def test_get_select_star_datasource_access(self):
"""
Database API: Test get select star with datasource access
"""
session = db.session
table = SqlaTable(schema="main",
table_name="ab_permission",
database=get_main_database())
session.add(table)
session.commit()
tmp_table_perm = security_manager.find_permission_view_menu(
"datasource_access", table.get_perm())
gamma_role = security_manager.find_role("Gamma")
security_manager.add_permission_role(gamma_role, tmp_table_perm)
self.login(username="******")
main_db = get_main_database()
uri = f"api/v1/database/{main_db.id}/select_star/ab_permission/"
rv = self.client.get(uri)
self.assertEqual(rv.status_code, 200)
# rollback changes
security_manager.del_permission_role(gamma_role, tmp_table_perm)
db.session.delete(table)
db.session.delete(main_db)
db.session.commit()
def revoke_public_access_to_table(self, table):
public_role = security_manager.find_role("Public")
perms = db.session.query(ab_models.PermissionView).all()
for perm in perms:
if (perm.permission.name == "datasource_access" and perm.view_menu
and table.perm in perm.view_menu.name):
security_manager.del_permission_role(public_role, perm)
def test_queryview_filter_owner_only(self) -> None:
"""
Test queryview api with can_only_access_owned_queries perm added to
Admin and make sure only Admin queries show up.
"""
session = db.session
# Add can_only_access_owned_queries perm to Admin user
owned_queries_view = security_manager.find_permission_view_menu(
"can_only_access_owned_queries", "can_only_access_owned_queries")
security_manager.add_permission_role(
security_manager.find_role("Admin"), owned_queries_view)
session.commit()
# Test search_queries for Admin user
self.run_some_queries()
self.login("admin")
url = "/queryview/api/read"
data = self.get_json_resp(url)
admin = security_manager.find_user("admin")
self.assertEquals(2, len(data["result"]))
all_admin_user_queries = all([
result.get("username") == admin.username
for result in data["result"]
])
assert all_admin_user_queries is True
# Remove can_only_access_owned_queries from Admin
owned_queries_view = security_manager.find_permission_view_menu(
"can_only_access_owned_queries", "can_only_access_owned_queries")
security_manager.del_permission_role(
security_manager.find_role("Admin"), owned_queries_view)
session.commit()
def test_query_api_can_access_all_queries(self) -> None:
"""
Test query api with can_access_all_queries perm added to
gamma and make sure all queries show up.
"""
session = db.session
# Add all_query_access perm to Gamma user
all_queries_view = security_manager.find_permission_view_menu(
"all_query_access", "all_query_access")
security_manager.add_permission_role(
security_manager.find_role("gamma_sqllab"), all_queries_view)
session.commit()
# Test search_queries for Admin user
self.run_some_queries()
self.login("gamma_sqllab")
url = "/api/v1/query/"
data = self.get_json_resp(url)
self.assertEqual(3, len(data["result"]))
# Remove all_query_access from gamma sqllab
all_queries_view = security_manager.find_permission_view_menu(
"all_query_access", "all_query_access")
security_manager.del_permission_role(
security_manager.find_role("gamma_sqllab"), all_queries_view)
session.commit()
def test_search_query_with_owner_only_perms(self) -> None:
"""
Test a search query with can_only_access_owned_queries perm added to
Admin and make sure only Admin queries show up.
"""
session = db.session
# Add can_only_access_owned_queries perm to Admin user
owned_queries_view = security_manager.find_permission_view_menu(
"can_only_access_owned_queries", "can_only_access_owned_queries")
security_manager.add_permission_role(
security_manager.find_role("Admin"), owned_queries_view)
session.commit()
# Test search_queries for Admin user
self.run_some_queries()
self.login("admin")
user_id = security_manager.find_user("admin").id
data = self.get_json_resp("/superset/search_queries")
self.assertEquals(2, len(data))
user_ids = {k["userId"] for k in data}
self.assertEquals(set([user_id]), user_ids)
# Remove can_only_access_owned_queries from Admin
owned_queries_view = security_manager.find_permission_view_menu(
"can_only_access_owned_queries", "can_only_access_owned_queries")
security_manager.del_permission_role(
security_manager.find_role("Admin"), owned_queries_view)
session.commit()
def delete_schema_perm(view_menu_name: str) -> None:
pv = security_manager.find_permission_view_menu("schema_access", "[examples].[2]")
security_manager.del_permission_role(
security_manager.find_role(SCHEMA_ACCESS_ROLE), pv
)
security_manager.del_permission_view_menu("schema_access", "[examples].[2]")
return None
def revoke_public_access_to_table(self, table):
public_role = security_manager.find_role('Public')
perms = db.session.query(ab_models.PermissionView).all()
for perm in perms:
if (perm.permission.name == 'datasource_access' and
perm.view_menu and table.perm in perm.view_menu.name):
security_manager.del_permission_role(public_role, perm)
def test_queryview_filter_owner_only(self) -> None:
"""
Test queryview api with can_only_access_owned_queries perm added to
Admin and make sure only Admin queries show up.
"""
session = db.session
# Add can_only_access_owned_queries perm to Admin user
owned_queries_view = security_manager.find_permission_view_menu(
'can_only_access_owned_queries',
'can_only_access_owned_queries',
)
security_manager.add_permission_role(
security_manager.find_role('Admin'),
owned_queries_view,
)
session.commit()
# Test search_queries for Admin user
self.run_some_queries()
self.login('admin')
url = '/queryview/api/read'
data = self.get_json_resp(url)
admin = security_manager.find_user('admin')
self.assertEquals(2, len(data['result']))
all_admin_user_queries = all([
result.get('username') == admin.username for result in data['result']
])
assert all_admin_user_queries is True
# Remove can_only_access_owned_queries from Admin
owned_queries_view = security_manager.find_permission_view_menu(
'can_only_access_owned_queries',
'can_only_access_owned_queries',
)
security_manager.del_permission_role(
security_manager.find_role('Admin'),
owned_queries_view,
)
session.commit()
def test_search_query_with_owner_only_perms(self) -> None:
"""
Test a search query with can_only_access_owned_queries perm added to
Admin and make sure only Admin queries show up.
"""
session = db.session
# Add can_only_access_owned_queries perm to Admin user
owned_queries_view = security_manager.find_permission_view_menu(
'can_only_access_owned_queries',
'can_only_access_owned_queries',
)
security_manager.add_permission_role(
security_manager.find_role('Admin'),
owned_queries_view,
)
session.commit()
# Test search_queries for Admin user
self.run_some_queries()
self.login('admin')
user_id = security_manager.find_user('admin').id
data = self.get_json_resp('/superset/search_queries')
self.assertEquals(2, len(data))
user_ids = {k['userId'] for k in data}
self.assertEquals(set([user_id]), user_ids)
# Remove can_only_access_owned_queries from Admin
owned_queries_view = security_manager.find_permission_view_menu(
'can_only_access_owned_queries',
'can_only_access_owned_queries',
)
security_manager.del_permission_role(
security_manager.find_role('Admin'),
owned_queries_view,
)
session.commit()
