": true,
"tasks": {
"a9495420-a98f-4574-86eb-57875fabd465": {
"id": "a9495420-a98f-4574-86eb-57875fabd465",
"parent": null,
"children": [
"6f4e2241-9268-40fb-8636-a6b5d511ade4"
],
"last_state_change": 1674674684.1271565,
"state": 32,
"task_spec": "Root",
"triggered": false,
"workflow_name": "Process_rmvgdyk",
"internal_data": {},
"data": {}
},
"6f4e2241-9268-40fb-8636-a6b5d511ade4": {
"id": "6f4e2241-9268-40fb-8636-a6b5d511ade4",
"parent": "a9495420-a98f-4574-86eb-57875fabd465",
"children": [
"4536669f-7896-46e0-9587-0243e0bf03fa"
],
"last_state_change": 1674674684.1695502,
"state": 32,
"task_spec": "Start",
"triggered": false,
"workflow_name": "Process_rmvgdyk",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
}
}
},
"4536669f-7896-46e0-9587-0243e0bf03fa": {
"id": "4536669f-7896-46e0-9587-0243e0bf03fa",
"parent": "6f4e2241-9268-40fb-8636-a6b5d511ade4",
"children": [
"75ff9e01-4570-4ad5-bf87-537c15d67cd6"
],
"last_state_change": 1674674684.1987424,
"state": 32,
"task_spec": "StartEvent_1",
"triggered": false,
"workflow_name": "Process_rmvgdyk",
"internal_data": {
"event_fired": true
},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
}
}
},
"75ff9e01-4570-4ad5-bf87-537c15d67cd6": {
"id": "75ff9e01-4570-4ad5-bf87-537c15d67cd6",
"parent": "4536669f-7896-46e0-9587-0243e0bf03fa",
"children": [
"f0646cac-f127-491f-9d8d-7a88044af404"
],
"last_state_change": 1674674684.5499449,
"state": 32,
"task_spec": "call_one",
"triggered": false,
"workflow_name": "Process_rmvgdyk",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"f0646cac-f127-491f-9d8d-7a88044af404": {
"id": "f0646cac-f127-491f-9d8d-7a88044af404",
"parent": "75ff9e01-4570-4ad5-bf87-537c15d67cd6",
"children": [
"f25607a0-a3dd-4b08-876f-973cc5569b6a"
],
"last_state_change": 1674674684.5961928,
"state": 32,
"task_spec": "Event_0pq4nje",
"triggered": false,
"workflow_name": "Process_rmvgdyk",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"f25607a0-a3dd-4b08-876f-973cc5569b6a": {
"id": "f25607a0-a3dd-4b08-876f-973cc5569b6a",
"parent": "f0646cac-f127-491f-9d8d-7a88044af404",
"children": [
"9655e709-3600-43d0-a08d-bb52892333e9"
],
"last_state_change": 1674674684.6496456,
"state": 32,
"task_spec": "Process_rmvgdyk.EndJoin",
"triggered": false,
"workflow_name": "Process_rmvgdyk",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"9655e709-3600-43d0-a08d-bb52892333e9": {
"id": "9655e709-3600-43d0-a08d-bb52892333e9",
"parent": "f25607a0-a3dd-4b08-876f-973cc5569b6a",
"children": [],
"last_state_change": 1674674684.6751294,
"state": 32,
"task_spec": "End",
"triggered": false,
"workflow_name": "Process_rmvgdyk",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
}
},
"root": "a9495420-a98f-4574-86eb-57875fabd465",
"spec": {
"name": "Process_rmvgdyk",
"description": "Process_rmvgdyk",
"file": "start.bpmn",
"task_specs": {
"Start": {
"id": "Process_rmvgdyk_1",
"name": "Start",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [],
"outputs": [
"StartEvent_1"
],
"typename": "StartTask"
},
"Process_rmvgdyk.EndJoin": {
"id": "Process_rmvgdyk_2",
"name": "Process_rmvgdyk.EndJoin",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"Event_0pq4nje"
],
"outputs": [
"End"
],
"typename": "_EndJoin"
},
"End": {
"id": "Process_rmvgdyk_3",
"name": "End",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"Process_rmvgdyk.EndJoin"
],
"outputs": [],
"typename": "Simple"
},
"StartEvent_1": {
"id": "Process_rmvgdyk_4",
"name": "StartEvent_1",
"description": null,
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"Start"
],
"outputs": [
"call_one"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 179,
"y": 159
},
"data_input_associations": [],
"data_output_associations": [],
"event_definition": {
"internal": false,
"external": false,
"typename": "NoneEventDefinition"
},
"typename": "StartEvent",
"extensions": {}
},
"call_one": {
"id": "Process_rmvgdyk_5",
"name": "call_one",
"description": "Call One",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"StartEvent_1"
],
"outputs": [
"Event_0pq4nje"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 270,
"y": 137
},
"data_input_associations": [],
"data_output_associations": [],
"prescript": "a = 1",
"postscript": null,
"spec": "process_to_call",
"typename": "CallActivity",
"extensions": {
"preScript": "a = 1"
}
},
"Event_0pq4nje": {
"id": "Process_rmvgdyk_6",
"name": "Event_0pq4nje",
"description": null,
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"call_one"
],
"outputs": [
"Process_rmvgdyk.EndJoin"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 912,
"y": 159
},
"data_input_associations": [],
"data_output_associations": [],
"event_definition": {
"internal": false,
"external": false,
"typename": "NoneEventDefinition"
},
"typename": "EndEvent",
"extensions": {}
},
"Root": {
"id": "Process_rmvgdyk_7",
"name": "Root",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [],
"outputs": [],
"typename": "Simple"
}
},
"data_inputs": [],
"data_outputs": [],
"data_objects": {},
"correlation_keys": {},
"typename": "BpmnProcessSpec"
},
"subprocess_specs": {
"process_to_call": {
"name": "process_to_call",
"description": "Process to call",
"file": "/home/jason/projects/github/sartography/sample-process-models/misc/category_number_one/call-activity/callable_process.bpmn",
"task_specs": {
"Start": {
"id": "process_to_call_1",
"name": "Start",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [],
"outputs": [
"StartEvent_1"
],
"typename": "StartTask"
},
"process_to_call.EndJoin": {
"id": "process_to_call_2",
"name": "process_to_call.EndJoin",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"Event_08g7f08"
],
"outputs": [
"End"
],
"typename": "_EndJoin"
},
"End": {
"id": "process_to_call_3",
"name": "End",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"process_to_call.EndJoin"
],
"outputs": [],
"typename": "Simple"
},
"StartEvent_1": {
"id": "process_to_call_4",
"name": "StartEvent_1",
"description": null,
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"Start"
],
"outputs": [
"super_awesome_script"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 179,
"y": 159
},
"data_input_associations": [],
"data_output_associations": [],
"event_definition": {
"internal": false,
"external": false,
"typename": "NoneEventDefinition"
},
"typename": "StartEvent",
"extensions": {}
},
"super_awesome_script": {
"id": "process_to_call_5",
"name": "super_awesome_script",
"description": "Super Awesome Script",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"StartEvent_1"
],
"outputs": [
"Event_08g7f08"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 380,
"y": 137
},
"data_input_associations": [],
"data_output_associations": [
{
"name": "my_var_now",
"description": "my_var_now",
"typename": "BpmnDataSpecification"
}
],
"prescript": null,
"postscript": null,
"script": "a = 1\nmy_var_now = 2",
"typename": "ScriptTask",
"extensions": {}
},
"Event_08g7f08": {
"id": "process_to_call_6",
"name": "Event_08g7f08",
"description": null,
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [
"super_awesome_script"
],
"outputs": [
"process_to_call.EndJoin"
],
"lane": null,
"documentation": null,
"loopTask": false,
"position": {
"x": 522,
"y": 159
},
"data_input_associations": [],
"data_output_associations": [],
"event_definition": {
"internal": false,
"external": false,
"typename": "NoneEventDefinition"
},
"typename": "EndEvent",
"extensions": {}
},
"Root": {
"id": "process_to_call_7",
"name": "Root",
"description": "",
"manual": false,
"internal": false,
"lookahead": 2,
"inputs": [],
"outputs": [],
"typename": "Simple"
}
},
"data_inputs": [],
"data_outputs": [],
"data_objects": {
"my_var_now": {
"name": "my_var_now",
"description": "my_var_now",
"typename": "BpmnDataSpecification"
}
},
"correlation_keys": {},
"typename": "BpmnProcessSpec"
}
},
"subprocesses": {
"75ff9e01-4570-4ad5-bf87-537c15d67cd6": {
"data": {
"validate_only": false,
"my_var_now": 2,
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
},
"last_task": "188eb6c3-d7c5-4900-b690-9cbb92ef2b19",
"success": true,
"tasks": {
"a296c968-f6cb-42f2-a4b1-1268aca41c5d": {
"id": "a296c968-f6cb-42f2-a4b1-1268aca41c5d",
"parent": null,
"children": [
"8b4a92af-104b-4e78-9008-b690fbe7f560"
],
