Beispiel #1
0
    def test_user_can_only_read_from_datasets_they_have_access_to(
            self, _application):
        dataset_1_id = '47146cc4-1668-4522-82b6-eb5e5de7b044'
        table_1_id = '164acfc5-3852-400e-a99d-2c7c4eff8555'
        dataset_2_id = '73534d36-72f7-41b7-ad92-4d277980229e'
        table_2_id = '0a5a7f68-9e38-422d-94d6-92a366da1ab5'
        create_dataset(
            dataset_1_id,
            'explorer_dataset',
            table_1_id,
            'my_database',
            'REQUIRES_AUTHENTICATION',
        )
        create_dataset(
            dataset_2_id,
            'explorer_dataset_2',
            table_2_id,
            'my_database',
            'REQUIRES_AUTHORIZATION',
        )

        home_page = HomePage(
            driver=self.driver,
            base_url="http://dataworkspace.test:8000/data-explorer")
        home_page.open()

        home_page.enter_query(
            "select count(*) as count from public.explorer_dataset")
        home_page.click_run()

        assert home_page.read_result_headers() == ['count']
        assert home_page.read_result_rows() == [["0"]]
        assert "permission denied for relation" not in home_page.get_html()

        home_page.open()  # Reset the page, i.e. to remove the existing query
        home_page.enter_query(
            "select count(*) as count from public.explorer_dataset_2")
        home_page.click_run()

        assert home_page.read_result_headers() == []
        assert home_page.read_result_rows() == []
        assert "permission denied for relation" in home_page.get_html()
    def test_user_can_only_read_from_datasets_they_have_access_to(self, _application):
        dataset_1_id = "47146cc4-1668-4522-82b6-eb5e5de7b044"
        table_1_id = "164acfc5-3852-400e-a99d-2c7c4eff8555"
        dataset_2_id = "73534d36-72f7-41b7-ad92-4d277980229e"
        table_2_id = "0a5a7f68-9e38-422d-94d6-92a366da1ab5"
        create_dataset(
            dataset_1_id,
            "explorer_dataset",
            table_1_id,
            "my_database",
            UserAccessType.REQUIRES_AUTHENTICATION,
        )
        create_dataset(
            dataset_2_id,
            "explorer_dataset_2",
            table_2_id,
            "my_database",
            UserAccessType.REQUIRES_AUTHORIZATION,
        )

        home_page = HomePage(driver=self.driver)
        home_page.open()

        home_page.enter_query("select count(*) as count from public.explorer_dataset")
        home_page.click_run()

        assert home_page.read_result_headers() == ["count"]
        assert home_page.read_result_rows() == [["0"]]
        assert "permission denied for relation" not in home_page.get_html()

        home_page.open()  # Reset the page, i.e. to remove the existing query
        home_page.enter_query("select count(*) as count from public.explorer_dataset_2")
        home_page.click_run()

        assert home_page.read_result_headers() == []
        assert home_page.read_result_rows() == []
        assert "permission denied for table" in home_page.get_html()
    def test_data_explorer_cached_credentials_can_be_reset_using_admin_action(self, _application):
        # This doesn't strictly test that the action is available to an admin, but it does test the routine
        # that the admin action uses.

        dataset_1_id = "47146cc4-1668-4522-82b6-eb5e5de7b044"
        table_1_id = "164acfc5-3852-400e-a99d-2c7c4eff8555"
        dataset_2_id = "73534d36-72f7-41b7-ad92-4d277980229e"
        table_2_id = "0a5a7f68-9e38-422d-94d6-92a366da1ab5"
        create_dataset(
            dataset_1_id,
            "explorer_dataset",
            table_1_id,
            "my_database",
            UserAccessType.REQUIRES_AUTHENTICATION,
        )
        create_dataset(
            dataset_2_id,
            "explorer_2_dataset",
            table_2_id,
            "my_database",
            UserAccessType.REQUIRES_AUTHENTICATION,
        )

        home_page = HomePage(driver=self.driver)
        home_page.open()

        home_page.enter_query("select count(*) as count from public.explorer_dataset")
        home_page.click_run()

        assert home_page.read_result_headers() == ["count"]
        assert home_page.read_result_rows() == [["0"]]
        assert "permission denied for relation" not in home_page.get_html()
        assert "Columns in public.explorer_dataset" in home_page.get_html()
        assert "Columns in public.explorer_2_dataset" in home_page.get_html()

        set_dataset_access_type(dataset_1_id, UserAccessType.REQUIRES_AUTHORIZATION)

        home_page.open()  # Reset the page, i.e. to remove the existing query
        home_page.enter_query("select count(*) as count from public.explorer_dataset")
        home_page.click_run()

        # Should still be using cached credentials, so still available. (Note: this isn't ideal, but _is_ how things
        # should be working based on the current implementation.
        assert home_page.read_result_headers() == ["count"]
        assert home_page.read_result_rows() == [["0"]]
        assert "permission denied for relation" not in home_page.get_html()
        assert "Columns in public.explorer_dataset" in home_page.get_html()
        assert "Columns in public.explorer_2_dataset" in home_page.get_html()

        reset_data_explorer_credentials(user_sso_id="9931f73c-469d-4110-9f58-92a74ab1bbfa")

        home_page.open()  # Reset the page, i.e. to remove the existing query
        home_page.enter_query("select count(*) as count from public.explorer_dataset")
        home_page.click_run()

        # The cached credentials should have been cleared, so new ones will be generated where access isn't available.
        assert home_page.read_result_headers() == []
        assert home_page.read_result_rows() == []
        assert "permission denied for table" in home_page.get_html()
        assert "Columns in public.explorer_dataset" not in home_page.get_html()
        assert "Columns in public.explorer_2_dataset" in home_page.get_html()