From 7f13c00ac111fa0dde8a30ef6cd438135ee98170 Mon Sep 17 00:00:00 2001 From: burnettk Date: Fri, 25 Nov 2022 13:32:44 -0500 Subject: [PATCH 1/2] do not allow starting vendor invoice approval process for demo users --- .../spiffworkflow_backend/config/permissions/development.yml | 5 ----- .../config/permissions/terraform_deployed_environment.yml | 5 ----- 2 files changed, 10 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml index ad300711..b236d157 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml @@ -163,11 +163,6 @@ permissions: users: [] allowed_permissions: [create] uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances - demo-models-instantiate-invoice-approval: - groups: ["demo"] - users: [] - allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances demo-models-instantiate-vendor-core-invoice_appoval: groups: ["demo"] users: [] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml index 3a01062e..a36aa7e5 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml @@ -163,11 +163,6 @@ permissions: users: [] allowed_permissions: [create] uri: /v1.0/process-models/manage-procurement:vendor-lifecycle-management:vendor-md-maintenance:vendor-md-creation/process-instances - demo-models-instantiate-invoice-approval: - groups: ["demo"] - users: [] - allowed_permissions: [create] - uri: /v1.0/process-models/manage-procurement:procurement:vendor-invoice-management:invoice-approval/process-instances demo-models-instantiate-vendor-core-invoice_appoval: groups: ["demo"] users: [] From 813c1176e61370f344e840189f21562927007f7a Mon Sep 17 00:00:00 2001 From: burnettk Date: Fri, 25 Nov 2022 14:37:50 -0500 Subject: [PATCH 2/2] no global read since that gives configuration as well --- .../config/permissions/development.yml | 24 ++++++++----------- .../terraform_deployed_environment.yml | 24 ++++++++----------- 2 files changed, 20 insertions(+), 28 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml index b236d157..81ea9225 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/development.yml @@ -72,24 +72,19 @@ groups: users: [core] permissions: + admin: + groups: [admin] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /* + tasks-crud: groups: [everybody] users: [] allowed_permissions: [create, read, update, delete] uri: /v1.0/tasks/* - admin: - groups: [admin] - users: [] - allowed_permissions: [create, read, update, delete, list, instantiate] - uri: /* - - read-all: - groups: ["Finance Team", "Project Lead", admin] - users: [] - allowed_permissions: [read] - uri: /* - + # read all for everybody read-all-process-groups: groups: [everybody] users: [] @@ -100,17 +95,18 @@ permissions: users: [] allowed_permissions: [read] uri: /v1.0/process-models/* - read-process-instance-list: + read-all-process-instance: groups: [everybody] users: [] allowed_permissions: [read] - uri: /v1.0/process-instances + uri: /v1.0/process-instances/* read-process-instance-reports: groups: [everybody] users: [] allowed_permissions: [read] uri: /v1.0/process-instances/reports/* + manage-procurement-admin: groups: ["Project Lead"] users: [] diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml index a36aa7e5..23389273 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml @@ -72,24 +72,19 @@ groups: users: [core] permissions: + admin: + groups: [admin] + users: [] + allowed_permissions: [create, read, update, delete] + uri: /* + tasks-crud: groups: [everybody] users: [] allowed_permissions: [create, read, update, delete] uri: /v1.0/tasks/* - admin: - groups: [admin] - users: [] - allowed_permissions: [create, read, update, delete, list, instantiate] - uri: /* - - read-all: - groups: ["Finance Team", "Project Lead", admin] - users: [] - allowed_permissions: [read] - uri: /* - + # read all for everybody read-all-process-groups: groups: [everybody] users: [] @@ -100,17 +95,18 @@ permissions: users: [] allowed_permissions: [read] uri: /v1.0/process-models/* - read-process-instance-list: + read-all-process-instance: groups: [everybody] users: [] allowed_permissions: [read] - uri: /v1.0/process-instances + uri: /v1.0/process-instances/* read-process-instance-reports: groups: [everybody] users: [] allowed_permissions: [read] uri: /v1.0/process-instances/reports/* + manage-procurement-admin: groups: ["Project Lead"] users: []