Merge guest flow into unauth flow

[jasquat]

This removes much of the old implementation for guest tasks and merges it with the public unauth system.

testing notes:

• see Unauthed endpoint support #1210
• ensure that several guests tasks in a row are all presented to the guest user, even on celery environments like dev.mod or timetracking

Summary by CodeRabbit

• New Features
  • Introduced a new endpoint for retrieving single tasks for user completion.
  • Added new models and classes to enhance process and task management capabilities.
  • Implemented a new React component for handling public form displays and submissions.
  • Updated URL path conventions for better consistency and readability.
• Bug Fixes
  • Corrected a typo in the process group list tiles display text.
  • Improved URL validation logic to allow for optional top-level domains.
• Documentation
  • Added instructions for end-users in test BPMN files.
• Refactor
  • Streamlined authentication and token processing logic.
  • Simplified permission checking and task handling code.
  • Removed unused imports and deprecated logic related to guest user handling.
• Style
  • Removed unnecessary semicolons and commented-out code.
  • Adjusted page elements rendering for clarity and consistency.
• Tests
  • Enhanced testing for task completion and URL generation functionalities.
  • Added new tests for public form submission and process initiation.
• Chores
  • Updated .gitignore to exclude Cypress downloads from Git tracking.
• Revert
  • N/A

[coderabbitai]

Walkthrough

Walkthrough

The recent updates to the SpiffWorkflow backend and frontend introduce enhancements and simplifications across the system. Key changes include the addition of a new endpoint for retrieving tasks, the removal of guest token creation and forced logout logic, and improvements in task handling and error management. The frontend sees adjustments in authentication flow, URL validation, and public form handling, aiming for a more streamlined user experience and codebase.

Changes

File Path	Change Summary
.../api.yml	Added GET endpoint in public_controller for task retrieval.
.../authentication_controller.py	Removed guest token logic and user logout forcing. Adjusted token processing.
.../process_api_blueprint.py	Added imports, exceptions, models, and functions for task data processing.
.../public_controller.py	Modified imports, response structures; added form_show and _assign_task_if_guest functions.
.../tasks_controller.py	Simplified codebase, improved task handling and error management.
.../get_url_for_task_with_bpmn_identifier.py	Updated URL generation logic to include/exclude /public segment.
.../authorization_service.py	Adjusted public authentication exclusion list and simplified permission checks.
.../config/permissions/...	Updated permissions for public access in acceptance_tests.yml and local_development.yml.
spiffworkflow-frontend/.gitignore	Excluded Cypress downloads directory from Git tracking.
spiffworkflow-frontend/cypress/...	Updated Cypress tests for tasks and added commands.
spiffworkflow-frontend/src/App.tsx	Minor syntax correction.
spiffworkflow-frontend/src/components/...	Adjusted navigation and typo corrections in components.
spiffworkflow-frontend/src/helpers.test.tsx, .../helpers.tsx	Added test and modified URL validation regex in isURL function.
spiffworkflow-frontend/src/interfaces.ts	Renamed PublicTaskSubmitResponse to PublicTask.
spiffworkflow-frontend/src/routes/...	Simplified authentication flow, improved route handling, and component adjustments for public forms.
spiffworkflow-frontend/src/services/HttpService.ts	Updated URL path for sign-out redirection.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 9

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between f240d17 and c44a076.

Files selected for processing (21)

