def test_public_sync_role_data_perms(self):
"""
Security: Tests if the sync role method preserves data access permissions
if they already exist on a public role.
Also check that non data access permissions are removed
"""
table = db.session.query(SqlaTable).filter_by(
table_name="birth_names").one()
self.grant_public_access_to_table(table)
public_role = security_manager.get_public_role()
unwanted_pvm = security_manager.find_permission_view_menu(
"menu_access", "Security")
public_role.permissions.append(unwanted_pvm)
db.session.commit()
security_manager.sync_role_definitions()
public_role = security_manager.get_public_role()
public_role_resource_names = [
permission.view_menu.name for permission in public_role.permissions
]
assert table.get_perm() in public_role_resource_names
assert "Security" not in public_role_resource_names
# Cleanup
self.revoke_public_access_to_table(table)
def __init__(self, *args, **kwargs):
if (self.requires_examples and not os.environ.get('examples_loaded')):
logging.info('Loading examples')
cli.load_examples_run(load_test_data=True)
logging.info('Done loading examples')
security_manager.sync_role_definitions()
os.environ['examples_loaded'] = '1'
else:
security_manager.sync_role_definitions()
super(SupersetTestCase, self).__init__(*args, **kwargs)
self.client = app.test_client()
self.maxDiff = None
cli.load_test_users_run()
# create druid cluster and druid datasources
session = db.session
cluster = (session.query(DruidCluster).filter_by(
cluster_name='druid_test').first())
if not cluster:
cluster = DruidCluster(cluster_name='druid_test')
session.add(cluster)
session.commit()
druid_datasource1 = DruidDatasource(
datasource_name='druid_ds_1',
cluster_name='druid_test',
)
session.add(druid_datasource1)
druid_datasource2 = DruidDatasource(
datasource_name='druid_ds_2',
cluster_name='druid_test',
)
session.add(druid_datasource2)
session.commit()
def load_test_users_run():
"""
Loads admin, alpha, and gamma user for testing purposes
Syncs permissions for those users/roles
"""
if config.get('TESTING'):
security_manager.sync_role_definitions()
gamma_sqllab_role = security_manager.add_role('gamma_sqllab')
for perm in security_manager.find_role('Gamma').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
utils.get_or_create_main_db()
db_perm = utils.get_main_database(security_manager.get_session).perm
security_manager.merge_perm('database_access', db_perm)
db_pvm = security_manager.find_permission_view_menu(
view_menu_name=db_perm, permission_name='database_access')
gamma_sqllab_role.permissions.append(db_pvm)
for perm in security_manager.find_role('sql_lab').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
admin = security_manager.find_user('admin')
if not admin:
security_manager.add_user(
'admin', 'admin', ' user', '*****@*****.**',
security_manager.find_role('Admin'),
password='******')
gamma = security_manager.find_user('gamma')
if not gamma:
security_manager.add_user(
'gamma', 'gamma', 'user', '*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma2 = security_manager.find_user('gamma2')
if not gamma2:
security_manager.add_user(
'gamma2', 'gamma2', 'user', '*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma_sqllab_user = security_manager.find_user('gamma_sqllab')
if not gamma_sqllab_user:
security_manager.add_user(
'gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**',
gamma_sqllab_role, password='******')
alpha = security_manager.find_user('alpha')
if not alpha:
security_manager.add_user(
'alpha', 'alpha', 'user', '*****@*****.**',
security_manager.find_role('Alpha'),
password='******')
security_manager.get_session.commit()
def load_test_users_run():
"""
Loads admin, alpha, and gamma user for testing purposes
Syncs permissions for those users/roles
"""
if config.get('TESTING'):
security_manager.sync_role_definitions()
gamma_sqllab_role = security_manager.add_role('gamma_sqllab')
for perm in security_manager.find_role('Gamma').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
utils.get_or_create_main_db()
db_perm = utils.get_main_database(security_manager.get_session).perm
security_manager.merge_perm('database_access', db_perm)
db_pvm = security_manager.find_permission_view_menu(