"last_state_change": 1674674684.2170289,
"state": 32,
"task_spec": "Root",
"triggered": false,
"workflow_name": "call_one",
"internal_data": {},
"data": {}
},
"8b4a92af-104b-4e78-9008-b690fbe7f560": {
"id": "8b4a92af-104b-4e78-9008-b690fbe7f560",
"parent": "a296c968-f6cb-42f2-a4b1-1268aca41c5d",
"children": [
"7ec77604-d1b9-4be3-a9aa-2eef295be9d2"
],
"last_state_change": 1674674684.2541206,
"state": 32,
"task_spec": "Start",
"triggered": false,
"workflow_name": "call_one",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"7ec77604-d1b9-4be3-a9aa-2eef295be9d2": {
"id": "7ec77604-d1b9-4be3-a9aa-2eef295be9d2",
"parent": "8b4a92af-104b-4e78-9008-b690fbe7f560",
"children": [
"305310bd-9425-46af-ba78-90f3dae283e3"
],
"last_state_change": 1674674684.2768772,
"state": 32,
"task_spec": "StartEvent_1",
"triggered": false,
"workflow_name": "call_one",
"internal_data": {
"event_fired": true
},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"305310bd-9425-46af-ba78-90f3dae283e3": {
"id": "305310bd-9425-46af-ba78-90f3dae283e3",
"parent": "7ec77604-d1b9-4be3-a9aa-2eef295be9d2",
"children": [
"cb25e1f8-c570-4af3-b8eb-be57746cd765"
],
"last_state_change": 1674674684.322075,
"state": 32,
"task_spec": "super_awesome_script",
"triggered": false,
"workflow_name": "call_one",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"cb25e1f8-c570-4af3-b8eb-be57746cd765": {
"id": "cb25e1f8-c570-4af3-b8eb-be57746cd765",
"parent": "305310bd-9425-46af-ba78-90f3dae283e3",
"children": [
"bbfc1793-787b-417b-8089-9bb194ae4034"
],
"last_state_change": 1674674684.3872745,
"state": 32,
"task_spec": "Event_08g7f08",
"triggered": false,
"workflow_name": "call_one",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"bbfc1793-787b-417b-8089-9bb194ae4034": {
"id": "bbfc1793-787b-417b-8089-9bb194ae4034",
"parent": "cb25e1f8-c570-4af3-b8eb-be57746cd765",
"children": [
"188eb6c3-d7c5-4900-b690-9cbb92ef2b19"
],
"last_state_change": 1674674684.4518044,
"state": 32,
"task_spec": "process_to_call.EndJoin",
"triggered": false,
"workflow_name": "call_one",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
},
"188eb6c3-d7c5-4900-b690-9cbb92ef2b19": {
"id": "188eb6c3-d7c5-4900-b690-9cbb92ef2b19",
"parent": "bbfc1793-787b-417b-8089-9bb194ae4034",
"children": [],
"last_state_change": 1674674684.500384,
"state": 32,
"task_spec": "End",
"triggered": false,
"workflow_name": "call_one",
"internal_data": {},
"data": {
"current_user": {
"username": "jason@sartography.com",
"id": "1"
},
"a": 1
}
}
},
"root": "a296c968-f6cb-42f2-a4b1-1268aca41c5d"
}
},
"bpmn_messages": [],
"serializer_version": "1.0-spiffworkflow-backend"
}

28
spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View File

@ -77,11 +77,17 @@ PATH_SEGMENTS_FOR_PERMISSION_ALL = [
]
class UserToGroupDict(TypedDict):
username: str
group_identifier: str
class DesiredPermissionDict(TypedDict):
"""DesiredPermissionDict."""
group_identifiers: Set[str]
permission_assignments: list[PermissionAssignmentModel]
user_to_group_identifiers: list[UserToGroupDict]
class AuthorizationService:
@ -212,6 +218,7 @@ class AuthorizationService:
default_group = None
unique_user_group_identifiers: Set[str] = set()
user_to_group_identifiers: list[UserToGroupDict] = []
if "default_group" in permission_configs:
default_group_identifier = permission_configs["default_group"]
default_group = GroupService.find_or_create_group(default_group_identifier)
@ -231,6 +238,11 @@ class AuthorizationService:
)
)
continue
user_to_group_dict: UserToGroupDict = {
"username": user.username,
"group_identifier": group_identifier,
}
user_to_group_identifiers.append(user_to_group_dict)
cls.associate_user_with_group(user, group)
permission_assignments = []
@ -275,6 +287,7 @@ class AuthorizationService:
return {
"group_identifiers": unique_user_group_identifiers,
"permission_assignments": permission_assignments,
"user_to_group_identifiers": user_to_group_identifiers,
}
@classmethod
@ -735,13 +748,20 @@ class AuthorizationService:
def refresh_permissions(cls, group_info: list[dict[str, Any]]) -> None:
"""Adds new permission assignments and deletes old ones."""
initial_permission_assignments = PermissionAssignmentModel.query.all()
initial_user_to_group_assignments = UserGroupAssignmentModel.query.all()
result = cls.import_permissions_from_yaml_file()
desired_permission_assignments = result["permission_assignments"]
desired_group_identifiers = result["group_identifiers"]
desired_user_to_group_identifiers = result["user_to_group_identifiers"]
for group in group_info:
group_identifier = group["name"]
for username in group["users"]:
user_to_group_dict: UserToGroupDict = {
"username": username,
"group_identifier": group_identifier,
}
desired_user_to_group_identifiers.append(user_to_group_dict)
GroupService.add_user_to_group_or_add_to_waiting(
username, group_identifier
)
@ -761,6 +781,14 @@ class AuthorizationService:
if ipa not in desired_permission_assignments:
db.session.delete(ipa)
for iutga in initial_user_to_group_assignments:
current_user_dict: UserToGroupDict = {
"username": iutga.user.username,
"group_identifier": iutga.group.identifier,
}
if current_user_dict not in desired_user_to_group_identifiers:
db.session.delete(iutga)
groups_to_delete = GroupModel.query.filter(
GroupModel.identifier.not_in(desired_group_identifiers)
).all()

47
spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
View File

@ -381,18 +381,27 @@ class TestAuthorizationService(BaseTest):
) -> None:
"""Test_can_refresh_permissions."""
user = self.find_or_create_user(username="user_one")
user_two = self.find_or_create_user(username="user_two")
admin_user = self.find_or_create_user(username="testadmin1")
# this group is not mentioned so it will get deleted
GroupService.find_or_create_group("group_two")
assert GroupModel.query.filter_by(identifier="group_two").first() is not None
GroupService.find_or_create_group("group_three")
assert GroupModel.query.filter_by(identifier="group_three").first() is not None
group_info = [
{
"users": ["user_one"],
"users": ["user_one", "user_two"],
"name": "group_one",
"permissions": [{"actions": ["create", "read"], "uri": "PG:hey"}],
}
},
{
"users": ["user_two"],
"name": "group_three",
"permissions": [{"actions": ["create", "read"], "uri": "PG:hey2"}],
},
]
AuthorizationService.refresh_permissions(group_info)
assert GroupModel.query.filter_by(identifier="group_two").first() is None
@ -402,12 +411,32 @@ class TestAuthorizationService(BaseTest):
self.assert_user_has_permission(user, "read", "/v1.0/process-groups/hey:yo")
self.assert_user_has_permission(user, "create", "/v1.0/process-groups/hey:yo")
self.assert_user_has_permission(user_two, "read", "/v1.0/process-groups/hey")
self.assert_user_has_permission(user_two, "read", "/v1.0/process-groups/hey:yo")
self.assert_user_has_permission(
user_two, "create", "/v1.0/process-groups/hey:yo"
)
assert GroupModel.query.filter_by(identifier="group_three").first() is not None
self.assert_user_has_permission(user_two, "read", "/v1.0/process-groups/hey2")
self.assert_user_has_permission(
user_two, "read", "/v1.0/process-groups/hey2:yo"
)
self.assert_user_has_permission(
user_two, "create", "/v1.0/process-groups/hey2:yo"
)
# remove access to 'hey' from user_two
group_info = [
{
"users": ["user_one"],
"name": "group_one",
"permissions": [{"actions": ["read"], "uri": "PG:hey"}],
}
},
{
"users": ["user_two"],
"name": "group_three",
"permissions": [{"actions": ["create", "read"], "uri": "PG:hey2"}],
},
]
AuthorizationService.refresh_permissions(group_info)
assert GroupModel.query.filter_by(identifier="group_one").first() is not None
@ -417,3 +446,15 @@ class TestAuthorizationService(BaseTest):
user, "create", "/v1.0/process-groups/hey:yo", expected_result=False
)
self.assert_user_has_permission(admin_user, "create", "/anything-they-want")
self.assert_user_has_permission(
user_two, "read", "/v1.0/process-groups/hey", expected_result=False
)
assert GroupModel.query.filter_by(identifier="group_three").first() is not None
self.assert_user_has_permission(user_two, "read", "/v1.0/process-groups/hey2")
self.assert_user_has_permission(
user_two, "read", "/v1.0/process-groups/hey2:yo"
)
self.assert_user_has_permission(
user_two, "create", "/v1.0/process-groups/hey2:yo"
)