fixed tests w/ burnettk

This commit is contained in:
jasquat 2023-02-21 15:28:54 -05:00
parent b0d132fc1e
commit e5b83d0919
4 changed files with 27 additions and 11 deletions

View File

@ -576,7 +576,8 @@ class AuthorizationService:
# both for-me and NOT for-me URLs for the instance in question to see if you should get access to its logs. # both for-me and NOT for-me URLs for the instance in question to see if you should get access to its logs.
# if we implemented things this way, there would also be no way to restrict access to logs when you do not # if we implemented things this way, there would also be no way to restrict access to logs when you do not
# restrict access to instances. everything would be inheriting permissions from instances. # restrict access to instances. everything would be inheriting permissions from instances.
# if we want to really codify this rule, we could change logs from a prefix to a suffix (just add it to the end of the process instances path). # if we want to really codify this rule, we could change logs from a prefix to a suffix
# (just add it to the end of the process instances path).
# but that makes it harder to change our minds in the future. # but that makes it harder to change our minds in the future.
for target_uri in [ for target_uri in [
f"/process-instances/for-me/{process_related_path_segment}", f"/process-instances/for-me/{process_related_path_segment}",

View File

@ -154,17 +154,21 @@ class GitService:
cls, command: list[str], return_success_state: bool = False cls, command: list[str], return_success_state: bool = False
) -> Union[subprocess.CompletedProcess[bytes], bool]: ) -> Union[subprocess.CompletedProcess[bytes], bool]:
"""Run_shell_command.""" """Run_shell_command."""
env = { git_env_options = {
'GIT_COMMITTER_NAME': current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME", "unknown"), "GIT_COMMITTER_NAME": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") or 'unknown',
'GIT_COMMITTER_EMAIL': current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL", "unknown@example.org"), "GIT_COMMITTER_EMAIL": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") or "unknown@example.org",
} }
# SSH authentication can be also provided via gitconfig. # SSH authentication can be also provided via gitconfig.
ssh_key_path = current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH") ssh_key_path = current_app.config.get(
"SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH"
)
if ssh_key_path is not None: if ssh_key_path is not None:
env['GIT_SSH_COMMAND'] = 'ssh -F /dev/null -i %s' % ssh_key_path git_env_options["GIT_SSH_COMMAND"] = "ssh -F /dev/null -i %s" % ssh_key_path
# this is fine since we pass the commands directly # this is fine since we pass the commands directly
result = subprocess.run(command, check=False, capture_output=True, env=env) # noqa result = subprocess.run( # noqa
command, check=False, capture_output=True, env=git_env_options
)
if return_success_state: if return_success_state:
return result.returncode == 0 return result.returncode == 0

View File

@ -61,6 +61,7 @@ class TestGetAllPermissions(BaseTest):
"uri": "/tasks", "uri": "/tasks",
"permissions": ["create", "read", "update", "delete"], "permissions": ["create", "read", "update", "delete"],
}, },
{'group_identifier': 'my_test_group', 'uri': '/process-data-file-download/hey:group:*', 'permissions': ['read']}
] ]
permissions = GetAllPermissions().run(script_attributes_context) permissions = GetAllPermissions().run(script_attributes_context)

View File

@ -156,9 +156,10 @@ class TestAuthorizationService(BaseTest):
with_db_and_bpmn_file_cleanup: None, with_db_and_bpmn_file_cleanup: None,
) -> None: ) -> None:
"""Test_explode_permissions_all_on_process_group.""" """Test_explode_permissions_all_on_process_group."""
expected_permissions = [ expected_permissions = sorted([
("/logs/some-process-group:some-process-model:*", "read"), ("/logs/some-process-group:some-process-model:*", "read"),
("/process-data/some-process-group:some-process-model:*", "read"), ("/process-data/some-process-group:some-process-model:*", "read"),
("/process-data-file-download/some-process-group:some-process-model:*", "read"),
("/process-groups/some-process-group:some-process-model:*", "create"), ("/process-groups/some-process-group:some-process-model:*", "create"),
("/process-groups/some-process-group:some-process-model:*", "delete"), ("/process-groups/some-process-group:some-process-model:*", "delete"),
("/process-groups/some-process-group:some-process-model:*", "read"), ("/process-groups/some-process-group:some-process-model:*", "read"),
@ -180,7 +181,7 @@ class TestAuthorizationService(BaseTest):
("/process-models/some-process-group:some-process-model:*", "update"), ("/process-models/some-process-group:some-process-model:*", "update"),
("/task-data/some-process-group:some-process-model:*", "read"), ("/task-data/some-process-group:some-process-model:*", "read"),
("/task-data/some-process-group:some-process-model:*", "update"), ("/task-data/some-process-group:some-process-model:*", "update"),
] ])
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PG:/some-process-group/some-process-model" "all", "PG:/some-process-group/some-process-model"
) )
@ -201,6 +202,10 @@ class TestAuthorizationService(BaseTest):
"/logs/some-process-group:some-process-model:*", "/logs/some-process-group:some-process-model:*",
"read", "read",
), ),
(
"/process-data-file-download/some-process-group:some-process-model:*",
"read",
),
( (
"/process-instances/for-me/some-process-group:some-process-model:*", "/process-instances/for-me/some-process-group:some-process-model:*",
"read", "read",
@ -222,8 +227,9 @@ class TestAuthorizationService(BaseTest):
with_db_and_bpmn_file_cleanup: None, with_db_and_bpmn_file_cleanup: None,
) -> None: ) -> None:
"""Test_explode_permissions_all_on_process_model.""" """Test_explode_permissions_all_on_process_model."""
expected_permissions = [ expected_permissions = sorted([
("/logs/some-process-group:some-process-model/*", "read"), ("/logs/some-process-group:some-process-model/*", "read"),
("/process-data-file-download/some-process-group:some-process-model/*", "read"),
("/process-data/some-process-group:some-process-model/*", "read"), ("/process-data/some-process-group:some-process-model/*", "read"),
( (
"/process-instance-suspend/some-process-group:some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model/*",
@ -242,7 +248,7 @@ class TestAuthorizationService(BaseTest):
("/process-models/some-process-group:some-process-model/*", "update"), ("/process-models/some-process-group:some-process-model/*", "update"),
("/task-data/some-process-group:some-process-model/*", "read"), ("/task-data/some-process-group:some-process-model/*", "read"),
("/task-data/some-process-group:some-process-model/*", "update"), ("/task-data/some-process-group:some-process-model/*", "update"),
] ])
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PM:/some-process-group/some-process-model" "all", "PM:/some-process-group/some-process-model"
) )
@ -263,6 +269,10 @@ class TestAuthorizationService(BaseTest):
"/logs/some-process-group:some-process-model/*", "/logs/some-process-group:some-process-model/*",
"read", "read",
), ),
(
"/process-data-file-download/some-process-group:some-process-model/*",
"read",
),
( (
"/process-instances/for-me/some-process-group:some-process-model/*", "/process-instances/for-me/some-process-group:some-process-model/*",
"read", "read",