• spiffworkflow-backend/src/spiffworkflow_backend/api.yml (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py (4 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py (4 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/public_controller.py (5 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py (6 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_url_for_task_with_bpmn_identifier.py (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py (4 hunks)
• spiffworkflow-backend/tests/data/test-allow-guest/test_allow_guest.bpmn (1 hunks)
• spiffworkflow-backend/tests/data/test-get-url-for-task-with-bpmn-identifier/test-get-url-for-task-with-bpmn-identifier-non-public.bpmn (1 hunks)
• spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_public_controller.py (3 hunks)
• spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_tasks_controller.py (1 hunks)
• spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_url_for_task_with_bpmn_identifier.py (1 hunks)
• spiffworkflow-frontend/src/App.tsx (1 hunks)
• spiffworkflow-frontend/src/components/NavigationBar.tsx (1 hunks)
• spiffworkflow-frontend/src/components/ProcessGroupListTiles.tsx (1 hunks)
• spiffworkflow-frontend/src/interfaces.ts (1 hunks)
• spiffworkflow-frontend/src/routes/Login.tsx (3 hunks)
• spiffworkflow-frontend/src/routes/PublicRoutes.tsx (1 hunks)
• spiffworkflow-frontend/src/routes/TaskShow.tsx (6 hunks)
• spiffworkflow-frontend/src/routes/public/PublicForm.tsx (1 hunks)
• spiffworkflow-frontend/src/services/UserService.ts (2 hunks)

Files skipped from review due to trivial changes (1)

• spiffworkflow-frontend/src/components/ProcessGroupListTiles.tsx

Additional comments: 33

spiffworkflow-frontend/src/routes/PublicRoutes.tsx (2)

• 11-12: The update to use PublicForm for the route /tasks/:process_instance_id/:task_guid aligns well with the PR's objectives to streamline the handling of tasks for unauthenticated users. Good use of dynamic routing.
• 14-14: The introduction of PublicForm for the route /:modified_message_name is consistent with the goal of simplifying the user experience for unauthenticated users. This change is clear and well-implemented.

spiffworkflow-frontend/src/App.tsx (1)

• 27-27: The removal of the semicolon after <Outlet /> is a stylistic change that aligns with JSX best practices. This does not affect functionality and keeps the code clean.

spiffworkflow-backend/src/spiffworkflow_backend/scripts/get_url_for_task_with_bpmn_identifier.py (1)

• 42-51: The conditional inclusion of the /public segment in the URL based on the "public" key in kwargs is well-implemented. This change supports the differentiation between public and non-public tasks, aligning with the PR's objectives to streamline the handling of tasks for unauthenticated users.

spiffworkflow-frontend/src/routes/Login.tsx (1)

• 101-102: The simplification of the authentication flow by directly proceeding with login if only one authentication option is available is a positive change. It makes the code cleaner and the user experience more straightforward, aligning with the PR's objectives.

spiffworkflow-backend/tests/data/test-get-url-for-task-with-bpmn-identifier/test-get-url-for-task-with-bpmn-identifier-non-public.bpmn (1)

• 1-51: The BPMN file is correctly structured for testing the non-public URL generation functionality. It includes a script task that uses get_url_for_task_with_bpmn_identifier with public=False, which is relevant for verifying the script's behavior in a non-public context.

spiffworkflow-backend/tests/data/test-allow-guest/test_allow_guest.bpmn (1)

• 17-17: The addition of the spiffworkflow:instructionsForEndUser extension element is a thoughtful update that can enhance testing of user-facing features, aligning with the PR's objectives to improve the user experience for unauthenticated users.

spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_url_for_task_with_bpmn_identifier.py (2)

• 24-43: The new test case for getting URLs for tasks with BPMN identifiers, including the handling of public URLs, is well-structured and provides necessary coverage. It effectively verifies the script's functionality in the intended context, aligning with the PR's objectives.
• 45-57: The test case for getting non-public URLs is correctly implemented and crucial for ensuring the script behaves as expected in different visibility contexts. This thorough testing approach supports the PR's goal of improving task handling for unauthenticated users.

spiffworkflow-frontend/src/services/UserService.ts (1)

• 122-127: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

The removal of the onlyGuestTaskCompletion function and its associated logic from the UserService module simplifies the code and aligns with the PR's objectives of merging guest and unauth flows. This change positively impacts code maintainability and clarity.

spiffworkflow-frontend/src/routes/public/PublicForm.tsx (2)

• 88-94: The conditional rendering based on confirmationMessage is well-implemented. It ensures that users receive feedback upon successful form submission. This enhances the user experience by providing clear communication.
• 141-150: The loading state is correctly implemented, providing users with feedback that the application is processing their request. This is a good practice for improving the user experience during asynchronous operations.

spiffworkflow-frontend/src/interfaces.ts (1)

• 512-512: The renaming of PublicTaskSubmitResponse to PublicTask is a significant change that could affect many parts of the application. Ensure that all references to the old interface name have been updated across the entire codebase to prevent type errors.

