def test_public_sync_role_data_perms(self): """ Security: Tests if the sync role method preserves data access permissions if they already exist on a public role. Also check that non data access permissions are removed """ table = db.session.query(SqlaTable).filter_by( table_name="birth_names").one() self.grant_public_access_to_table(table) public_role = security_manager.get_public_role() unwanted_pvm = security_manager.find_permission_view_menu( "menu_access", "Security") public_role.permissions.append(unwanted_pvm) db.session.commit() security_manager.sync_role_definitions() public_role = security_manager.get_public_role() public_role_resource_names = [ permission.view_menu.name for permission in public_role.permissions ] assert table.get_perm() in public_role_resource_names assert "Security" not in public_role_resource_names # Cleanup self.revoke_public_access_to_table(table)
def __init__(self, *args, **kwargs): if (self.requires_examples and not os.environ.get('examples_loaded')): logging.info('Loading examples') cli.load_examples_run(load_test_data=True) logging.info('Done loading examples') security_manager.sync_role_definitions() os.environ['examples_loaded'] = '1' else: security_manager.sync_role_definitions() super(SupersetTestCase, self).__init__(*args, **kwargs) self.client = app.test_client() self.maxDiff = None cli.load_test_users_run() # create druid cluster and druid datasources session = db.session cluster = (session.query(DruidCluster).filter_by( cluster_name='druid_test').first()) if not cluster: cluster = DruidCluster(cluster_name='druid_test') session.add(cluster) session.commit() druid_datasource1 = DruidDatasource( datasource_name='druid_ds_1', cluster_name='druid_test', ) session.add(druid_datasource1) druid_datasource2 = DruidDatasource( datasource_name='druid_ds_2', cluster_name='druid_test', ) session.add(druid_datasource2) session.commit()
def load_test_users_run(): """ Loads admin, alpha, and gamma user for testing purposes Syncs permissions for those users/roles """ if config.get('TESTING'): security_manager.sync_role_definitions() gamma_sqllab_role = security_manager.add_role('gamma_sqllab') for perm in security_manager.find_role('Gamma').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) utils.get_or_create_main_db() db_perm = utils.get_main_database(security_manager.get_session).perm security_manager.merge_perm('database_access', db_perm) db_pvm = security_manager.find_permission_view_menu( view_menu_name=db_perm, permission_name='database_access') gamma_sqllab_role.permissions.append(db_pvm) for perm in security_manager.find_role('sql_lab').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) admin = security_manager.find_user('admin') if not admin: security_manager.add_user( 'admin', 'admin', ' user', '*****@*****.**', security_manager.find_role('Admin'), password='******') gamma = security_manager.find_user('gamma') if not gamma: security_manager.add_user( 'gamma', 'gamma', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma2 = security_manager.find_user('gamma2') if not gamma2: security_manager.add_user( 'gamma2', 'gamma2', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma_sqllab_user = security_manager.find_user('gamma_sqllab') if not gamma_sqllab_user: security_manager.add_user( 'gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**', gamma_sqllab_role, password='******') alpha = security_manager.find_user('alpha') if not alpha: security_manager.add_user( 'alpha', 'alpha', 'user', '*****@*****.**', security_manager.find_role('Alpha'), password='******') security_manager.get_session.commit()
