def run(self) -> bool: try: dataset_id = self._cmd_params.dataset_id chart_id = self._cmd_params.chart_id actor = self._cmd_params.actor key = self._cmd_params.key form_data = self._cmd_params.form_data check_access(dataset_id, chart_id, actor) state: TemporaryExploreState = cache_manager.explore_form_data_cache.get( key) if state and form_data: user_id = actor.get_user_id() if state["owner"] != user_id: raise KeyValueAccessDeniedError() new_state: TemporaryExploreState = { "owner": actor.get_user_id(), "dataset_id": dataset_id, "chart_id": chart_id, "form_data": form_data, } return cache_manager.explore_form_data_cache.set( key, new_state) return False except SQLAlchemyError as ex: logger.exception("Error running update command") raise KeyValueUpdateFailedError() from ex
def test_unsaved_chart_unknown_dataset_id(mocker: MockFixture, app_context: AppContext) -> None: from superset.explore.form_data.utils import check_access with raises(DatasetNotFoundError): mocker.patch(dataset_find_by_id, return_value=None) check_access(dataset_id=1, chart_id=0, actor=User())
def run(self) -> str: try: dataset_id = self._cmd_params.dataset_id chart_id = self._cmd_params.chart_id tab_id = self._cmd_params.tab_id actor = self._cmd_params.actor form_data = self._cmd_params.form_data check_access(dataset_id, chart_id, actor) contextual_key = cache_key(session.get("_id"), tab_id, dataset_id, chart_id) key = cache_manager.explore_form_data_cache.get(contextual_key) if not key or not tab_id: key = random_key() if form_data: state: TemporaryExploreState = { "owner": actor.get_user_id(), "dataset_id": dataset_id, "chart_id": chart_id, "form_data": form_data, } cache_manager.explore_form_data_cache.set(key, state) cache_manager.explore_form_data_cache.set(contextual_key, key) return key except SQLAlchemyError as ex: logger.exception("Error running create command") raise KeyValueCreateFailedError() from ex
def test_saved_chart_unauthorized_dataset(mocker: MockFixture, app_context: AppContext) -> None: from superset.connectors.sqla.models import SqlaTable from superset.explore.form_data import utils with raises(DatasetAccessDeniedError): mocker.patch(dataset_find_by_id, return_value=SqlaTable()) mocker.patch(can_access_datasource, return_value=False) utils.check_access(dataset_id=1, chart_id=1, actor=User())
def test_saved_chart_unknown_chart_id(mocker: MockFixture, app_context: AppContext) -> None: from superset.connectors.sqla.models import SqlaTable from superset.explore.form_data.utils import check_access with raises(ChartNotFoundError): mocker.patch(dataset_find_by_id, return_value=SqlaTable()) mocker.patch(can_access_datasource, return_value=True) mocker.patch(chart_find_by_id, return_value=None) check_access(dataset_id=1, chart_id=1, actor=User())
def test_saved_chart_no_access(mocker: MockFixture, app_context: AppContext) -> None: from superset.connectors.sqla.models import SqlaTable from superset.explore.form_data.utils import check_access from superset.models.slice import Slice with raises(ChartAccessDeniedError): mocker.patch(dataset_find_by_id, return_value=SqlaTable()) mocker.patch(can_access_datasource, return_value=True) mocker.patch(is_user_admin, return_value=False) mocker.patch(is_owner, return_value=False) mocker.patch(can_access, return_value=False) mocker.patch(chart_find_by_id, return_value=Slice()) check_access(dataset_id=1, chart_id=1, actor=User())
def run(self) -> Optional[str]: try: actor = self._cmd_params.actor key = self._cmd_params.key state: TemporaryExploreState = cache_manager.explore_form_data_cache.get( key) if state: check_access(state["dataset_id"], state["chart_id"], actor) if self._refresh_timeout: cache_manager.explore_form_data_cache.set(key, state) return state["form_data"] return None except SQLAlchemyError as ex: logger.exception("Error running get command") raise KeyValueGetFailedError() from ex
def run(self) -> bool: try: actor = self._cmd_params.actor key = self._cmd_params.key state: TemporaryExploreState = cache_manager.explore_form_data_cache.get( key) if state: check_access(state["dataset_id"], state["chart_id"], actor) if state["owner"] != actor.get_user_id(): raise KeyValueAccessDeniedError() return cache_manager.explore_form_data_cache.delete(key) return False except SQLAlchemyError as ex: logger.exception("Error running delete command") raise KeyValueDeleteFailedError() from ex
def test_unsaved_chart_authorized_dataset(mocker: MockFixture, app_context: AppContext) -> None: from superset.connectors.sqla.models import SqlaTable from superset.explore.form_data.utils import check_access mocker.patch(dataset_find_by_id, return_value=SqlaTable()) mocker.patch(can_access_datasource, return_value=True) assert check_access(dataset_id=1, chart_id=0, actor=User()) == True
def test_saved_chart_is_admin(mocker: MockFixture, app_context: AppContext) -> None: from superset.connectors.sqla.models import SqlaTable from superset.explore.form_data.utils import check_access from superset.models.slice import Slice mocker.patch(dataset_find_by_id, return_value=SqlaTable()) mocker.patch(can_access_datasource, return_value=True) mocker.patch(is_user_admin, return_value=True) mocker.patch(chart_find_by_id, return_value=Slice()) assert check_access(dataset_id=1, chart_id=1, actor=User()) == True
def run(self) -> str: try: dataset_id = self._cmd_params.dataset_id chart_id = self._cmd_params.chart_id actor = self._cmd_params.actor form_data = self._cmd_params.form_data check_access(dataset_id, chart_id, actor) key = token_urlsafe(48) if form_data: state: TemporaryExploreState = { "owner": actor.get_user_id(), "dataset_id": dataset_id, "chart_id": chart_id, "form_data": form_data, } cache_manager.explore_form_data_cache.set(key, state) return key except SQLAlchemyError as ex: logger.exception("Error running create command") raise KeyValueCreateFailedError() from ex
def run(self) -> Optional[str]: try: dataset_id = self._cmd_params.dataset_id chart_id = self._cmd_params.chart_id actor = self._cmd_params.actor key = self._cmd_params.key form_data = self._cmd_params.form_data check_access(dataset_id, chart_id, actor) state: TemporaryExploreState = cache_manager.explore_form_data_cache.get( key ) if state and form_data: user_id = actor.get_user_id() if state["owner"] != user_id: raise KeyValueAccessDeniedError() # Generate a new key if tab_id changes or equals 0 tab_id = self._cmd_params.tab_id contextual_key = cache_key( session.get("_id"), tab_id, dataset_id, chart_id ) key = cache_manager.explore_form_data_cache.get(contextual_key) if not key or not tab_id: key = random_key() cache_manager.explore_form_data_cache.set(contextual_key, key) new_state: TemporaryExploreState = { "owner": actor.get_user_id(), "dataset_id": dataset_id, "chart_id": chart_id, "form_data": form_data, } cache_manager.explore_form_data_cache.set(key, new_state) return key except SQLAlchemyError as ex: logger.exception("Error running update command") raise KeyValueUpdateFailedError() from ex
def test_unsaved_chart_no_dataset_id(app_context: AppContext) -> None: from superset.explore.form_data.utils import check_access with raises(DatasetNotFoundError): check_access(dataset_id=0, chart_id=0, actor=User())