Verification successful

---

The search for the old interface name PublicTaskSubmitResponse did not yield any results, indicating that it has likely been successfully updated or removed from the codebase. This suggests that the renaming to PublicTask has been handled appropriately, assuming all relevant files were included in the search. However, this verification focuses solely on the absence of the old interface name and does not assess the correct implementation or usage of the new interface name.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Search for old interface name usage in TypeScript files
rg --type ts 'PublicTaskSubmitResponse'

Length of output: 39

spiffworkflow-frontend/src/components/NavigationBar.tsx (1)

• 315-315: The removal of the condition related to UserService.onlyGuestTaskCompletion() simplifies the navigation logic, aligning with the PR's objective of merging guest and unauth flows. Ensure that this change does not inadvertently affect other parts of the application that might rely on the guest-specific logic.

spiffworkflow-backend/src/spiffworkflow_backend/routes/public_controller.py (2)

• 58-65: The response structure in message_form_show is well-defined, providing all necessary information for the frontend to render the form. However, ensure that the null values for task_guid and process_instance_id are intentional and handled correctly on the frontend.
• 231-259: The _assign_task_if_guest function introduces logic to assign a task to a guest user if allowed. This function is crucial for supporting the merged guest and unauth flows. Ensure that the error handling for when a completable task cannot be found is clear and provides sufficient information for debugging.

spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_public_controller.py (2)

• 41-47: Assertions related to JSON response keys and values have been modified in the test method test_can_get_a_form_from_message_start_event.

These changes align with the expected structure of the JSON response for form retrieval, ensuring the test accurately reflects the updated API behavior.

• 172-269: A new test method test_can_complete_complete_a_guest_task has been added to test task completion for a guest user.

This test method is well-structured and covers the process of completing a task as a guest user, including assertions for the task's state and response content. It's a valuable addition to ensure the functionality works as expected.

spiffworkflow-frontend/src/routes/TaskShow.tsx (3)

• 59-63: Simplified navigation logic in the navigateToInterstitial function.

This change streamlines the navigation process, making it more efficient and easier to maintain. Good job on improving the code readability and performance.

• 348-348: Removal of guestConfirmationText state and related logic, focusing on simplifying the handling of task submission and form rendering.

The removal of guest-specific logic and simplification of the authentication flow are in line with the PR objectives to merge guest and unauth flows. This change contributes to a cleaner and more maintainable codebase.

• 440-449: Updated page elements rendering based on task and data presence.

The adjustments made to the rendering of page elements ensure that the UI accurately reflects the current state of tasks and data. This enhances the user experience by providing relevant information and actions based on the task's state.

spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py (1)

• 16-25: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

The changes in authentication_controller.py involve removing logic related to creating guest tokens and forcing user logout based on certain criteria.

These changes align with the PR objectives to streamline the authentication process by removing guest-specific logic. This simplification can lead to a more maintainable and secure authentication flow.

spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_tasks_controller.py (1)

• 441-446: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

Given the removal of the test method related to guest tasks, it's important to ensure that the unified guest and unauth flow is adequately tested. Please verify that existing tests cover the scenarios previously tested by the removed method or consider adding new tests if necessary.

spiffworkflow-backend/src/spiffworkflow_backend/routes/process_api_blueprint.py (6)