def load_test_users_run(): """ Loads admin, alpha, and gamma user for testing purposes Syncs permissions for those users/roles """ if config.get('TESTING'): security_manager.sync_role_definitions() gamma_sqllab_role = security_manager.add_role('gamma_sqllab') for perm in security_manager.find_role('Gamma').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) utils.get_or_create_main_db() db_perm = utils.get_main_database(security_manager.get_session).perm security_manager.merge_perm('database_access', db_perm) db_pvm = security_manager.find_permission_view_menu( view_menu_name=db_perm, permission_name='database_access') gamma_sqllab_role.permissions.append(db_pvm) for perm in security_manager.find_role('sql_lab').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) admin = security_manager.find_user('admin') if not admin: security_manager.add_user( 'admin', 'admin', ' user', '*****@*****.**', security_manager.find_role('Admin'), password='******') gamma = security_manager.find_user('gamma') if not gamma: security_manager.add_user( 'gamma', 'gamma', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma2 = security_manager.find_user('gamma2') if not gamma2: security_manager.add_user( 'gamma2', 'gamma2', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma_sqllab_user = security_manager.find_user('gamma_sqllab') if not gamma_sqllab_user: security_manager.add_user( 'gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**', gamma_sqllab_role, password='******') alpha = security_manager.find_user('alpha') if not alpha: security_manager.add_user( 'alpha', 'alpha', 'user', '*****@*****.**', security_manager.find_role('Alpha'), password='******') security_manager.get_session.commit()
def init(): """Inits the Superset application""" utils.get_or_create_main_db() security_manager.sync_role_definitions() role_admin = security_manager.find_role(security_manager.auth_role_admin) username = firstname = lastname = password = "******" email = "*****@*****.**" user = security_manager.find_user(username) if user is None: user = security_manager.add_user(username, firstname, lastname, email, role_admin, password) if user: print(Fore.GREEN + 'Admin User {0} created.'.format(username)) else: print(Fore.RED + 'No user created an error occured')
def bootstrap(): # always run migrations first db_upgrade() # always gitbase script to update datasource if it was changed in env var dbobj = get_or_create_datasource('gitbase', conf.get('GITBASE_DATABASE_URI'), allow_run_async=True, allow_dml=True) create_datasource_tables(dbobj, conf.get('GITBASE_DB')) # add metadata data source only in sync mode if conf.get('SYNC_MODE'): dbobj = get_or_create_datasource('metadata', conf.get('METADATA_DATABASE_URI')) create_datasource_tables(dbobj, conf.get('METADATA_DB')) # initialize database if empty users = [u.username for u in security_manager.get_all_users()] if not conf.get('DEFAULT_USERNAME') in users: # Create an admin user role_admin = security_manager.find_role( security_manager.auth_role_admin) admin_user = security_manager.add_user(conf.get('DEFAULT_USERNAME'), os.environ['ADMIN_FIRST_NAME'], os.environ['ADMIN_LAST_NAME'], os.environ['ADMIN_EMAIL'], role_admin, os.environ['ADMIN_PASSWORD']) # Create default roles and permissions utils.get_or_create_main_db() security_manager.sync_role_definitions() # set admin user as a current user g.user = admin_user # Add dashboards dashboards_root = '/home/superset/dashboards' import_dashboard(dashboards_root + '/gitbase/overview.json') if conf.get('SYNC_MODE'): import_dashboard(dashboards_root + '/metadata/welcome.json') import_dashboard(dashboards_root + '/metadata/collaboration.json') else: import_dashboard(dashboards_root + '/gitbase/welcome.json') # set welcome dashboard as a default set_welcome_dashboard(conf.get('DEFAULT_DASHBOARD_ID'), admin_user)
def test_public_sync_role_builtin_perms(self): """ Security: Tests public role creation based on a builtin role """ current_app.config["PUBLIC_ROLE_LIKE"] = "TestRole" security_manager.sync_role_definitions() public_role = security_manager.get_public_role() public_role_resource_names = [[ permission.view_menu.name, permission.permission.name ] for permission in public_role.permissions] for pvm in current_app.config["FAB_ROLES"]["TestRole"]: assert pvm in public_role_resource_names # Cleanup current_app.config["PUBLIC_ROLE_LIKE"] = "Gamma" security_manager.sync_role_definitions()
