Merge pull request #5 from sumesh-aot/auth-changes

Auth changes
AOT-Technologies · Jan 14, 2025 · 1f0f7c5 · 1f0f7c5
2 parents 69387ec + cf5cd28
commit 1f0f7c5
Show file tree

Hide file tree

Showing 37 changed files with 1,875 additions and 64 deletions.
diff --git a/spiffworkflow-backend/migrations/alembic.ini b/spiffworkflow-backend/migrations/alembic.ini
@@ -1,6 +1,7 @@
 # A generic, single database configuration.
 
 [alembic]
+script_location = migrations
 # template used to generate migration files
 # file_template = %%(rev)s_%%(slug)s
 

diff --git a/spiffworkflow-backend/migrations/versions/1801292017d5_.py b/spiffworkflow-backend/migrations/versions/1801292017d5_.py
@@ -26,7 +26,7 @@ def upgrade():
     sa.Column('is_executable', sa.Boolean(), nullable=True),
     sa.Column('fault_or_suspend_on_exception', sa.String(), nullable=True),
     sa.Column('process_group', sa.String(), nullable=True),
-    sa.Column('content', sa.Text(), nullable=True),
+    sa.Column('content', sa.LargeBinary(), nullable=True),
     sa.Column('type', sa.String(), nullable=True),
     sa.Column('bpmn_version_control_identifier', sa.String(), nullable=True),
     sa.PrimaryKeyConstraint('process_id')

diff --git a/spiffworkflow-backend/migrations/versions/c8f64c8333d2_.py b/spiffworkflow-backend/migrations/versions/c8f64c8333d2_.py
@@ -1,7 +1,7 @@
 """empty message
 
 Revision ID: c8f64c8333d2
-Revises: d4b900e71852
+Revises: ffef09e6ddf1
 Create Date: 2024-06-14 16:41:02.361125
 
 """
@@ -11,7 +11,7 @@
 
 # revision identifiers, used by Alembic.
 revision = 'c8f64c8333d2'
-down_revision = 'd4b900e71852'
+down_revision = 'ffef09e6ddf1'
 branch_labels = None
 depends_on = None
 

