Skip to content

Commit

Permalink
Changes to map formsflow groups to spiff groups
Browse files Browse the repository at this point in the history
  • Loading branch information
@sumesh-aot
sumesh-aot committed Jun 14, 2024
1 parent 9150bb7 commit fd1372b
Show file tree
Hide file tree
Showing 7 changed files with 113 additions and 26 deletions.
16 changes: 8 additions & 8 deletions spiffworkflow-backend/bin/recreate_db
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,9 @@ if [[ "${1:-}" == "clean" ]]; then

if [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-mysql}" == "sqlite" ]]; then
rm -f ./src/instance/*.sqlite3
elif [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-mysql}" == "mysql" ]]; then
mysql -h "$database_host" -uroot -e "DROP DATABASE IF EXISTS spiffworkflow_backend_local_development"
mysql -h "$database_host" -uroot -e "DROP DATABASE IF EXISTS spiffworkflow_backend_unit_testing"
# elif [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-mysql}" == "mysql" ]]; then
# mysql -h "$database_host" -uroot -e "DROP DATABASE IF EXISTS spiffworkflow_backend_local_development"
# mysql -h "$database_host" -uroot -e "DROP DATABASE IF EXISTS spiffworkflow_backend_unit_testing"
elif [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-}" == "postgres" ]]; then
# TODO: check to see if the db already exists and we can connect to it. also actually clean it up.
# start postgres in background with one db
Expand Down Expand Up @@ -79,11 +79,11 @@ else
tasks="$tasks upgrade"
fi

if [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-mysql}" == "mysql" ]]; then
mysql -h "$database_host" -uroot -e "CREATE DATABASE IF NOT EXISTS spiffworkflow_backend_local_development"
mysql -h "$database_host" -uroot -e "CREATE DATABASE IF NOT EXISTS spiffworkflow_backend_unit_testing"
fi

#if [[ "${SPIFFWORKFLOW_BACKEND_DATABASE_TYPE:-mysql}" == "mysql" ]]; then
# mysql -h "$database_host" -uroot -e "CREATE DATABASE IF NOT EXISTS spiffworkflow_backend_local_development"
# mysql -h "$database_host" -uroot -e "CREATE DATABASE IF NOT EXISTS spiffworkflow_backend_unit_testing"
#fi
echo "$tasks"
for task in $tasks; do
SPIFFWORKFLOW_BACKEND_ENV=local_development FLASK_APP=src/spiffworkflow_backend poetry run flask db "$task"
done
Expand Down
23 changes: 23 additions & 0 deletions spiffworkflow-backend/db-docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
version: "3.7"

services:
spiffdb:
image: postgres:11
restart: unless-stopped
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
ports:
- "1111:5432"
volumes:
- db-data:/var/lib/postgresql/data1
networks:
- forms-flow-spiff-network

networks:
forms-flow-spiff-network:
driver: 'bridge'
volumes:
db-data:
driver: local
19 changes: 19 additions & 0 deletions spiffworkflow-backend/src/spiffworkflow_backend/api.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -582,6 +582,25 @@ paths:
schema:
$ref: "#/components/schemas/ProcessModel"

/deployment/create:
post:
operationId: spiffworkflow_backend.routes.process_models_controller.process_model_create
summary: Creates a new process model with the given parameters.
tags:
- Process Models
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/ProcessModel"
responses:
"201":
description: Process model created successfully.
content:
application/json:
schema:
$ref: "#/components/schemas/ProcessModel"

/process-model-natural-language/{modified_process_group_id}:
parameters:
- name: modified_process_group_id
Expand Down
12 changes: 10 additions & 2 deletions spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@
from werkzeug.utils import ImportStringError

from spiffworkflow_backend.services.logging_service import setup_logger_for_app
from dotenv import find_dotenv, load_dotenv


# this will load all the envars from a .env file located in the project root (api)
load_dotenv(find_dotenv())

HTTP_REQUEST_TIMEOUT_SECONDS = 15
CONNECTOR_PROXY_COMMAND_TIMEOUT = 45
Expand Down Expand Up @@ -206,6 +211,9 @@ def setup_config(app: Flask) -> None:
# src/spiffworkflow_backend/config/secrets.py
app.config.from_pyfile(os.path.join("config", "secrets.py"), silent=True)

app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] = os.environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR")
print('----->',os.environ.get("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"))
print("app.config[SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR] ", app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"])
if app.config["SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR"] is None:
raise ConfigurationError("SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR config must be set")