view_menu_name=db_perm, permission_name='database_access')
gamma_sqllab_role.permissions.append(db_pvm)
for perm in security_manager.find_role('sql_lab').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
admin = security_manager.find_user('admin')
if not admin:
security_manager.add_user(
'admin', 'admin', ' user', '*****@*****.**',
security_manager.find_role('Admin'),
password='******')
gamma = security_manager.find_user('gamma')
if not gamma:
security_manager.add_user(
'gamma', 'gamma', 'user', '*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma2 = security_manager.find_user('gamma2')
if not gamma2:
security_manager.add_user(
'gamma2', 'gamma2', 'user', '*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma_sqllab_user = security_manager.find_user('gamma_sqllab')
if not gamma_sqllab_user:
security_manager.add_user(
'gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**',
gamma_sqllab_role, password='******')
alpha = security_manager.find_user('alpha')
if not alpha:
security_manager.add_user(
'alpha', 'alpha', 'user', '*****@*****.**',
security_manager.find_role('Alpha'),
password='******')
security_manager.get_session.commit()
def init():
"""Inits the Superset application"""
utils.get_or_create_main_db()
security_manager.sync_role_definitions()
role_admin = security_manager.find_role(security_manager.auth_role_admin)
username = firstname = lastname = password = "******"
email = "*****@*****.**"
user = security_manager.find_user(username)
if user is None:
user = security_manager.add_user(username, firstname, lastname, email,
role_admin, password)
if user:
print(Fore.GREEN + 'Admin User {0} created.'.format(username))
else:
print(Fore.RED + 'No user created an error occured')
def bootstrap():
# always run migrations first
db_upgrade()
# always gitbase script to update datasource if it was changed in env var
dbobj = get_or_create_datasource('gitbase',
conf.get('GITBASE_DATABASE_URI'),
allow_run_async=True,
allow_dml=True)
create_datasource_tables(dbobj, conf.get('GITBASE_DB'))
# add metadata data source only in sync mode
if conf.get('SYNC_MODE'):
dbobj = get_or_create_datasource('metadata',
conf.get('METADATA_DATABASE_URI'))
create_datasource_tables(dbobj, conf.get('METADATA_DB'))
# initialize database if empty
users = [u.username for u in security_manager.get_all_users()]
if not conf.get('DEFAULT_USERNAME') in users:
# Create an admin user
role_admin = security_manager.find_role(
security_manager.auth_role_admin)
admin_user = security_manager.add_user(conf.get('DEFAULT_USERNAME'),
os.environ['ADMIN_FIRST_NAME'],
os.environ['ADMIN_LAST_NAME'],
os.environ['ADMIN_EMAIL'],
role_admin,
os.environ['ADMIN_PASSWORD'])
# Create default roles and permissions
utils.get_or_create_main_db()
security_manager.sync_role_definitions()
# set admin user as a current user
g.user = admin_user
# Add dashboards
dashboards_root = '/home/superset/dashboards'
import_dashboard(dashboards_root + '/gitbase/overview.json')
if conf.get('SYNC_MODE'):
import_dashboard(dashboards_root + '/metadata/welcome.json')
import_dashboard(dashboards_root + '/metadata/collaboration.json')
else:
import_dashboard(dashboards_root + '/gitbase/welcome.json')
# set welcome dashboard as a default
set_welcome_dashboard(conf.get('DEFAULT_DASHBOARD_ID'), admin_user)
def test_public_sync_role_builtin_perms(self):
"""
Security: Tests public role creation based on a builtin role
"""
current_app.config["PUBLIC_ROLE_LIKE"] = "TestRole"
security_manager.sync_role_definitions()
public_role = security_manager.get_public_role()
public_role_resource_names = [[
permission.view_menu.name, permission.permission.name
] for permission in public_role.permissions]
for pvm in current_app.config["FAB_ROLES"]["TestRole"]:
assert pvm in public_role_resource_names
# Cleanup
current_app.config["PUBLIC_ROLE_LIKE"] = "Gamma"
security_manager.sync_role_definitions()
def setUpClass(cls):
try:
os.remove(app.config.get('SQL_CELERY_DB_FILE_PATH'))
except OSError as e:
app.logger.warn(str(e))
try:
os.remove(app.config.get('SQL_CELERY_RESULTS_DB_FILE_PATH'))
except OSError as e:
app.logger.warn(str(e))
security_manager.sync_role_definitions()
