From 3b3994204b59c5521f301a55efb98858e83ee7b9 Mon Sep 17 00:00:00 2001
From: tlangs <tlangs@broadinstitute.org>
Date: Tue, 11 Jun 2024 16:16:59 -0400
Subject: [PATCH 1/2] just an idea for cbas submissions

---
 src/main/resources/reference.conf | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf
index cf949adb4..391b255b7 100644
--- a/src/main/resources/reference.conf
+++ b/src/main/resources/reference.conf
@@ -172,6 +172,7 @@ resourceTypes = {
           wds-instance = ["owner"]
           kubernetes-app = ["manager"]
           kubernetes-app-shared = ["owner", "user"]
+          cbas-submission = ["reader"]
         }
       }
       application = {
@@ -188,6 +189,7 @@ resourceTypes = {
           google-project = ["pet-creator"]
           wds-instance = ["writer"]
           kubernetes-app-shared = ["user"]
+          cbas-submission = ["reader"]
         }
       }
       reader = {
@@ -198,6 +200,7 @@ resourceTypes = {
           google-project = ["pet-creator"]
           wds-instance = ["reader"]
           kubernetes-app-shared = ["user"]
+          cbas-submission = ["reader"]
         }
       }
       discoverer = {
@@ -1674,6 +1677,31 @@ resourceTypes = {
     allowLeaving = false
     reuseIds = true
   }
+
+  cbas-submission = {
+    actionPatterns = {
+      delete = {
+        description = "Delete this cbas-submission"
+      }
+      "read_policy::submitter" = {
+        description = "view the submitter policy and policy details for this cbas-submission"
+      }
+      read = {
+        description = "read from the private azure storage account"
+      }
+    }
+    ownerRoleName = "submitter"
+    roles = {
+      submitter = {
+        roleActions = ["delete", "read_policy::submitter", "read",]
+      }
+      reader = {
+        roleActions = ["read", "read_policy::submitter"]
+      }
+    }
+    allowLeaving = false
+    reuseIds = false
+  }
 }
 
 

From baa8e9e28b7143075acab3759d4804d610a74912 Mon Sep 17 00:00:00 2001
From: tlangs <tlangs@broadinstitute.org>
Date: Tue, 11 Jun 2024 16:18:54 -0400
Subject: [PATCH 2/2] allow creating with parent

---
 src/main/resources/reference.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf
index 391b255b7..75932c458 100644
--- a/src/main/resources/reference.conf
+++ b/src/main/resources/reference.conf
@@ -1689,11 +1689,14 @@ resourceTypes = {
       read = {
         description = "read from the private azure storage account"
       }
+      create_with_parent = {
+        description = "Enables creating the request object with a parent"
+      }
     }
     ownerRoleName = "submitter"
     roles = {
       submitter = {
-        roleActions = ["delete", "read_policy::submitter", "read",]
+        roleActions = ["delete", "read_policy::submitter", "read", "create_with_parent"]
       }
       reader = {
         roleActions = ["read", "read_policy::submitter"]