• 2-2: Adding the os import suggests that file or directory path manipulations are introduced in this update. Ensure that any file system operations performed are secure and do not expose sensitive information or allow unauthorized access.
• 5-5: The introduction of TypedDict from the typing module is used for type annotations of dictionaries. This is a good practice for improving code readability and maintainability by making the expected structure of dictionaries clear.
• 26-28: The addition of new exceptions (HumanTaskAlreadyCompletedError, HumanTaskNotFoundError, UserDoesNotHaveAccessToTaskError) is a positive change, as it allows for more granular error handling and clearer error messages to the client. Ensure that these exceptions are properly documented and include all necessary information for debugging.
• 35-35: Adding ProcessInstanceStatus to models enhances the clarity and maintainability of the code by providing a clear enumeration of possible states for a process instance. This is a good practice for managing state transitions and related logic.
• 58-67: The introduction of TaskDataSelectOption and ReactJsonSchemaSelectOption classes using TypedDict improves type safety and code readability. It clearly defines the expected structure for task data select options and react JSON schema select options, which is beneficial for maintainability.
• 772-785: The function _munge_form_ui_schema_based_on_hidden_fields_in_task_data introduces logic to handle hidden fields in the form UI schema based on task data. This is a useful feature for dynamic form rendering. Ensure that the logic correctly handles all edge cases and that the modifications to the UI schema do not introduce any security concerns, such as inadvertently hiding fields that should remain visible.

spiffworkflow-backend/src/spiffworkflow_backend/routes/tasks_controller.py (2)

• 47-68: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [33-52]

The import statements have been reorganized and potentially unused imports have been removed. This is a good practice for maintaining clean and efficient code. However, ensure that the removal of these imports does not affect other parts of the application that might rely on them.

• 423-426: The task_show function has been modified to potentially include form data in its response. This change aligns with the PR's objective to streamline the guest and unauth flows by possibly providing more information in a single API call. Ensure that the inclusion of form data does not inadvertently expose sensitive information to unauthorized users.

spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py (1)

• 104-104: The addition of routes to the PUBLIC_AUTHENTICATION_EXCLUSION_LIST aligns with the PR's objective to merge guest and unauth flows. This change effectively allows unauthenticated users to access forms and submit messages without requiring authentication, which is a crucial step in integrating guest functionalities into the unauth flow.

spiffworkflow-backend/src/spiffworkflow_backend/api.yml (1)

• 2655-2666: The addition of the new GET endpoint under /public/tasks/{process_instance_id}/{task_guid} is well-defined and follows the OpenAPI specification standards. The endpoint's operation ID spiffworkflow_backend.routes.public_controller.form_show suggests it's designed for displaying forms for tasks, which aligns with the PR's objective of streamlining guest and unauth flows by enhancing task handling for unauthenticated users.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between c44a076 and ca4f1b4.

Files selected for processing (1)

• spiffworkflow-backend/src/spiffworkflow_backend/routes/public_controller.py (5 hunks)

Files skipped from review as they are similar to previous changes (1)

• spiffworkflow-backend/src/spiffworkflow_backend/routes/public_controller.py

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between ca4f1b4 and 2f3aac3.

Files selected for processing (10)

• spiffworkflow-frontend/.gitignore (1 hunks)
• spiffworkflow-frontend/cypress/e2e/tasks.cy.js (2 hunks)
• spiffworkflow-frontend/cypress/support/commands.js (2 hunks)
• spiffworkflow-frontend/src/helpers.test.tsx (2 hunks)
• spiffworkflow-frontend/src/helpers.tsx (1 hunks)
• spiffworkflow-frontend/src/routes/ProcessInstanceShow.tsx (1 hunks)
• spiffworkflow-frontend/src/routes/PublicRoutes.tsx (1 hunks)
• spiffworkflow-frontend/src/routes/public/PublicForm.tsx (1 hunks)
• spiffworkflow-frontend/src/routes/public/SignOut.tsx (1 hunks)
• spiffworkflow-frontend/src/services/HttpService.ts (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• spiffworkflow-frontend/src/routes/PublicRoutes.tsx
• spiffworkflow-frontend/src/routes/public/PublicForm.tsx

Additional comments: 12

spiffworkflow-frontend/.gitignore (1)

• 30-30: The addition of cypress/downloads to the .gitignore file is a good practice to prevent tracking of unnecessary files generated during Cypress tests.