def setUpClass(cls): try: os.remove(app.config.get('SQL_CELERY_DB_FILE_PATH')) except OSError as e: app.logger.warn(str(e)) try: os.remove(app.config.get('SQL_CELERY_RESULTS_DB_FILE_PATH')) except OSError as e: app.logger.warn(str(e)) security_manager.sync_role_definitions() worker_command = BASE_DIR + '/bin/superset worker' subprocess.Popen( worker_command, shell=True, stdout=subprocess.PIPE) admin = security_manager.find_user('admin') if not admin: security_manager.add_user( 'admin', 'admin', ' user', '*****@*****.**', security_manager.find_role('Admin'), password='******') cli.load_examples_run(load_test_data=True)
def setUpClass(cls): try: os.remove(app.config.get('SQL_CELERY_DB_FILE_PATH')) except OSError as e: app.logger.warn(str(e)) try: os.remove(app.config.get('SQL_CELERY_RESULTS_DB_FILE_PATH')) except OSError as e: app.logger.warn(str(e)) security_manager.sync_role_definitions() worker_command = BASE_DIR + '/bin/superset worker' subprocess.Popen( worker_command, shell=True, stdout=subprocess.PIPE) admin = security_manager.find_user('admin') if not admin: security_manager.add_user( 'admin', 'admin', ' user', '*****@*****.**', security_manager.find_role('Admin'), password='******') cli.load_examples(load_test_data=True)
def init() -> None: """Inits the Superset application""" appbuilder.add_permissions(update_perms=True) security_manager.sync_role_definitions()
def init(): """Inits the Superset application""" utils.get_or_create_main_db() security_manager.sync_role_definitions()
def init(): """Inits the Superset application""" utils.get_or_create_main_db() utils.get_example_database() appbuilder.add_permissions(update_perms=True) security_manager.sync_role_definitions()
def load_test_users_run(): """ Loads admin, alpha, and gamma user for testing purposes Syncs permissions for those users/roles """ if config.get("TESTING"): security_manager.sync_role_definitions() gamma_sqllab_role = security_manager.add_role("gamma_sqllab") for perm in security_manager.find_role("Gamma").permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) utils.get_or_create_main_db() db_perm = utils.get_main_database().perm security_manager.add_permission_view_menu("database_access", db_perm) db_pvm = security_manager.find_permission_view_menu( view_menu_name=db_perm, permission_name="database_access" ) gamma_sqllab_role.permissions.append(db_pvm) for perm in security_manager.find_role("sql_lab").permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) admin = security_manager.find_user("admin") if not admin: security_manager.add_user( "admin", "admin", " user", "*****@*****.**", security_manager.find_role("Admin"), password="******", ) gamma = security_manager.find_user("gamma") if not gamma: security_manager.add_user( "gamma", "gamma", "user", "*****@*****.**", security_manager.find_role("Gamma"), password="******", ) gamma2 = security_manager.find_user("gamma2") if not gamma2: security_manager.add_user( "gamma2", "gamma2", "user", "*****@*****.**", security_manager.find_role("Gamma"), password="******", ) gamma_sqllab_user = security_manager.find_user("gamma_sqllab") if not gamma_sqllab_user: security_manager.add_user( "gamma_sqllab", "gamma_sqllab", "user", "*****@*****.**", gamma_sqllab_role, password="******", ) alpha = security_manager.find_user("alpha") if not alpha: security_manager.add_user( "alpha", "alpha", "user", "*****@*****.**", security_manager.find_role("Alpha"), password="******", ) security_manager.get_session.commit()
def __init__(self, *args, **kwargs): if (self.requires_examples and not os.environ.get('examples_loaded')): logging.info('Loading examples') cli.load_examples_run(load_test_data=True) logging.info('Done loading examples') security_manager.sync_role_definitions() os.environ['examples_loaded'] = '1' else: security_manager.sync_role_definitions() super(SupersetTestCase, self).__init__(*args, **kwargs) self.client = app.test_client() self.maxDiff = None gamma_sqllab_role = security_manager.add_role('gamma_sqllab') for perm in security_manager.find_role('Gamma').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) utils.get_or_create_main_db() db_perm = self.get_main_database(security_manager.get_session).perm security_manager.merge_perm('database_access', db_perm) db_pvm = security_manager.find_permission_view_menu( view_menu_name=db_perm, permission_name='database_access') gamma_sqllab_role.permissions.append(db_pvm) for perm in security_manager.find_role('sql_lab').