def test_user_can_only_read_from_datasets_they_have_access_to(
self, _application):
dataset_1_id = '47146cc4-1668-4522-82b6-eb5e5de7b044'
table_1_id = '164acfc5-3852-400e-a99d-2c7c4eff8555'
dataset_2_id = '73534d36-72f7-41b7-ad92-4d277980229e'
table_2_id = '0a5a7f68-9e38-422d-94d6-92a366da1ab5'
create_dataset(
dataset_1_id,
'explorer_dataset',
table_1_id,
'my_database',
'REQUIRES_AUTHENTICATION',
)
create_dataset(
dataset_2_id,
'explorer_dataset_2',
table_2_id,
'my_database',
'REQUIRES_AUTHORIZATION',
)
home_page = HomePage(
driver=self.driver,
base_url="http://dataworkspace.test:8000/data-explorer")
home_page.open()
home_page.enter_query(
"select count(*) as count from public.explorer_dataset")
home_page.click_run()
assert home_page.read_result_headers() == ['count']
assert home_page.read_result_rows() == [["0"]]
assert "permission denied for relation" not in home_page.get_html()
home_page.open() # Reset the page, i.e. to remove the existing query
home_page.enter_query(
"select count(*) as count from public.explorer_dataset_2")
home_page.click_run()
assert home_page.read_result_headers() == []
assert home_page.read_result_rows() == []
assert "permission denied for relation" in home_page.get_html()
def test_user_can_only_read_from_datasets_they_have_access_to(self, _application):
dataset_1_id = "47146cc4-1668-4522-82b6-eb5e5de7b044"
table_1_id = "164acfc5-3852-400e-a99d-2c7c4eff8555"
dataset_2_id = "73534d36-72f7-41b7-ad92-4d277980229e"
table_2_id = "0a5a7f68-9e38-422d-94d6-92a366da1ab5"
create_dataset(
dataset_1_id,
"explorer_dataset",
table_1_id,
"my_database",
UserAccessType.REQUIRES_AUTHENTICATION,
)
create_dataset(
dataset_2_id,
"explorer_dataset_2",
table_2_id,
"my_database",
UserAccessType.REQUIRES_AUTHORIZATION,
)
home_page = HomePage(driver=self.driver)
home_page.open()
home_page.enter_query("select count(*) as count from public.explorer_dataset")
home_page.click_run()
assert home_page.read_result_headers() == ["count"]
assert home_page.read_result_rows() == [["0"]]
assert "permission denied for relation" not in home_page.get_html()
home_page.open() # Reset the page, i.e. to remove the existing query
home_page.enter_query("select count(*) as count from public.explorer_dataset_2")
home_page.click_run()
assert home_page.read_result_headers() == []
assert home_page.read_result_rows() == []
assert "permission denied for table" in home_page.get_html()
def test_data_explorer_cached_credentials_can_be_reset_using_admin_action(self, _application):
# This doesn't strictly test that the action is available to an admin, but it does test the routine
# that the admin action uses.
dataset_1_id = "47146cc4-1668-4522-82b6-eb5e5de7b044"
table_1_id = "164acfc5-3852-400e-a99d-2c7c4eff8555"
dataset_2_id = "73534d36-72f7-41b7-ad92-4d277980229e"
table_2_id = "0a5a7f68-9e38-422d-94d6-92a366da1ab5"
create_dataset(
dataset_1_id,
"explorer_dataset",
table_1_id,
"my_database",
UserAccessType.REQUIRES_AUTHENTICATION,
)
create_dataset(
dataset_2_id,
"explorer_2_dataset",
table_2_id,
"my_database",
UserAccessType.REQUIRES_AUTHENTICATION,
)
home_page = HomePage(driver=self.driver)
home_page.open()
home_page.enter_query("select count(*) as count from public.explorer_dataset")
home_page.click_run()
assert home_page.read_result_headers() == ["count"]
assert home_page.read_result_rows() == [["0"]]
assert "permission denied for relation" not in home_page.get_html()
assert "Columns in public.explorer_dataset" in home_page.get_html()
assert "Columns in public.explorer_2_dataset" in home_page.get_html()
set_dataset_access_type(dataset_1_id, UserAccessType.REQUIRES_AUTHORIZATION)
home_page.open() # Reset the page, i.e. to remove the existing query
home_page.enter_query("select count(*) as count from public.explorer_dataset")
home_page.click_run()
# Should still be using cached credentials, so still available. (Note: this isn't ideal, but _is_ how things
# should be working based on the current implementation.
assert home_page.read_result_headers() == ["count"]
assert home_page.read_result_rows() == [["0"]]
assert "permission denied for relation" not in home_page.get_html()
assert "Columns in public.explorer_dataset" in home_page.get_html()
assert "Columns in public.explorer_2_dataset" in home_page.get_html()
reset_data_explorer_credentials(user_sso_id="9931f73c-469d-4110-9f58-92a74ab1bbfa")
home_page.open() # Reset the page, i.e. to remove the existing query
home_page.enter_query("select count(*) as count from public.explorer_dataset")
home_page.click_run()
# The cached credentials should have been cleared, so new ones will be generated where access isn't available.
assert home_page.read_result_headers() == []
assert home_page.read_result_rows() == []
assert "permission denied for table" in home_page.get_html()
assert "Columns in public.explorer_dataset" not in home_page.get_html()
assert "Columns in public.explorer_2_dataset" in home_page.get_html()