def _delete(self, pk):
"""
Delete function logic, override to implement diferent logic
deletes the record with primary_key = pk
:param pk:
record primary key to delete
"""
item = self.datamodel.get(pk, self._base_filters)
if not item:
abort(404)
try:
self.pre_delete(item)
except Exception as e:
flash(str(e), "danger")
else:
view_menu = security_manager.find_view_menu(item.get_perm())
pvs = (
security_manager.get_session.query(
security_manager.permissionview_model
)
.filter_by(view_menu=view_menu)
.all()
)
schema_view_menu = None
if hasattr(item, "schema_perm"):
schema_view_menu = security_manager.find_view_menu(item.schema_perm)
pvs.extend(
security_manager.get_session.query(
security_manager.permissionview_model
)
.filter_by(view_menu=schema_view_menu)
.all()
)
if self.datamodel.delete(item):
self.post_delete(item)
for pv in pvs:
security_manager.get_session.delete(pv)
if view_menu:
security_manager.get_session.delete(view_menu)
if schema_view_menu:
security_manager.get_session.delete(schema_view_menu)
security_manager.get_session.commit()
flash(*self.datamodel.message)
self.update_redirect()
def _delete(self: BaseView, primary_key: int) -> None:
"""
Delete function logic, override to implement diferent logic
deletes the record with primary_key = primary_key
:param primary_key:
record primary key to delete
"""
item = self.datamodel.get(primary_key, self._base_filters)
if not item:
abort(404)
try:
self.pre_delete(item)
except Exception as ex: # pylint: disable=broad-except
flash(str(ex), "danger")
else:
view_menu = security_manager.find_view_menu(item.get_perm())
pvs = (security_manager.get_session.query(
security_manager.permissionview_model).filter_by(
view_menu=view_menu).all())
if self.datamodel.delete(item):
self.post_delete(item)
for pv in pvs:
security_manager.get_session.delete(pv)
if view_menu:
security_manager.get_session.delete(view_menu)
security_manager.get_session.commit()
flash(*self.datamodel.message)
self.update_redirect()
def test_sqllab_viz(self):
self.login("admin")
examples_dbid = get_example_database().id
payload = {
"chartType": "dist_bar",
"datasourceName": f"test_viz_flow_table_{random()}",
"schema": "superset",
"columns": [
{"is_date": False, "type": "STRING", "name": f"viz_type_{random()}"},
{"is_date": False, "type": "OBJECT", "name": f"ccount_{random()}"},
],
"sql": """\
SELECT *
FROM birth_names
LIMIT 10""",
"dbId": examples_dbid,
}
data = {"data": json.dumps(payload)}
resp = self.get_json_resp("/superset/sqllab_viz/", data=data)
self.assertIn("table_id", resp)
# ensure owner is set correctly
table_id = resp["table_id"]
table = db.session.query(SqlaTable).filter_by(id=table_id).one()
self.assertEqual([owner.username for owner in table.owners], ["admin"])
view_menu = security_manager.find_view_menu(table.get_perm())
assert view_menu is not None
# Cleanup
db.session.delete(table)
db.session.commit()
def run(self) -> None:
self.validate()
if not self._models:
return None
try:
DatasetDAO.bulk_delete(self._models)
for model in self._models:
view_menu = (security_manager.find_view_menu(model.get_perm())
if model else None)
if view_menu:
permission_views = (db.session.query(
security_manager.permissionview_model).filter_by(
view_menu=view_menu).all())
for permission_view in permission_views:
db.session.delete(permission_view)
if view_menu:
db.session.delete(view_menu)
else:
if not view_menu:
logger.error(
"Could not find the data access permission for the dataset",
exc_info=True,
)
db.session.commit()
return None
except DeleteFailedError as ex:
logger.exception(ex.exception)
raise DatasetBulkDeleteFailedError() from ex
def run(self) -> Model:
self.validate()
try:
dataset = DatasetDAO.delete(self._model, commit=False)
view_menu = (security_manager.find_view_menu(
self._model.get_perm()) if self._model else None)
if view_menu:
permission_views = (db.session.query(
security_manager.permissionview_model).filter_by(
view_menu=view_menu).all())
for permission_view in permission_views:
db.session.delete(permission_view)
if view_menu:
db.session.delete(view_menu)
else:
if not view_menu:
logger.error(
"Could not find the data access permission for the dataset",
exc_info=True,
)
db.session.commit()
except (SQLAlchemyError, DAODeleteFailedError) as ex:
logger.exception(ex)
db.session.rollback()
raise DatasetDeleteFailedError() from ex
return dataset
def _delete(self, pk):
"""
Delete function logic, override to implement diferent logic
deletes the record with primary_key = pk
:param pk:
record primary key to delete
"""
item = self.datamodel.get(pk, self._base_filters)
if not item:
abort(404)
try:
self.pre_delete(item)
except Exception as e:
flash(str(e), 'danger')
else:
view_menu = security_manager.find_view_menu(item.get_perm())
pvs = security_manager.get_session.query(
security_manager.permissionview_model).filter_by(
view_menu=view_menu).all()
schema_view_menu = None
if hasattr(item, 'schema_perm'):
schema_view_menu = security_manager.find_view_menu(item.schema_perm)
pvs.extend(security_manager.get_session.query(
security_manager.permissionview_model).filter_by(
view_menu=schema_view_menu).all())
if self.datamodel.delete(item):
self.post_delete(item)
for pv in pvs:
security_manager.get_session.delete(pv)
if view_menu:
security_manager.get_session.delete(view_menu)
if schema_view_menu:
security_manager.get_session.delete(schema_view_menu)
security_manager.get_session.commit()
flash(*self.datamodel.message)
self.update_redirect()
def test_sync_druid_perm(self, PyDruid):
self.login(username="******")
instance = PyDruid.return_value
instance.time_boundary.return_value = [{"result": {"maxTime": "2016-01-01"}}]
instance.segment_metadata.return_value = SEGMENT_METADATA
cluster = (
db.session.query(DruidCluster)
.filter_by(cluster_name="test_cluster")
.first()
)
if cluster:
for datasource in (
db.session.query(DruidDatasource).filter_by(cluster_id=cluster.id).all()
):
db.session.delete(datasource)
db.session.delete(cluster)
db.session.commit()
cluster = DruidCluster(
cluster_name="test_cluster",
broker_host="localhost",
broker_port=7980,
metadata_last_refreshed=datetime.now(),
)
db.session.add(cluster)
cluster.get_datasources = PickableMock(return_value=["test_datasource"])
cluster.refresh_datasources()
cluster.datasources[0].merge_flag = True
metadata = cluster.datasources[0].latest_metadata()
self.assertEqual(len(metadata), 4)
db.session.commit()
view_menu_name = cluster.datasources[0].get_perm()
view_menu = security_manager.find_view_menu(view_menu_name)
permission = security_manager.find_permission("datasource_access")
pv = (
security_manager.get_session.query(security_manager.permissionview_model)
.filter_by(permission=permission, view_menu=view_menu)
.first()
)
assert pv is not None
def test_sync_druid_perm(self, PyDruid):
self.login(username='******')
instance = PyDruid.return_value
instance.time_boundary.return_value = [
{'result': {'maxTime': '2016-01-01'}}]
instance.segment_metadata.return_value = SEGMENT_METADATA
cluster = (
db.session
.query(DruidCluster)
.filter_by(cluster_name='test_cluster')
.first()
)
if cluster:
db.session.delete(cluster)
db.session.commit()
cluster = DruidCluster(
cluster_name='test_cluster',
coordinator_host='localhost',
coordinator_port=7979,
broker_host='localhost',
broker_port=7980,
metadata_last_refreshed=datetime.now())
db.session.add(cluster)
cluster.get_datasources = PickableMock(
return_value=['test_datasource'],
)
cluster.refresh_datasources()
cluster.datasources[0].merge_flag = True
metadata = cluster.datasources[0].latest_metadata()
self.assertEqual(len(metadata), 4)
db.session.commit()
view_menu_name = cluster.datasources[0].get_perm()
view_menu = security_manager.find_view_menu(view_menu_name)
permission = security_manager.find_permission('datasource_access')
pv = security_manager.get_session.query(
security_manager.permissionview_model).filter_by(
permission=permission, view_menu=view_menu).first()
assert pv is not None
def assert_permissions_were_deleted(self, deleted_dashboard):
view_menu = security_manager.find_view_menu(
deleted_dashboard.view_name)
self.assertIsNone(view_menu)
def assert_permission_kept_and_changed(self, updated_dashboard,