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) admin = security_manager.find_user('admin') if not admin: security_manager.add_user('admin', 'admin', ' user', '*****@*****.**', security_manager.find_role('Admin'), password='******') gamma = security_manager.find_user('gamma') if not gamma: security_manager.add_user('gamma', 'gamma', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma2 = security_manager.find_user('gamma2') if not gamma2: security_manager.add_user('gamma2', 'gamma2', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma_sqllab_user = security_manager.find_user('gamma_sqllab') if not gamma_sqllab_user: security_manager.add_user('gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**', gamma_sqllab_role, password='******') alpha = security_manager.find_user('alpha') if not alpha: security_manager.add_user('alpha', 'alpha', 'user', '*****@*****.**', security_manager.find_role('Alpha'), password='******') security_manager.get_session.commit() # create druid cluster and druid datasources session = db.session cluster = (session.query(DruidCluster).filter_by( cluster_name='druid_test').first()) if not cluster: cluster = DruidCluster(cluster_name='druid_test') session.add(cluster) session.commit() druid_datasource1 = DruidDatasource( datasource_name='druid_ds_1', cluster_name='druid_test', ) session.add(druid_datasource1) druid_datasource2 = DruidDatasource( datasource_name='druid_ds_2', cluster_name='druid_test', ) session.add(druid_datasource2) session.commit()
def __init__(self, *args, **kwargs): if ( self.requires_examples and not os.environ.get('examples_loaded') ): logging.info('Loading examples') cli.load_examples(load_test_data=True) logging.info('Done loading examples') security_manager.sync_role_definitions() os.environ['examples_loaded'] = '1' else: security_manager.sync_role_definitions() super(SupersetTestCase, self).__init__(*args, **kwargs) self.client = app.test_client() self.maxDiff = None gamma_sqllab_role = security_manager.add_role('gamma_sqllab') for perm in security_manager.find_role('Gamma').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) utils.get_or_create_main_db() db_perm = self.get_main_database(security_manager.get_session).perm security_manager.merge_perm('database_access', db_perm) db_pvm = security_manager.find_permission_view_menu( view_menu_name=db_perm, permission_name='database_access') gamma_sqllab_role.permissions.append(db_pvm) for perm in security_manager.find_role('sql_lab').permissions: security_manager.add_permission_role(gamma_sqllab_role, perm) admin = security_manager.find_user('admin') if not admin: security_manager.add_user( 'admin', 'admin', ' user', '*****@*****.**', security_manager.find_role('Admin'), password='******') gamma = security_manager.find_user('gamma') if not gamma: security_manager.add_user( 'gamma', 'gamma', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma2 = security_manager.find_user('gamma2') if not gamma2: security_manager.add_user( 'gamma2', 'gamma2', 'user', '*****@*****.**', security_manager.find_role('Gamma'), password='******') gamma_sqllab_user = security_manager.find_user('gamma_sqllab') if not gamma_sqllab_user: security_manager.add_user( 'gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**', gamma_sqllab_role, password='******') alpha = security_manager.find_user('alpha') if not alpha: security_manager.add_user( 'alpha', 'alpha', 'user', '*****@*****.**', security_manager.find_role('Alpha'), password='******') security_manager.get_session.commit() # create druid cluster and druid datasources session = db.session cluster = ( session.query(DruidCluster) .filter_by(cluster_name='druid_test') .first() ) if not cluster: cluster = DruidCluster(cluster_name='druid_test') session.add(cluster) session.commit() druid_datasource1 = DruidDatasource( datasource_name='druid_ds_1', cluster_name='druid_test', ) session.add(druid_datasource1) druid_datasource2 = DruidDatasource( datasource_name='druid_ds_2', cluster_name='druid_test', ) session.add(druid_datasource2) session.commit()
def init(): """Inits the Superset application""" utils.get_or_create_main_db() security_manager.sync_role_definitions()