From e1285539e598fec7c84f3ee8dda431c9b048841d Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Fri, 19 May 2023 16:21:32 -0400
Subject: [PATCH] elevated permissions should include running privileged
 scripts w/ burnettk

---
 .../src/spiffworkflow_backend/services/authorization_service.py  | 1 +
 .../spiffworkflow_backend/unit/test_authorization_service.py     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
index 79f43166..4063e0b6 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@@ -523,6 +523,7 @@ class AuthorizationService:
         # can also start through messages as well
         permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/messages/*"))
 
+        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/can-run-privileged-script/*"))
         permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/send-event/*"))
         permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/task-complete/*"))
         permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/users/search"))
diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
index 928da5f1..7f151329 100644
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@@ -309,6 +309,7 @@ class TestAuthorizationService(BaseTest):
         with_db_and_bpmn_file_cleanup: None,
     ) -> None:
         expected_permissions = [
+            ("/can-run-privileged-script/*", "create"),
             ("/messages/*", "create"),
             ("/process-instances-reset/*", "create"),
             ("/process-instances-resume/*", "create"),