spiffworkflow-frontend/src/routes/public/SignOut.tsx (1)

• 21-25: Adding a data-qa attribute to the Button element in the SignOut component is a good practice for improving testability.

spiffworkflow-frontend/src/helpers.test.tsx (1)

• 100-119: Adding a new test for the isURL function is a good practice for ensuring the reliability and correctness of utility functions. The test cases cover both positive and negative scenarios, enhancing the test coverage.

spiffworkflow-frontend/src/services/HttpService.ts (1)

• 100-100: Updating the URL path from /public/sign_out to /public/sign-out aligns with RESTful API design principles and common practices for URL naming, using hyphens instead of underscores.

spiffworkflow-frontend/cypress/e2e/tasks.cy.js (2)

• 88-88: Removing commented-out code is a good practice for maintaining clean and readable code.
• 90-127: Adding new tests for starting a process from a message form and completing a guest task enhances the test coverage and ensures the functionality works as expected.

spiffworkflow-frontend/cypress/support/commands.js (1)

• 107-117: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [110-126]

Adding a new parameter processInstanceExpectedToBeComplete to the runPrimaryBpmnFile Cypress command adds flexibility and configurability, enhancing the ability to test different scenarios.

spiffworkflow-frontend/src/helpers.tsx (1)

• 302-302: Modifying the regex pattern for URL validation in the isURL function to allow for optional top-level domains improves the flexibility and accuracy of the validation, ensuring that URLs without a top-level domain are correctly identified as URLs.

spiffworkflow-frontend/src/routes/ProcessInstanceShow.tsx (4)

• 563-565: The addition of the data-qa attribute to improve metadata value formatting and enhance testability is a good practice. This change should make automated testing more straightforward.
• 560-568: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1-1065]

The component contains a significant amount of logic and conditional rendering, which could impact maintainability and readability. Consider refactoring to improve modularity by extracting some of the logic into custom hooks or separate components. For instance, the modal related to task updates and the logic for handling tab changes could be extracted into their own components or hooks.

• 560-568: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1-1065]

To further enhance modularity and maintainability, consider creating separate components for distinct UI elements such as the modal content and tab panels. This approach will improve readability and potentially increase reusability across the application.

• 560-568: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1-1065]

While there are no specific performance issues identified in this review, it's always good practice to ensure that dependencies in effect hooks are correctly specified to avoid unnecessary re-renders. Additionally, consider using React.memo for child components that do not depend on rapidly changing props to further optimize performance.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 2f3aac3 and e96a299.

Files selected for processing (1)

• spiffworkflow-frontend/src/routes/ProcessInstanceShow.tsx (2 hunks)

Files skipped from review as they are similar to previous changes (1)

• spiffworkflow-frontend/src/routes/ProcessInstanceShow.tsx

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between e96a299 and 7292fb8.

Files selected for processing (2)

• spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/acceptance_tests.yml (1 hunks)
• spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/local_development.yml (1 hunks)

Additional comments: 3

spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/acceptance_tests.yml (2)

• 11-12: The addition of the spiff_public group with no users is a good approach for defining public access permissions. This setup allows for future flexibility in assigning users if needed.
• 20-23: The permissions for public_access are correctly scoped to the /public/* URI, which aligns with the PR's objective of integrating guest tasks into the unauthenticated flow. However, ensure that the update action is appropriate for all resources under this path, considering security implications.

spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/local_development.yml (1)

• 51-51: Adding the update action to the public_access permissions is consistent with the changes made in the acceptance_tests.yml file. This ensures uniformity across different environments. However, as with the previous file, it's crucial to assess the security implications of allowing the update action on public resources.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 7292fb8 and ba942d6.

Files selected for processing (2)

• spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py (5 hunks)
• spiffworkflow-frontend/cypress/e2e/tasks.cy.js (2 hunks)

Files skipped from review as they are similar to previous changes (2)

• spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
• spiffworkflow-frontend/cypress/e2e/tasks.cy.js