Expand All @@ -228,7 +236,7 @@ def setup_config(app: Flask) -> None:
app.config["MAX_INSTANCE_LOCK_DURATION_IN_SECONDS"] = int(
app.config["SPIFFWORKFLOW_BACKEND_MAX_INSTANCE_LOCK_DURATION_IN_SECONDS"]
)

app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID"] = os.environ.get("SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID")
if app.config.get("SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS") is None:
app.config["SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS"] = [
{
Expand All @@ -254,7 +262,7 @@ def setup_config(app: Flask) -> None:
"Could not find the directory specified with SPIFFWORKFLOW_BACKEND_PROCESS_INSTANCE_FILE_DATA_FILESYSTEM_PATH: "
f"{app.config['SPIFFWORKFLOW_BACKEND_PROCESS_INSTANCE_FILE_DATA_FILESYSTEM_PATH']}"
)

app.config["SPIFFWORKFLOW_BACKEND_WORKFLOW_ADMIN_GROUP"] = os.environ.get("SPIFFWORKFLOW_BACKEND_WORKFLOW_ADMIN_GROUP")
thread_local_data = threading.local()
app.config["THREAD_LOCAL_DATA"] = thread_local_data
_set_up_tenant_specific_fields_as_list_of_strings(app)
Expand Down
4 changes: 3 additions & 1 deletion spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ def has_permission(cls, principals: list[PrincipalModel], permission: str, targe
# to check for exact matches as well
# see test_user_can_access_base_path_when_given_wildcard_permission unit test
func.REPLACE(func.REPLACE(PermissionTargetModel.uri, "/%", ""), ":%", "") == target_uri_normalized,
PermissionTargetModel.uri == "/*"
)
)
.all()
Expand Down Expand Up @@ -461,6 +462,7 @@ def create_user_from_sign_in(cls, user_info: dict) -> UserModel:
if current_app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_IS_AUTHORITY_FOR_USER_GROUPS"]:
if "groups" in user_info:
desired_group_identifiers = user_info["groups"]
desired_group_identifiers = [desired_group_identifier.lstrip("/") for desired_group_identifier in desired_group_identifiers]

for field_index, tenant_specific_field in enumerate(
current_app.config["SPIFFWORKFLOW_BACKEND_OPEN_ID_TENANT_SPECIFIC_FIELDS"]
Expand Down Expand Up @@ -498,7 +500,7 @@ def create_user_from_sign_in(cls, user_info: dict) -> UserModel:
)
else:
for desired_group_identifier in desired_group_identifiers:
UserService.add_user_to_group_by_group_identifier(user_model, desired_group_identifier)
UserService.add_user_to_group_by_group_identifier(user_model, desired_group_identifier.lstrip('/'))
current_group_identifiers = [g.identifier for g in user_model.groups]
groups_to_remove_from_user = [item for item in current_group_identifiers if item not in desired_group_identifiers]
for gtrfu in groups_to_remove_from_user:
Expand Down
52 changes: 37 additions & 15 deletions spiffworkflow-backend/src/spiffworkflow_backend/services/user_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
from spiffworkflow_backend.models.human_task_user import HumanTaskUserModel
from spiffworkflow_backend.models.principal import MissingPrincipalError
from spiffworkflow_backend.models.principal import PrincipalModel
from spiffworkflow_backend.models.permission_assignment import PermissionAssignmentModel, Permission
from spiffworkflow_backend.models.permission_target import PermissionTargetModel
from spiffworkflow_backend.models.user import SPIFF_GUEST_USER
from spiffworkflow_backend.models.user import SPIFF_SYSTEM_USER
from spiffworkflow_backend.models.user import UserModel
Expand All @@ -27,15 +29,15 @@ class UserService:

@classmethod
def create_user(
cls,
username: str,
service: str,
service_id: str,
email: str | None = "",
display_name: str | None = "",
tenant_specific_field_1: str | None = None,
tenant_specific_field_2: str | None = None,
tenant_specific_field_3: str | None = None,
cls,
username: str,
service: str,
service_id: str,
email: str | None = "",
display_name: str | None = "",
tenant_specific_field_1: str | None = None,
tenant_specific_field_2: str | None = None,
tenant_specific_field_3: str | None = None,
) -> UserModel:
user_model: UserModel | None = (
UserModel.query.filter(UserModel.service == service).filter(UserModel.service_id == service_id).first()
Expand Down Expand Up @@ -130,7 +132,7 @@ def add_user_to_group(cls, user: UserModel, group: GroupModel) -> None:

@classmethod
def add_waiting_group_assignment(
cls, username: str, group: GroupModel
cls, username: str, group: GroupModel
) -> tuple[UserGroupAssignmentWaitingModel, list[UserToGroupDict]]:
"""Only called from set-permissions."""
wugam: UserGroupAssignmentWaitingModel | None = (
Expand All @@ -155,7 +157,8 @@ def add_waiting_group_assignment(
@classmethod
def apply_waiting_group_assignments(cls, user: UserModel) -> None:
"""Only called from create_user which is normally called at sign-in time"""
waiting = UserGroupAssignmentWaitingModel().query.filter(UserGroupAssignmentWaitingModel.username == user.username).all()
waiting = UserGroupAssignmentWaitingModel().query.filter(
UserGroupAssignmentWaitingModel.username == user.username).all()
for assignment in waiting:
cls.add_user_to_group(user, assignment.group)
db.session.delete(assignment)
Expand All @@ -171,15 +174,17 @@ def apply_waiting_group_assignments(cls, user: UserModel) -> None:

@staticmethod
def get_user_by_service_and_service_id(service: str, service_id: str) -> UserModel | None:
user: UserModel = UserModel.query.filter(UserModel.service == service).filter(UserModel.service_id == service_id).first()
user: UserModel = UserModel.query.filter(UserModel.service == service).filter(
UserModel.service_id == service_id).first()
if user:
return user
return None

@classmethod
def add_user_to_human_tasks_if_appropriate(cls, user: UserModel) -> None:
group_ids = [g.id for g in user.groups]
human_tasks = HumanTaskModel.query.filter(HumanTaskModel.lane_assignment_id.in_(group_ids)).all() # type: ignore
human_tasks = HumanTaskModel.query.filter(
HumanTaskModel.lane_assignment_id.in_(group_ids)).all() # type: ignore
for human_task in human_tasks:
human_task_user = HumanTaskUserModel(user_id=user.id, human_task_id=human_task.id)
db.session.add(human_task_user)
Expand Down Expand Up @@ -229,13 +234,29 @@ def find_or_create_group(cls, group_identifier: str) -> GroupModel:
if group is None:
group = GroupModel(identifier=group_identifier)
db.session.add(group)
if group_identifier == current_app.config["SPIFFWORKFLOW_BACKEND_WORKFLOW_ADMIN_GROUP"]:
# If the group is for workflow admin, add them to /* permission
all_perm: PermissionTargetModel = PermissionTargetModel.query.filter_by(uri="/*").first()
# Insert a Principal for this group
db.session.flush()
db.session.refresh(group)
principal = PrincipalModel(group_id=group.id)
db.session.add(principal)
db.session.flush()
db.session.refresh(principal)
# Insert Permission Assignments
for permission in Permission:
permission_assignment = PermissionAssignmentModel(principal_id=principal.id,
permission_target_id=all_perm.id, grant_type="permit",
permission=permission.value)
db.session.add(permission_assignment)
db.session.commit()
cls.create_principal(group.id, id_column_name="group_id")
return group

@classmethod
def add_user_to_group_or_add_to_waiting(
cls, username: str | UserModel, group_identifier: str
cls, username: str | UserModel, group_identifier: str
) -> tuple[UserGroupAssignmentWaitingModel | None, list[UserToGroupDict] | None]:
group = cls.find_or_create_group(group_identifier)
user = UserModel.query.filter_by(username=username).first()
Expand Down Expand Up @@ -266,7 +287,8 @@ def remove_user_from_group(cls, user: UserModel, group_identifier: str) -> None:
db.session.commit()

@classmethod
def find_or_create_guest_user(cls, username: str = SPIFF_GUEST_USER, group_identifier: str = SPIFF_GUEST_GROUP) -> UserModel:
def find_or_create_guest_user(cls, username: str = SPIFF_GUEST_USER,
group_identifier: str = SPIFF_GUEST_GROUP) -> UserModel:
user: UserModel | None = UserModel.query.filter_by(
username=username, service="spiff_guest_service", service_id="spiff_guest_service_id"
).first()
Expand Down
13 changes: 13 additions & 0 deletions start.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/bash
start_time=$(date +%s)

docker-compose up -d

# Loop until curl command exits with a success status
until curl -f localhost:8000/v1.0/status; do
echo "Waiting for container to become ready..."
sleep 1
done

end_time=$(date +%s)
echo "Container is ready after $((end_time - start_time)) seconds."

0 comments on commit fd1372b

Please sign in to comment.