status-im/spiff-arena
2
0
Fork 0
mirror of https://github.com/status-im/spiff-arena.git synced 2025-02-05 14:44:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed slashes to colons in permission macros w/ burnettk

Browse Source
This commit is contained in:
jasquat 2022-12-22 10:34:19 -05:00
parent b2885159bd
commit f7a60e0dfe
5 changed files with 156 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml
View File

@ -74,98 +74,98 @@ permissions:
users: [] users: []
allowed_permissions: [create, read, update, delete] allowed_permissions: [create, read, update, delete]
uri: /* uri: /*
admin-readonly: # admin-readonly:
groups: [admin-ro] # groups: [admin-ro]
users: [] # users: []
allowed_permissions: [read] # allowed_permissions: [read]
uri: /* # uri: /*
admin-process-instances-for-readonly: # admin-process-instances-for-readonly:
groups: [admin-ro] # groups: [admin-ro]
users: [] # users: []
allowed_permissions: [create, read, update, delete] # allowed_permissions: [create, read, update, delete]
uri: /process-instances/* # uri: /process-instances/*
#
tasks-crud: # tasks-crud:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [create, read, update, delete] # allowed_permissions: [create, read, update, delete]
uri: /tasks/* # uri: /tasks/*
service-tasks: # service-tasks:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [read] # allowed_permissions: [read]
uri: /service-tasks # uri: /service-tasks
user-groups-for-current-user: # user-groups-for-current-user:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [read] # allowed_permissions: [read]
uri: /user-groups/for-current-user # uri: /user-groups/for-current-user
#
# read all for everybody # # read all for everybody
read-all-process-groups: # read-all-process-groups:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [read] # allowed_permissions: [read]
uri: /process-groups/* # uri: /process-groups/*
read-all-process-models: # read-all-process-models:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [read] # allowed_permissions: [read]
uri: /process-models/* # uri: /process-models/*
read-all-process-instances-for-me: # read-all-process-instances-for-me:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [read] # allowed_permissions: [read]
uri: /process-instances/for-me/* # uri: /process-instances/for-me/*
read-process-instance-reports: # read-process-instance-reports:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [create, read, update, delete] # allowed_permissions: [create, read, update, delete]
uri: /process-instances/reports/* # uri: /process-instances/reports/*
processes-read: # processes-read:
groups: [everybody] # groups: [everybody]
users: [] # users: []
allowed_permissions: [read] # allowed_permissions: [read]
uri: /processes # uri: /processes
#
#
finance-admin: # finance-admin:
groups: ["Finance Team"] # groups: ["Finance Team"]
users: [] # users: []
allowed_permissions: [create, read, update, delete] # allowed_permissions: [create, read, update, delete]
uri: /process-groups/manage-procurement:procurement:* # uri: /process-groups/manage-procurement:procurement:*
#
manage-revenue-streams-instances: # manage-revenue-streams-instances:
groups: ["core-contributor", "demo"] # groups: ["core-contributor", "demo"]
users: [] # users: []
allowed_permissions: [create, read] # allowed_permissions: [create, read]
uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/* # uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
#
manage-procurement-invoice-instances: # manage-procurement-invoice-instances:
groups: ["core-contributor", "demo"] # groups: ["core-contributor", "demo"]
users: [] # users: []
allowed_permissions: [create, read] # allowed_permissions: [create, read]
uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:* # uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
#
manage-procurement-instances: # manage-procurement-instances:
groups: ["core-contributor", "demo"] # groups: ["core-contributor", "demo"]
users: [] # users: []
allowed_permissions: [create, read] # allowed_permissions: [create, read]
uri: /process-instances/manage-procurement:vendor-lifecycle-management:* # uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
#
create-test-instances: # create-test-instances:
groups: ["test"] # groups: ["test"]
users: [] # users: []
allowed_permissions: [create, read] # allowed_permissions: [create, read]
uri: /process-instances/misc:test:* # uri: /process-instances/misc:test:*
#
core1-admin-instances: # core1-admin-instances:
groups: ["core-contributor", "Finance Team"] # groups: ["core-contributor", "Finance Team"]
users: [] # users: []
allowed_permissions: [create, read] # allowed_permissions: [create, read]
uri: /process-instances/misc:category_number_one:process-model-with-form:* # uri: /process-instances/misc:category_number_one:process-model-with-form:*
core1-admin-instances-slash: # core1-admin-instances-slash:
groups: ["core-contributor", "Finance Team"] # groups: ["core-contributor", "Finance Team"]
users: [] # users: []
allowed_permissions: [create, read] # allowed_permissions: [create, read]
uri: /process-instances/misc:category_number_one:process-model-with-form/* # uri: /process-instances/misc:category_number_one:process-model-with-form/*

2
spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/testing.yml
View File

@ -21,7 +21,7 @@ permissions:
admin: admin:
groups: [admin] groups: [admin]
users: [] users: []
allowed_permissions: [create, read, update, delete, list, instantiate] allowed_permissions: [create, read, update, delete]
uri: /* uri: /*
read-all: read-all:

8
spiffworkflow-backend/src/spiffworkflow_backend/models/permission_assignment.py
View File

@ -32,14 +32,6 @@ class Permission(enum.Enum):
update = "update" update = "update"
delete = "delete" delete = "delete"
# maybe read to GET process_model/process-instances instead?
list = "list"
# maybe use create instead on
# POST http://localhost:7000/v1.0/process-models/category_number_one/call-activity/process-instances/*
# POST http://localhost:7000/v1.0/process-models/category_number_one/call-activity/process-instances/332/run
instantiate = "instantiate" # this is something you do to a process model
class PermissionAssignmentModel(SpiffworkflowBaseDBModel): class PermissionAssignmentModel(SpiffworkflowBaseDBModel):
"""PermissionAssignmentModel.""" """PermissionAssignmentModel."""

8
spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View File

@ -112,7 +112,7 @@ class AuthorizationService:
# to check for exact matches as well # to check for exact matches as well
# see test_user_can_access_base_path_when_given_wildcard_permission unit test # see test_user_can_access_base_path_when_given_wildcard_permission unit test
text( text(
f"'{target_uri_normalized}' = replace(permission_target.uri, '/%', '')" f"'{target_uri_normalized}' = replace(replace(permission_target.uri, '/%', ''), ':%', '')"
), ),
) )
) )
@ -605,9 +605,9 @@ class AuthorizationService:
if target.startswith("PG:"): if target.startswith("PG:"):
process_group_identifier = ( process_group_identifier = (
target.removeprefix("PG:").replace(":", "/").removeprefix("/") target.removeprefix("PG:").replace("/", ":").removeprefix(":")
) )
process_related_path_segment = f"{process_group_identifier}/*" process_related_path_segment = f"{process_group_identifier}:*"
if process_group_identifier == "ALL": if process_group_identifier == "ALL":
process_related_path_segment = "*" process_related_path_segment = "*"
target_uris = [ target_uris = [
@ -623,7 +623,7 @@ class AuthorizationService:
elif target.startswith("PM:"): elif target.startswith("PM:"):
process_model_identifier = ( process_model_identifier = (
target.removeprefix("PM:").replace(":", "/").removeprefix("/") target.removeprefix("PM:").replace("/", ":").removeprefix(":")
) )
process_related_path_segment = f"{process_model_identifier}/*" process_related_path_segment = f"{process_model_identifier}/*"

112
spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
View File

@ -154,58 +154,58 @@ class TestAuthorizationService(BaseTest):
) -> None: ) -> None:
"""Test_explode_permissions_all_on_process_group.""" """Test_explode_permissions_all_on_process_group."""
expected_permissions = [ expected_permissions = [
("/logs/some-process-group/some-process-model/*", "create"), ("/logs/some-process-group:some-process-model:*", "create"),
("/logs/some-process-group/some-process-model/*", "delete"), ("/logs/some-process-group:some-process-model:*", "delete"),
("/logs/some-process-group/some-process-model/*", "read"), ("/logs/some-process-group:some-process-model:*", "read"),
("/logs/some-process-group/some-process-model/*", "update"), ("/logs/some-process-group:some-process-model:*", "update"),
("/process-groups/some-process-group/some-process-model/*", "create"), ("/process-groups/some-process-group:some-process-model:*", "create"),
("/process-groups/some-process-group/some-process-model/*", "delete"), ("/process-groups/some-process-group:some-process-model:*", "delete"),
("/process-groups/some-process-group/some-process-model/*", "read"), ("/process-groups/some-process-group:some-process-model:*", "read"),
("/process-groups/some-process-group/some-process-model/*", "update"), ("/process-groups/some-process-group:some-process-model:*", "update"),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model:*",
"create", "create",
), ),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model:*",
"delete", "delete",
), ),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model:*",
"read", "read",
), ),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model:*",
"update", "update",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model:*",
"create", "create",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model:*",
"delete", "delete",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model:*",
"read", "read",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model:*",
"update", "update",
), ),
("/process-instances/some-process-group/some-process-model/*", "create"), ("/process-instances/some-process-group:some-process-model:*", "create"),
("/process-instances/some-process-group/some-process-model/*", "delete"), ("/process-instances/some-process-group:some-process-model:*", "delete"),
("/process-instances/some-process-group/some-process-model/*", "read"), ("/process-instances/some-process-group:some-process-model:*", "read"),
("/process-instances/some-process-group/some-process-model/*", "update"), ("/process-instances/some-process-group:some-process-model:*", "update"),
("/process-models/some-process-group/some-process-model/*", "create"), ("/process-models/some-process-group:some-process-model:*", "create"),
("/process-models/some-process-group/some-process-model/*", "delete"), ("/process-models/some-process-group:some-process-model:*", "delete"),
("/process-models/some-process-group/some-process-model/*", "read"), ("/process-models/some-process-group:some-process-model:*", "read"),
("/process-models/some-process-group/some-process-model/*", "update"), ("/process-models/some-process-group:some-process-model:*", "update"),
("/task-data/some-process-group/some-process-model/*", "create"), ("/task-data/some-process-group:some-process-model:*", "create"),
("/task-data/some-process-group/some-process-model/*", "delete"), ("/task-data/some-process-group:some-process-model:*", "delete"),
("/task-data/some-process-group/some-process-model/*", "read"), ("/task-data/some-process-group:some-process-model:*", "read"),
("/task-data/some-process-group/some-process-model/*", "update"), ("/task-data/some-process-group:some-process-model:*", "update"),
] ]
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PG:/some-process-group/some-process-model" "all", "PG:/some-process-group/some-process-model"
@ -224,10 +224,10 @@ class TestAuthorizationService(BaseTest):
"""Test_explode_permissions_start_on_process_group.""" """Test_explode_permissions_start_on_process_group."""
expected_permissions = [ expected_permissions = [
( (
"/process-instances/for-me/some-process-group/some-process-model/*", "/process-instances/for-me/some-process-group:some-process-model:*",
"read", "read",
), ),
("/process-instances/some-process-group/some-process-model/*", "create"), ("/process-instances/some-process-group:some-process-model:*", "create"),
] ]
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"start", "PG:/some-process-group/some-process-model" "start", "PG:/some-process-group/some-process-model"
@ -245,54 +245,54 @@ class TestAuthorizationService(BaseTest):
) -> None: ) -> None:
"""Test_explode_permissions_all_on_process_model.""" """Test_explode_permissions_all_on_process_model."""
expected_permissions = [ expected_permissions = [
("/logs/some-process-group/some-process-model/*", "create"), ("/logs/some-process-group:some-process-model/*", "create"),
("/logs/some-process-group/some-process-model/*", "delete"), ("/logs/some-process-group:some-process-model/*", "delete"),
("/logs/some-process-group/some-process-model/*", "read"), ("/logs/some-process-group:some-process-model/*", "read"),
("/logs/some-process-group/some-process-model/*", "update"), ("/logs/some-process-group:some-process-model/*", "update"),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model/*",
"create", "create",
), ),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model/*",
"delete", "delete",
), ),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model/*",
"read", "read",
), ),
( (
"/process-instance-suspend/some-process-group/some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model/*",
"update", "update",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model/*",
"create", "create",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model/*",
"delete", "delete",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model/*",
"read", "read",
), ),
( (
"/process-instance-terminate/some-process-group/some-process-model/*", "/process-instance-terminate/some-process-group:some-process-model/*",
"update", "update",
), ),
("/process-instances/some-process-group/some-process-model/*", "create"), ("/process-instances/some-process-group:some-process-model/*", "create"),
("/process-instances/some-process-group/some-process-model/*", "delete"), ("/process-instances/some-process-group:some-process-model/*", "delete"),
("/process-instances/some-process-group/some-process-model/*", "read"), ("/process-instances/some-process-group:some-process-model/*", "read"),
("/process-instances/some-process-group/some-process-model/*", "update"), ("/process-instances/some-process-group:some-process-model/*", "update"),
("/process-models/some-process-group/some-process-model/*", "create"), ("/process-models/some-process-group:some-process-model/*", "create"),
("/process-models/some-process-group/some-process-model/*", "delete"), ("/process-models/some-process-group:some-process-model/*", "delete"),
("/process-models/some-process-group/some-process-model/*", "read"), ("/process-models/some-process-group:some-process-model/*", "read"),
("/process-models/some-process-group/some-process-model/*", "update"), ("/process-models/some-process-group:some-process-model/*", "update"),
("/task-data/some-process-group/some-process-model/*", "create"), ("/task-data/some-process-group:some-process-model/*", "create"),
("/task-data/some-process-group/some-process-model/*", "delete"), ("/task-data/some-process-group:some-process-model/*", "delete"),
("/task-data/some-process-group/some-process-model/*", "read"), ("/task-data/some-process-group:some-process-model/*", "read"),
("/task-data/some-process-group/some-process-model/*", "update"), ("/task-data/some-process-group:some-process-model/*", "update"),
] ]
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PM:/some-process-group/some-process-model" "all", "PM:/some-process-group/some-process-model"
@ -311,10 +311,10 @@ class TestAuthorizationService(BaseTest):
"""Test_explode_permissions_start_on_process_model.""" """Test_explode_permissions_start_on_process_model."""
expected_permissions = [ expected_permissions = [
( (
"/process-instances/for-me/some-process-group/some-process-model/*", "/process-instances/for-me/some-process-group:some-process-model/*",
"read", "read",
), ),
("/process-instances/some-process-group/some-process-model/*", "create"), ("/process-instances/some-process-group:some-process-model/*", "create"),
] ]
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"start", "PM:/some-process-group/some-process-model" "start", "PM:/some-process-group/some-process-model"