worker_command = BASE_DIR + '/bin/superset worker'
subprocess.Popen(
worker_command, shell=True, stdout=subprocess.PIPE)
admin = security_manager.find_user('admin')
if not admin:
security_manager.add_user(
'admin', 'admin', ' user', '*****@*****.**',
security_manager.find_role('Admin'),
password='******')
cli.load_examples_run(load_test_data=True)
def setUpClass(cls):
try:
os.remove(app.config.get('SQL_CELERY_DB_FILE_PATH'))
except OSError as e:
app.logger.warn(str(e))
try:
os.remove(app.config.get('SQL_CELERY_RESULTS_DB_FILE_PATH'))
except OSError as e:
app.logger.warn(str(e))
security_manager.sync_role_definitions()
worker_command = BASE_DIR + '/bin/superset worker'
subprocess.Popen(
worker_command, shell=True, stdout=subprocess.PIPE)
admin = security_manager.find_user('admin')
if not admin:
security_manager.add_user(
'admin', 'admin', ' user', '*****@*****.**',
security_manager.find_role('Admin'),
password='******')
cli.load_examples(load_test_data=True)
def init() -> None:
"""Inits the Superset application"""
appbuilder.add_permissions(update_perms=True)
security_manager.sync_role_definitions()
def init():
"""Inits the Superset application"""
utils.get_or_create_main_db()
security_manager.sync_role_definitions()
def init():
"""Inits the Superset application"""
utils.get_or_create_main_db()
utils.get_example_database()
appbuilder.add_permissions(update_perms=True)
security_manager.sync_role_definitions()
def load_test_users_run():
"""
Loads admin, alpha, and gamma user for testing purposes
Syncs permissions for those users/roles
"""
if config.get("TESTING"):
security_manager.sync_role_definitions()
gamma_sqllab_role = security_manager.add_role("gamma_sqllab")
for perm in security_manager.find_role("Gamma").permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
utils.get_or_create_main_db()
db_perm = utils.get_main_database().perm
security_manager.add_permission_view_menu("database_access", db_perm)
db_pvm = security_manager.find_permission_view_menu(
view_menu_name=db_perm, permission_name="database_access"
)
gamma_sqllab_role.permissions.append(db_pvm)
for perm in security_manager.find_role("sql_lab").permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
admin = security_manager.find_user("admin")
if not admin:
security_manager.add_user(
"admin",
"admin",
" user",
"*****@*****.**",
security_manager.find_role("Admin"),
password="******",
)
gamma = security_manager.find_user("gamma")
if not gamma:
security_manager.add_user(
"gamma",
"gamma",
"user",
"*****@*****.**",
security_manager.find_role("Gamma"),
password="******",
)
gamma2 = security_manager.find_user("gamma2")
if not gamma2:
security_manager.add_user(
"gamma2",
"gamma2",
"user",
"*****@*****.**",
security_manager.find_role("Gamma"),
password="******",
)
gamma_sqllab_user = security_manager.find_user("gamma_sqllab")
if not gamma_sqllab_user:
security_manager.add_user(
"gamma_sqllab",
"gamma_sqllab",
"user",
"*****@*****.**",
gamma_sqllab_role,
password="******",
)
alpha = security_manager.find_user("alpha")
if not alpha:
security_manager.add_user(
"alpha",
"alpha",
"user",
"*****@*****.**",
security_manager.find_role("Alpha"),
password="******",
)
security_manager.get_session.commit()
def __init__(self, *args, **kwargs):
if (self.requires_examples and not os.environ.get('examples_loaded')):
logging.info('Loading examples')
cli.load_examples_run(load_test_data=True)
logging.info('Done loading examples')
security_manager.sync_role_definitions()
os.environ['examples_loaded'] = '1'
else:
security_manager.sync_role_definitions()
super(SupersetTestCase, self).__init__(*args, **kwargs)
self.client = app.test_client()
self.maxDiff = None
gamma_sqllab_role = security_manager.add_role('gamma_sqllab')
for perm in security_manager.find_role('Gamma').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
utils.get_or_create_main_db()
db_perm = self.get_main_database(security_manager.get_session).perm
security_manager.merge_perm('database_access', db_perm)
db_pvm = security_manager.find_permission_view_menu(
view_menu_name=db_perm, permission_name='database_access')
gamma_sqllab_role.permissions.append(db_pvm)
for perm in security_manager.find_role('sql_lab').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
