elevated permissions should include running privileged scripts w/ burnettk

2023-05-19 16:21:32 -04:00 · 2023-05-19 16:21:32 -04:00 · e1285539e5
parent 1752b513bb
commit e1285539e5
2 changed files with 2 additions and 0 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@ -523,6 +523,7 @@ class AuthorizationService:
        # can also start through messages as well
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/messages/*"))
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/can-run-privileged-script/*"))
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/send-event/*"))
        permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/task-complete/*"))
        permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/users/search"))
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
@ -309,6 +309,7 @@ class TestAuthorizationService(BaseTest):
        with_db_and_bpmn_file_cleanup: None,
    ) -> None:
        expected_permissions = [
            ("/can-run-privileged-script/*", "create"),
            ("/messages/*", "create"),
            ("/process-instances-reset/*", "create"),
            ("/process-instances-resume/*", "create"),