def test_get_select_star_datasource_access(self): """ Database API: Test get select star with datasource access """ session = db.session table = SqlaTable(schema="main", table_name="ab_permission", database=get_main_database()) session.add(table) session.commit() tmp_table_perm = security_manager.find_permission_view_menu( "datasource_access", table.get_perm()) gamma_role = security_manager.find_role("Gamma") security_manager.add_permission_role(gamma_role, tmp_table_perm) self.login(username="******") main_db = get_main_database() uri = f"api/v1/database/{main_db.id}/select_star/ab_permission/" rv = self.client.get(uri) self.assertEqual(rv.status_code, 200) # rollback changes security_manager.del_permission_role(gamma_role, tmp_table_perm) db.session.delete(table) db.session.delete(main_db) db.session.commit()
def revoke_public_access_to_table(self, table): public_role = security_manager.find_role("Public") perms = db.session.query(ab_models.PermissionView).all() for perm in perms: if (perm.permission.name == "datasource_access" and perm.view_menu and table.perm in perm.view_menu.name): security_manager.del_permission_role(public_role, perm)
def test_queryview_filter_owner_only(self) -> None: """ Test queryview api with can_only_access_owned_queries perm added to Admin and make sure only Admin queries show up. """ session = db.session # Add can_only_access_owned_queries perm to Admin user owned_queries_view = security_manager.find_permission_view_menu( "can_only_access_owned_queries", "can_only_access_owned_queries") security_manager.add_permission_role( security_manager.find_role("Admin"), owned_queries_view) session.commit() # Test search_queries for Admin user self.run_some_queries() self.login("admin") url = "/queryview/api/read" data = self.get_json_resp(url) admin = security_manager.find_user("admin") self.assertEquals(2, len(data["result"])) all_admin_user_queries = all([ result.get("username") == admin.username for result in data["result"] ]) assert all_admin_user_queries is True # Remove can_only_access_owned_queries from Admin owned_queries_view = security_manager.find_permission_view_menu( "can_only_access_owned_queries", "can_only_access_owned_queries") security_manager.del_permission_role( security_manager.find_role("Admin"), owned_queries_view) session.commit()
def test_query_api_can_access_all_queries(self) -> None: """ Test query api with can_access_all_queries perm added to gamma and make sure all queries show up. """ session = db.session # Add all_query_access perm to Gamma user all_queries_view = security_manager.find_permission_view_menu( "all_query_access", "all_query_access") security_manager.add_permission_role( security_manager.find_role("gamma_sqllab"), all_queries_view) session.commit() # Test search_queries for Admin user self.run_some_queries() self.login("gamma_sqllab") url = "/api/v1/query/" data = self.get_json_resp(url) self.assertEqual(3, len(data["result"])) # Remove all_query_access from gamma sqllab all_queries_view = security_manager.find_permission_view_menu( "all_query_access", "all_query_access") security_manager.del_permission_role( security_manager.find_role("gamma_sqllab"), all_queries_view) session.commit()
def test_search_query_with_owner_only_perms(self) -> None: """ Test a search query with can_only_access_owned_queries perm added to Admin and make sure only Admin queries show up. """ session = db.session # Add can_only_access_owned_queries perm to Admin user owned_queries_view = security_manager.find_permission_view_menu( "can_only_access_owned_queries", "can_only_access_owned_queries") security_manager.add_permission_role( security_manager.find_role("Admin"), owned_queries_view) session.commit() # Test search_queries for Admin user self.run_some_queries() self.login("admin") user_id = security_manager.find_user("admin").id data = self.get_json_resp("/superset/search_queries") self.assertEquals(2, len(data)) user_ids = {k["userId"] for k in data} self.assertEquals(set([user_id]), user_ids) # Remove can_only_access_owned_queries from Admin owned_queries_view = security_manager.find_permission_view_menu( "can_only_access_owned_queries", "can_only_access_owned_queries") security_manager.del_permission_role( security_manager.find_role("Admin"), owned_queries_view) session.commit()
def delete_schema_perm(view_menu_name: str) -> None: pv = security_manager.find_permission_view_menu("schema_access", "[examples].[2]") security_manager.del_permission_role( security_manager.find_role(SCHEMA_ACCESS_ROLE), pv ) security_manager.del_permission_view_menu("schema_access", "[examples].[2]") return None
def revoke_public_access_to_table(self, table): public_role = security_manager.find_role('Public') perms = db.session.query(ab_models.PermissionView).all() for perm in perms: if (perm.permission.name == 'datasource_access' and perm.view_menu and table.perm in perm.view_menu.name): security_manager.del_permission_role(public_role, perm)
def test_queryview_filter_owner_only(self) -> None: """ Test queryview api with can_only_access_owned_queries perm added to Admin and make sure only Admin queries show up. """ session = db.session # Add can_only_access_owned_queries perm to Admin user owned_queries_view = security_manager.find_permission_view_menu( 'can_only_access_owned_queries', 'can_only_access_owned_queries', ) security_manager.add_permission_role( security_manager.find_role('Admin'), owned_queries_view, ) session.commit() # Test search_queries for Admin user self.run_some_queries() self.login('admin') url = '/queryview/api/read' data = self.get_json_resp(url) admin = security_manager.find_user('admin') self.assertEquals(2, len(data['result'])) all_admin_user_queries = all([ result.get('username') == admin.username for result in data['result'] ]) assert all_admin_user_queries is True # Remove can_only_access_owned_queries from Admin owned_queries_view = security_manager.find_permission_view_menu( 'can_only_access_owned_queries', 'can_only_access_owned_queries', ) security_manager.del_permission_role( security_manager.find_role('Admin'), owned_queries_view, ) session.commit()
def test_search_query_with_owner_only_perms(self) -> None: """ Test a search query with can_only_access_owned_queries perm added to Admin and make sure only Admin queries show up. """ session = db.session # Add can_only_access_owned_queries perm to Admin user owned_queries_view = security_manager.find_permission_view_menu( 'can_only_access_owned_queries', 'can_only_access_owned_queries', ) security_manager.add_permission_role( security_manager.find_role('Admin'), owned_queries_view, ) session.commit() # Test search_queries for Admin user self.run_some_queries() self.login('admin') user_id = security_manager.find_user('admin').id data = self.get_json_resp('/superset/search_queries') self.assertEquals(2, len(data)) user_ids = {k['userId'] for k in data} self.assertEquals(set([user_id]), user_ids) # Remove can_only_access_owned_queries from Admin owned_queries_view = security_manager.find_permission_view_menu( 'can_only_access_owned_queries', 'can_only_access_owned_queries', ) security_manager.del_permission_role( security_manager.find_role('Admin'), owned_queries_view, ) session.commit()