admin = security_manager.find_user('admin')
if not admin:
security_manager.add_user('admin',
'admin',
' user',
'*****@*****.**',
security_manager.find_role('Admin'),
password='******')
gamma = security_manager.find_user('gamma')
if not gamma:
security_manager.add_user('gamma',
'gamma',
'user',
'*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma2 = security_manager.find_user('gamma2')
if not gamma2:
security_manager.add_user('gamma2',
'gamma2',
'user',
'*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma_sqllab_user = security_manager.find_user('gamma_sqllab')
if not gamma_sqllab_user:
security_manager.add_user('gamma_sqllab',
'gamma_sqllab',
'user',
'*****@*****.**',
gamma_sqllab_role,
password='******')
alpha = security_manager.find_user('alpha')
if not alpha:
security_manager.add_user('alpha',
'alpha',
'user',
'*****@*****.**',
security_manager.find_role('Alpha'),
password='******')
security_manager.get_session.commit()
# create druid cluster and druid datasources
session = db.session
cluster = (session.query(DruidCluster).filter_by(
cluster_name='druid_test').first())
if not cluster:
cluster = DruidCluster(cluster_name='druid_test')
session.add(cluster)
session.commit()
druid_datasource1 = DruidDatasource(
datasource_name='druid_ds_1',
cluster_name='druid_test',
)
session.add(druid_datasource1)
druid_datasource2 = DruidDatasource(
datasource_name='druid_ds_2',
cluster_name='druid_test',
)
session.add(druid_datasource2)
session.commit()
def __init__(self, *args, **kwargs):
if (
self.requires_examples and
not os.environ.get('examples_loaded')
):
logging.info('Loading examples')
cli.load_examples(load_test_data=True)
logging.info('Done loading examples')
security_manager.sync_role_definitions()
os.environ['examples_loaded'] = '1'
else:
security_manager.sync_role_definitions()
super(SupersetTestCase, self).__init__(*args, **kwargs)
self.client = app.test_client()
self.maxDiff = None
gamma_sqllab_role = security_manager.add_role('gamma_sqllab')
for perm in security_manager.find_role('Gamma').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
utils.get_or_create_main_db()
db_perm = self.get_main_database(security_manager.get_session).perm
security_manager.merge_perm('database_access', db_perm)
db_pvm = security_manager.find_permission_view_menu(
view_menu_name=db_perm, permission_name='database_access')
gamma_sqllab_role.permissions.append(db_pvm)
for perm in security_manager.find_role('sql_lab').permissions:
security_manager.add_permission_role(gamma_sqllab_role, perm)
admin = security_manager.find_user('admin')
if not admin:
security_manager.add_user(
'admin', 'admin', ' user', '*****@*****.**',
security_manager.find_role('Admin'),
password='******')
gamma = security_manager.find_user('gamma')
if not gamma:
security_manager.add_user(
'gamma', 'gamma', 'user', '*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma2 = security_manager.find_user('gamma2')
if not gamma2:
security_manager.add_user(
'gamma2', 'gamma2', 'user', '*****@*****.**',
security_manager.find_role('Gamma'),
password='******')
gamma_sqllab_user = security_manager.find_user('gamma_sqllab')
if not gamma_sqllab_user:
security_manager.add_user(
'gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**',
gamma_sqllab_role, password='******')
alpha = security_manager.find_user('alpha')
if not alpha:
security_manager.add_user(
'alpha', 'alpha', 'user', '*****@*****.**',
security_manager.find_role('Alpha'),
password='******')
security_manager.get_session.commit()
# create druid cluster and druid datasources
session = db.session
cluster = (
session.query(DruidCluster)
.filter_by(cluster_name='druid_test')
.first()
)
if not cluster:
cluster = DruidCluster(cluster_name='druid_test')
session.add(cluster)
session.commit()
druid_datasource1 = DruidDatasource(
datasource_name='druid_ds_1',
cluster_name='druid_test',
)
session.add(druid_datasource1)
druid_datasource2 = DruidDatasource(
datasource_name='druid_ds_2',
cluster_name='druid_test',
)
session.add(druid_datasource2)
session.commit()
def init():
"""Inits the Superset application"""
utils.get_or_create_main_db()
security_manager.sync_role_definitions()