excepted_view_id):
view_menu_after_title_changed = security_manager.find_view_menu(
updated_dashboard.view_name)
self.assertIsNotNone(view_menu_after_title_changed)
self.assertEqual(view_menu_after_title_changed.id, excepted_view_id)
def assert_permission_was_created(self, dashboard):
view_menu = security_manager.find_view_menu(dashboard.view_name)
self.assertIsNotNone(view_menu)
self.assertEqual(
len(security_manager.find_permissions_view_menu(view_menu)), 1)
def test_set_perm_sqla_table(self):
security_manager.on_view_menu_after_insert = Mock()
security_manager.on_permission_view_after_insert = Mock()
session = db.session
table = SqlaTable(
schema="tmp_schema",
table_name="tmp_perm_table",
database=get_example_database(),
)
session.add(table)
session.commit()
stored_table = (session.query(SqlaTable).filter_by(
table_name="tmp_perm_table").one())
self.assertEqual(stored_table.perm,
f"[examples].[tmp_perm_table](id:{stored_table.id})")
pvm_dataset = security_manager.find_permission_view_menu(
"datasource_access", stored_table.perm)
pvm_schema = security_manager.find_permission_view_menu(
"schema_access", stored_table.schema_perm)
self.assertIsNotNone(pvm_dataset)
self.assertEqual(stored_table.schema_perm, "[examples].[tmp_schema]")
self.assertIsNotNone(pvm_schema)
# assert on permission hooks
view_menu_dataset = security_manager.find_view_menu(
f"[examples].[tmp_perm_table](id:{stored_table.id})")
view_menu_schema = security_manager.find_view_menu(
f"[examples].[tmp_schema]")
security_manager.on_view_menu_after_insert.assert_has_calls([
call(ANY, ANY, view_menu_dataset),
call(ANY, ANY, view_menu_schema),
])
security_manager.on_permission_view_after_insert.assert_has_calls([
call(ANY, ANY, pvm_dataset),
call(ANY, ANY, pvm_schema),
])
# table name change
stored_table.table_name = "tmp_perm_table_v2"
session.commit()
stored_table = (session.query(SqlaTable).filter_by(
table_name="tmp_perm_table_v2").one())
self.assertEqual(
stored_table.perm,
f"[examples].[tmp_perm_table_v2](id:{stored_table.id})")
self.assertIsNotNone(
security_manager.find_permission_view_menu("datasource_access",
stored_table.perm))
# no changes in schema
self.assertEqual(stored_table.schema_perm, "[examples].[tmp_schema]")
self.assertIsNotNone(
security_manager.find_permission_view_menu(
"schema_access", stored_table.schema_perm))
# schema name change
stored_table.schema = "tmp_schema_v2"
session.commit()
stored_table = (session.query(SqlaTable).filter_by(
table_name="tmp_perm_table_v2").one())
self.assertEqual(
stored_table.perm,
f"[examples].[tmp_perm_table_v2](id:{stored_table.id})")
self.assertIsNotNone(
security_manager.find_permission_view_menu("datasource_access",
stored_table.perm))
# no changes in schema
self.assertEqual(stored_table.schema_perm,
"[examples].[tmp_schema_v2]")
self.assertIsNotNone(
security_manager.find_permission_view_menu(
"schema_access", stored_table.schema_perm))
# database change
new_db = Database(sqlalchemy_uri="sqlite://", database_name="tmp_db")
session.add(new_db)
stored_table.database = (session.query(Database).filter_by(
database_name="tmp_db").one())
session.commit()
stored_table = (session.query(SqlaTable).filter_by(
table_name="tmp_perm_table_v2").one())
self.assertEqual(
stored_table.perm,
f"[tmp_db].[tmp_perm_table_v2](id:{stored_table.id})")
self.assertIsNotNone(
security_manager.find_permission_view_menu("datasource_access",
stored_table.perm))
# no changes in schema
self.assertEqual(stored_table.schema_perm, "[tmp_db].[tmp_schema_v2]")
self.assertIsNotNone(
security_manager.find_permission_view_menu(
"schema_access", stored_table.schema_perm))
# no schema
stored_table.schema = None
session.commit()
stored_table = (session.query(SqlaTable).filter_by(
table_name="tmp_perm_table_v2").one())
self.assertEqual(
stored_table.perm,
f"[tmp_db].[tmp_perm_table_v2](id:{stored_table.id})")
self.assertIsNotNone(
security_manager.find_permission_view_menu("datasource_access",
stored_table.perm))
self.assertIsNone(stored_table.schema_perm)
session.delete(new_db)
session.delete(stored_table)
session.commit()
