def test_schemas_accessible_by_user_admin(self, mock_g):
mock_g.user = security_manager.find_user("admin")
with self.client.application.test_request_context():
database = get_example_database()
schemas = security_manager.get_schemas_accessible_by_user(
database, ["1", "2", "3"])
self.assertEqual(schemas, ["1", "2", "3"]) # no changes
def at_least_one_schema_is_allowed(database: Database) -> bool:
"""
If the user has access to the database or all datasource
1. if schemas_allowed_for_csv_upload is empty
a) if database does not support schema
user is able to upload csv without specifying schema name
b) if database supports schema
user is able to upload csv to any schema
2. if schemas_allowed_for_csv_upload is not empty
a) if database does not support schema
This situation is impossible and upload will fail
b) if database supports schema
user is able to upload to schema in schemas_allowed_for_csv_upload
elif the user does not access to the database or all datasource
1. if schemas_allowed_for_csv_upload is empty
a) if database does not support schema
user is unable to upload csv
b) if database supports schema
user is unable to upload csv
2. if schemas_allowed_for_csv_upload is not empty
a) if database does not support schema
This situation is impossible and user is unable to upload csv
b) if database supports schema
user is able to upload to schema in schemas_allowed_for_csv_upload
"""
if security_manager.can_access_database(database):
return True
schemas = database.get_schema_access_for_csv_upload()
if schemas and security_manager.get_schemas_accessible_by_user(
database, schemas, False
):
return True
return False
def schemas(self, **kwargs: Any) -> FlaskResponse:
"""Get all schemas
---
get:
parameters:
- in: query
name: q
content:
application/json:
schema:
$ref: '#/components/schemas/get_schemas_schema'
responses:
200:
description: Related column data
content:
application/json:
schema:
$ref: "#/components/schemas/DatabaseSchemaResponseSchema"
400:
$ref: '#/components/responses/400'
401:
$ref: '#/components/responses/401'
404:
$ref: '#/components/responses/404'
422:
$ref: '#/components/responses/422'
500:
$ref: '#/components/responses/500'
"""
args = kwargs.get("rison", {})
# handle pagination
page, page_size = self._handle_page_args(args)
filter_ = args.get("filter", "")
_, databases = self.datamodel.query(page=page, page_size=page_size)
result = []
count = 0
if databases:
for database in databases:
try:
schemas = database.get_all_schema_names(
cache=database.schema_cache_enabled,
cache_timeout=database.schema_cache_timeout,
force=False,
)
except SQLAlchemyError:
self.incr_stats("error", self.schemas.__name__)
continue
schemas = security_manager.get_schemas_accessible_by_user(
database, schemas)
count += len(schemas)
for schema in schemas:
if filter_:
if schema.startswith(filter_):
result.append({"text": schema, "value": schema})
else:
result.append({"text": schema, "value": schema})
return self.response(200, count=count, result=result)
def test_schemas_accessible_by_user_datasource_access(self, mock_g):
# User has schema access to the datasource temp_schema.wb_health_population in examples DB.
mock_g.user = security_manager.find_user("gamma")
with self.client.application.test_request_context():
database = get_example_database()
schemas = security_manager.get_schemas_accessible_by_user(
database, ["temp_schema", "2", "3"])
self.assertEqual(schemas, ["temp_schema"])
def test_schemas_accessible_by_user_schema_access(self, mock_g):
# User has schema access to the schema 1
create_schema_perm("[examples].[1]")
mock_g.user = security_manager.find_user("gamma")
with self.client.application.test_request_context():
database = get_example_database()
schemas = security_manager.get_schemas_accessible_by_user(
database, ["1", "2", "3"])
# temp_schema is not passed in the params
self.assertEqual(schemas, ["1"])
delete_schema_perm("[examples].[1]")
def test_schemas_accessible_by_user_datasource_and_schema_access(
self, mock_g):
# User has schema access to the datasource temp_schema.wb_health_population in examples DB.
create_schema_perm("[examples].[2]")
mock_g.user = security_manager.find_user("gamma")
with self.client.application.test_request_context():
database = get_example_database()
schemas = security_manager.get_schemas_accessible_by_user(
database, ["temp_schema", "2", "3"])
self.assertEqual(schemas, ["temp_schema", "2"])
vm = security_manager.find_permission_view_menu(
"schema_access", "[examples].[2]")
self.assertIsNotNone(vm)
delete_schema_perm("[examples].[2]")
