orchestrator-core
orchestrator-core copied to clipboard
workfloworchestrator
[Feature]: Add Role based access control to running workflows - update task drown endpoint
Refinement of ticket after discussion on 11-2:
Requirements:
- Ability to assign privileges per group
- Ability to check privileges halfway a workflow
- Make it possible to check authorization at each input type step like suspend, callback input steps (iow when a user/proces changes the workflow into running state)
- Dropped requirement: ability to change the minimal rights in the UI. This should be a handled by the auth implementation of the application
Suggested solution
- [ ] Extend the graphql calls for populating the Tasks dropdown menu items, to include a state flag (eg isAllowed bool) to rendering the workflow item in normal or disabled state.
"data": {
"workflows": {
"page": [
{
"name": "task_clean_up_tasks",
"description": "Clean up old tasks",
"isAllowed": "true" ------------------> add this attribute
},
{
"name": "task_resume_workflows",
"description": "Resume all workflows that are stuck on tasks with the status 'waiting'"
"isAllowed": "false" ------------------> add this attribute
},
In other tickets:
-
Extend the stepdecorator to call an optional function, which is performing the isAllowed function by the attribute workflow_name, workflow_step_name (optional) and user. If this function returns true the workflow (step) can be executed.
- Update the https://github.com/update, @inputstep and @workflow decorators to include the isAllowed function. #782
-
Extend the graphql calls for populating the Start dropdown menu items, to include a state flag (eg isAllowed bool) to rendering the workflow item in normal or disabled state. #821