diff --git a/spiffworkflow-backend/migrations/versions/da22d9039670_.py b/spiffworkflow-backend/migrations/versions/da22d9039670_.py
@@ -0,0 +1,40 @@
+"""empty message
+
+Revision ID: da22d9039670
+Revises: 384e2bbda36b
+Create Date: 2024-09-17 15:13:48.384925
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'da22d9039670'
+down_revision = '384e2bbda36b'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('human_task_user', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('ended_at_in_seconds', sa.Integer(), nullable=True))
+        batch_op.add_column(sa.Column('created_at_in_seconds', sa.Integer(), nullable=True))
+
+    # with op.batch_alter_table('task', schema=None) as batch_op:
+    #     batch_op.drop_constraint('guid', type_='unique')
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    # with op.batch_alter_table('task', schema=None) as batch_op:
+    #     batch_op.create_unique_constraint('guid', ['guid'])
+
+    with op.batch_alter_table('human_task_user', schema=None) as batch_op:
+        batch_op.drop_column('created_at_in_seconds')
+        batch_op.drop_column('ended_at_in_seconds')
+
+    # ### end Alembic commands ###
diff --git a/spiffworkflow-backend/migrations/versions/f31dfbe97509_formsflow_role_mappings.py b/spiffworkflow-backend/migrations/versions/f31dfbe97509_formsflow_role_mappings.py
@@ -0,0 +1,115 @@
+"""formsflow_role_mappings
+
+Revision ID: f31dfbe97509
+Revises: da22d9039670
+Create Date: 2024-10-23 13:56:41.952250
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = 'f31dfbe97509'
+down_revision = 'da22d9039670'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Step 1: Check and insert into Group table
+    permission_targets = {}
+    groups = {}
+    for target_uri in ['/*', '/task-filters', '/task-filters/*', '/task/*', '/key/*', '/process-definition/*',
+                       '/process-definition', '/deployment/create']:
+        permission_target_id = op.get_bind().execute(sa.text(f"""
+                INSERT INTO permission_target (uri)
+                SELECT '{target_uri}' 
+                WHERE NOT EXISTS (SELECT id FROM permission_target WHERE uri = '{target_uri}')
+                RETURNING id;
+            """)).fetchone()
+
+        if permission_target_id is None:
+            permission_target_id = op.get_bind().execute(sa.text(f"""
+                    SELECT id FROM permission_target WHERE uri = '{target_uri}';
+                """)).fetchone()
+
+        permission_targets[target_uri] = permission_target_id[0]
+
+    for group in ['camunda-admin', 'view_filters', 'view_tasks', 'manage_tasks', 'create_submissions', 'view_designs',
+                  'create_designs']:
+        group_id = op.get_bind().execute(sa.text(f"""
+                        INSERT INTO "group" (identifier)
+                        SELECT '{group}' 
+                        WHERE NOT EXISTS (SELECT id FROM "group" WHERE identifier = '{group}')
+                        RETURNING id;
+                    """)).fetchone()
+
+        if group_id is None:
+            group_id = op.get_bind().execute(sa.text(f"""
+                            SELECT id FROM "group" WHERE identifier = '{group}';
+                        """)).fetchone()
+        group_id = group_id[0]
+        groups[group] = {"id": group_id}
+
+        # INSERT Into principal
+        principal_id = op.get_bind().execute(sa.text(f"""
+                                INSERT INTO principal (group_id)
+                                SELECT {group_id}
+                                WHERE NOT EXISTS (SELECT id FROM principal WHERE group_id = :group_id)
+                                RETURNING id;
+                            """), {'group_id': group_id}).fetchone()
+
+        if principal_id is None:
+            principal_id = op.get_bind().execute(sa.text(f"""
+                                    SELECT id FROM principal WHERE group_id = :group_id
+                                    
+                                """), {'group_id': group_id}).fetchone()
+        groups[group].update({"principal_id": principal_id[0]})
+
+    # Insert into permission_assignment
+    for permission_target_uri in permission_targets.keys():
+        if permission_target_uri == '/*':
+            # Allowed for all reads and create for camunda-admin
+            for grant_type in ['read', 'create']:
+                principal_id = groups['camunda-admin'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+
+        elif permission_target_uri in ["/task-filters", "/task-filters/*", "/task/*"]:
+            # Allowed for all reads and create for view_tasks
+            for grant_type in ['read', 'create']:
+                principal_id = groups['view_tasks'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+        elif permission_target_uri in ["/key/*"]:
+            # Allowed for all reads and create for create_submissions
+            for grant_type in ['read', 'create']:
+                principal_id = groups['create_submissions'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+        elif permission_target_uri in ["/process-definition/*", "/process-definition"]:
+            # Allowed for all reads and create for view_designs
+            for grant_type in ['read', 'create']:
+                principal_id = groups['view_designs'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+        elif permission_target_uri in ["/deployment/create"]:
+            # Allowed for all reads and create for create_designs
+            for grant_type in ['read', 'create']:
+                principal_id = groups['create_designs'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+
+
+def _insert_into_permission_assignment(grant_type, permission_target_id, principal_id):
+    permission_assignment = op.get_bind().execute(sa.text(f"""
+                                            SELECT id FROM permission_assignment 
+                                            WHERE principal_id = {principal_id} 
+                                            AND permission_target_id = {permission_target_id}
+                                            AND grant_type = 'permit'
+                                            AND permission = '{grant_type}';
+                                        """)).fetchone()
+    if not permission_assignment:
+        op.get_bind().execute(sa.text(f"""INSERT INTO permission_assignment 
+                                                (principal_id, permission_target_id, grant_type, permission)
+                                                VALUES ({principal_id}, {permission_target_id}, 'permit', '{grant_type}');
+                                            """))
+
+
+def downgrade():
+    pass
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py
@@ -91,7 +91,7 @@ def create_app() -> flask.app.Flask:
     ]
     CORS(app, origins=origins_re, max_age=3600, supports_credentials=True)
 
-    connexion_app.add_api("api.yml", base_path=V1_API_PATH_PREFIX, pythonic_params=True)
+    connexion_app.add_api("api.yml", base_path=V1_API_PATH_PREFIX, pythonic_params=False)
 
     app.json = MyJSONEncoder(app)