Adding new endpoints

AOT-Technologies · Oct 25, 2024 · b550880 · b550880
1 parent d1eadbc
commit b550880
Show file tree

Hide file tree

Showing 6 changed files with 331 additions and 83 deletions.
diff --git a/spiffworkflow-backend/migrations/versions/f31dfbe97509_formsflow_role_mappings.py b/spiffworkflow-backend/migrations/versions/f31dfbe97509_formsflow_role_mappings.py
@@ -0,0 +1,115 @@
+"""formsflow_role_mappings
+
+Revision ID: f31dfbe97509
+Revises: da22d9039670
+Create Date: 2024-10-23 13:56:41.952250
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = 'f31dfbe97509'
+down_revision = 'da22d9039670'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Step 1: Check and insert into Group table
+    permission_targets = {}
+    groups = {}
+    for target_uri in ['/*', '/task-filters', '/task-filters/*', '/task/*', '/key/*', '/process-definition/*',
+                       '/process-definition', '/deployment/create']:
+        permission_target_id = op.get_bind().execute(sa.text(f"""
+                INSERT INTO permission_target (uri)
+                SELECT '{target_uri}' 
+                WHERE NOT EXISTS (SELECT id FROM permission_target WHERE uri = '{target_uri}')
+                RETURNING id;
+            """)).fetchone()
+
+        if permission_target_id is None:
+            permission_target_id = op.get_bind().execute(sa.text(f"""
+                    SELECT id FROM permission_target WHERE uri = '{target_uri}';
+                """)).fetchone()
+
+        permission_targets[target_uri] = permission_target_id[0]
+
+    for group in ['camunda-admin', 'view_filters', 'view_tasks', 'manage_tasks', 'create_submissions', 'view_designs',
+                  'create_designs']:
+        group_id = op.get_bind().execute(sa.text(f"""
+                        INSERT INTO "group" (identifier)
+                        SELECT '{group}' 
+                        WHERE NOT EXISTS (SELECT id FROM "group" WHERE identifier = '{group}')
+                        RETURNING id;
+                    """)).fetchone()
+
+        if group_id is None:
+            group_id = op.get_bind().execute(sa.text(f"""
+                            SELECT id FROM "group" WHERE identifier = '{group}';
+                        """)).fetchone()
+        group_id = group_id[0]
+        groups[group] = {"id": group_id}
+
+        # INSERT Into principal
+        principal_id = op.get_bind().execute(sa.text(f"""
+                                INSERT INTO principal (group_id)
+                                SELECT {group_id}
+                                WHERE NOT EXISTS (SELECT id FROM principal WHERE group_id = :group_id)
+                                RETURNING id;
+                            """), {'group_id': group_id}).fetchone()
+
+        if principal_id is None:
+            principal_id = op.get_bind().execute(sa.text(f"""
+                                    SELECT id FROM principal WHERE group_id = :group_id
+                                    
+                                """), {'group_id': group_id}).fetchone()
+        groups[group].update({"principal_id": principal_id[0]})
+
+    # Insert into permission_assignment
+    for permission_target_uri in permission_targets.keys():
+        if permission_target_uri == '/*':
+            # Allowed for all reads and create for camunda-admin
+            for grant_type in ['read', 'create']:
+                principal_id = groups['camunda-admin'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+
+        elif permission_target_uri in ["/task-filters", "/task-filters/*", "/task/*"]:
+            # Allowed for all reads and create for view_tasks
+            for grant_type in ['read', 'create']:
+                principal_id = groups['view_tasks'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+        elif permission_target_uri in ["/key/*"]:
+            # Allowed for all reads and create for create_submissions
+            for grant_type in ['read', 'create']:
+                principal_id = groups['create_submissions'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+        elif permission_target_uri in ["/process-definition/*", "/process-definition"]:
+            # Allowed for all reads and create for view_designs
+            for grant_type in ['read', 'create']:
+                principal_id = groups['view_designs'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+        elif permission_target_uri in ["/deployment/create"]:
+            # Allowed for all reads and create for create_designs
+            for grant_type in ['read', 'create']:
+                principal_id = groups['create_designs'].get("principal_id")
+                _insert_into_permission_assignment(grant_type, permission_targets[permission_target_uri], principal_id)
+
+
+def _insert_into_permission_assignment(grant_type, permission_target_id, principal_id):
+    permission_assignment = op.get_bind().execute(sa.text(f"""
+                                            SELECT id FROM permission_assignment 
+                                            WHERE principal_id = {principal_id} 
+                                            AND permission_target_id = {permission_target_id}
+                                            AND grant_type = 'permit'
+                                            AND permission = '{grant_type}';
+                                        """)).fetchone()
+    if not permission_assignment:
+        op.get_bind().execute(sa.text(f"""INSERT INTO permission_assignment 
+                                                (principal_id, permission_target_id, grant_type, permission)
+                                                VALUES ({principal_id}, {permission_target_id}, 'permit', '{grant_type}');
+                                            """))
+
+
+def downgrade():
+    pass
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/api.yml b/spiffworkflow-backend/src/spiffworkflow_backend/api.yml
@@ -3459,21 +3459,28 @@ paths:
                               type: string
                     _embedded:
                       type: object
-#                      properties:
-#                        assignee:
-#                          type: array
-#                          items:
-#                            $ref: '#/components/schemas/FfUser'
-#                        processDefinition:
-#                          type: array
-#                          items:
-#                            $ref: '#/components/schemas/ProcessDefinition'
-#                        task:
-#                          type: array
-#                          items:
-#                            $ref: '#/components/schemas/FfTask'
                     count:
                       type: integer
+  /task-filters/count:
+    post:
+      summary: Retrieve filtered tasks count based on pagination and other criteria
+      operationId: spiffworkflow_backend.routes.ff_tasks_controller.filter_tasks_count
+      responses:
+        "200":
+          description: Successfully retrieved filtered tasks count
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    name:
+                      type: string
+                    count:
+                      type: integer
+                    id:
+                      type: integer
   /task/{task_id}:
     parameters:
       - name: task_id
@@ -3495,6 +3502,48 @@ paths:
               schema:
                 $ref: "#/components/schemas/Task"
 
+  /task/{task_id}/variables:
+    parameters:
+      - name: task_id
+        in: path
+        required: true
+        description: "The unique id of an existing task guid."
+        schema:
+          type: string
+    get:
+      tags:
+        - Tasks
+      operationId: spiffworkflow_backend.routes.ff_tasks_controller.get_task_variables_by_id
+      summary: "Get task variables"
+      responses:
+        "200":
+          description: "One task"
+          content:
+            application/json:
+              schema:
+                type: object
+
+  /task/{task_id}/identity-links:
+    parameters:
+      - name: task_id
+        in: path
+        required: true
+        description: "The unique id of an existing task guid."
+        schema:
+          type: string
+    get:
+      tags:
+        - Tasks
+      operationId: spiffworkflow_backend.routes.ff_tasks_controller.get_task_identity_links_by_id
+      summary: "Get identity links"
+      responses:
+        "200":
+          description: "One task"
+          content:
+            application/json:
+              schema:
+                type: array
+
 
   /task/{task_id}/claim:
     post: