def test_filter_druid_datasource(self): CLUSTER_NAME = 'new_druid' cluster = self.get_or_create( DruidCluster, {'cluster_name': CLUSTER_NAME}, db.session) db.session.merge(cluster) gamma_ds = self.get_or_create( DruidDatasource, {'datasource_name': 'datasource_for_gamma'}, db.session) gamma_ds.cluster = cluster db.session.merge(gamma_ds) no_gamma_ds = self.get_or_create( DruidDatasource, {'datasource_name': 'datasource_not_for_gamma'}, db.session) no_gamma_ds.cluster = cluster db.session.merge(no_gamma_ds) db.session.commit() security.merge_perm(sm, 'datasource_access', gamma_ds.perm) security.merge_perm(sm, 'datasource_access', no_gamma_ds.perm) perm = sm.find_permission_view_menu( 'datasource_access', gamma_ds.get_perm()) sm.add_permission_role(sm.find_role('Gamma'), perm) sm.get_session.commit() self.login(username='******') url = '/druiddatasourcemodelview/list/' resp = self.get_resp(url) self.assertIn('datasource_for_gamma', resp) self.assertNotIn('datasource_not_for_gamma', resp)
def test_clean_requests_after_db_grant(self): session = db.session # Case 3. Two access requests from gamma and gamma2 # Gamma gets database access, gamma2 access request granted # Check if request by gamma has been deleted gamma_user = sm.find_user(username='******') access_request1 = create_access_request(session, 'table', 'long_lat', TEST_ROLE_1, 'gamma') access_request2 = create_access_request(session, 'table', 'long_lat', TEST_ROLE_2, 'gamma2') ds_1_id = access_request1.datasource_id # gamma gets granted database access database = session.query(models.Database).first() security.merge_perm(sm, 'database_access', database.perm) ds_perm_view = sm.find_permission_view_menu('database_access', database.perm) sm.add_permission_role(sm.find_role(DB_ACCESS_ROLE), ds_perm_view) gamma_user.roles.append(sm.find_role(DB_ACCESS_ROLE)) session.commit() access_requests = self.get_access_requests('gamma', 'table', ds_1_id) self.assertTrue(access_requests) # gamma2 request gets fulfilled self.client.get( EXTEND_ROLE_REQUEST.format('table', ds_1_id, 'gamma2', TEST_ROLE_2)) access_requests = self.get_access_requests('gamma', 'table', ds_1_id) self.assertFalse(access_requests) gamma_user = sm.find_user(username='******') gamma_user.roles.remove(sm.find_role(DB_ACCESS_ROLE)) session.commit()
def test_clean_requests_after_db_grant(self): session = db.session # Case 3. Two access requests from gamma and gamma2 # Gamma gets database access, gamma2 access request granted # Check if request by gamma has been deleted gamma_user = sm.find_user(username='******') access_request1 = create_access_request( session, 'table', 'long_lat', TEST_ROLE_1, 'gamma') create_access_request( session, 'table', 'long_lat', TEST_ROLE_2, 'gamma2') ds_1_id = access_request1.datasource_id # gamma gets granted database access database = session.query(models.Database).first() security.merge_perm( sm, 'database_access', database.perm) ds_perm_view = sm.find_permission_view_menu( 'database_access', database.perm) sm.add_permission_role( sm.find_role(DB_ACCESS_ROLE), ds_perm_view) gamma_user.roles.append(sm.find_role(DB_ACCESS_ROLE)) session.commit() access_requests = self.get_access_requests('gamma', 'table', ds_1_id) self.assertTrue(access_requests) # gamma2 request gets fulfilled self.client.get(EXTEND_ROLE_REQUEST.format( 'table', ds_1_id, 'gamma2', TEST_ROLE_2)) access_requests = self.get_access_requests('gamma', 'table', ds_1_id) self.assertFalse(access_requests) gamma_user = sm.find_user(username='******') gamma_user.roles.remove(sm.find_role(DB_ACCESS_ROLE)) session.commit()
def post_add(self, table): table.fetch_metadata() security.merge_perm(sm, 'datasource_access', table.get_perm()) if table.schema: security.merge_perm(sm, 'schema_access', table.schema_perm) flash( _("The table was created. As part of this two phase configuration " "process, you should now click the edit button by " "the new table to configure it."), "info")
def post_add(self, datasource, flash_message=True): datasource.get_metadata() security.merge_perm(security_manager, 'datasource_access', datasource.get_perm()) if flash_message: flash( _('The datasource was created. ' 'As part of this two phase configuration ' 'process, you should now click the edit button by ' 'the new datasource to configure it.'), 'info')
def post_add(self, table, flash_message=True): table.fetch_metadata() security.merge_perm(sm, 'datasource_access', table.get_perm()) if table.schema: security.merge_perm(sm, 'schema_access', table.schema_perm) if flash_message: flash(_( 'The table was created. ' 'As part of this two phase configuration ' 'process, you should now click the edit button by ' 'the new table to configure it.'), 'info')
def post_add(self, table, flash_message=True): table.fetch_metadata() security.merge_perm(sm, 'datasource_access', table.get_perm()) if table.schema: security.merge_perm(sm, 'schema_access', table.schema_perm) if flash_message: flash( _('The table was created. ' 'As part of this two phase configuration ' 'process, you should now click the edit button by ' 'the new table to configure it.'), 'info')
def test_clean_requests_after_schema_grant(self): session = db.session # Case 4. Two access requests from gamma and gamma2 # Gamma gets schema access, gamma2 access request granted # Check if request by gamma has been deleted gamma_user = sm.find_user(username='******') access_request1 = create_access_request(session, 'table', 'wb_health_population', TEST_ROLE_1, 'gamma') access_request2 = create_access_request(session, 'table', 'wb_health_population', TEST_ROLE_2, 'gamma2') ds_1_id = access_request1.datasource_id ds = session.query(models.SqlaTable).filter_by( table_name='wb_health_population').first() ds.schema = 'temp_schema' security.merge_perm(sm, 'schema_access', ds.schema_perm) schema_perm_view = sm.find_permission_view_menu( 'schema_access', ds.schema_perm) sm.add_permission_role(sm.find_role(SCHEMA_ACCESS_ROLE), schema_perm_view) gamma_user.roles.append(sm.find_role(SCHEMA_ACCESS_ROLE)) session.commit() # gamma2 request gets fulfilled self.client.get( EXTEND_ROLE_REQUEST.format('table', ds_1_id, 'gamma2', TEST_ROLE_2)) access_requests = self.get_access_requests('gamma', 'table', ds_1_id) self.assertFalse(access_requests) gamma_user = sm.find_user(username='******') gamma_user.roles.remove(sm.find_role(SCHEMA_ACCESS_ROLE)) ds = session.query(models.SqlaTable).filter_by( table_name='wb_health_population').first() ds.schema = None session.commit()
def test_clean_requests_after_schema_grant(self): session = db.session # Case 4. Two access requests from gamma and gamma2 # Gamma gets schema access, gamma2 access request granted # Check if request by gamma has been deleted gamma_user = sm.find_user(username='******') access_request1 = create_access_request( session, 'table', 'wb_health_population', TEST_ROLE_1, 'gamma') access_request2 = create_access_request( session, 'table', 'wb_health_population', TEST_ROLE_2, 'gamma2') ds_1_id = access_request1.datasource_id ds = session.query(SqlaTable).filter_by( table_name='wb_health_population').first() ds.schema = 'temp_schema' security.merge_perm( sm, 'schema_access', ds.schema_perm) schema_perm_view = sm.find_permission_view_menu( 'schema_access', ds.schema_perm) sm.add_permission_role( sm.find_role(SCHEMA_ACCESS_ROLE) , schema_perm_view) gamma_user.roles.append(sm.find_role(SCHEMA_ACCESS_ROLE)) session.commit() # gamma2 request gets fulfilled self.client.get(EXTEND_ROLE_REQUEST.format( 'table', ds_1_id, 'gamma2', TEST_ROLE_2)) access_requests = self.get_access_requests('gamma', 'table', ds_1_id) self.assertFalse(access_requests) gamma_user = sm.find_user(username='******') gamma_user.roles.remove(sm.find_role(SCHEMA_ACCESS_ROLE)) ds = session.query(SqlaTable).filter_by( table_name='wb_health_population').first() ds.schema = None session.commit()
def post_add(self, metric): if metric.is_restricted: security.merge_perm(sm, 'metric_access', metric.perm)
def __init__(self, *args, **kwargs): super(SqlLabTests, self).__init__(*args, **kwargs) gamma_sqllab = appbuilder.sm.find_role('gamma_sqllab') security.merge_perm(sm, 'database_access', self.get_main_database(db.session).perm)
def post_add(self, datasource): datasource.generate_metrics() security.merge_perm(sm, 'datasource_access', datasource.get_perm()) if datasource.schema: security.merge_perm(sm, 'schema_access', datasource.schema_perm)
def post_update(self, metric): if metric.is_restricted: security.merge_perm(sm, 'metric_access', metric.get_perm())
def __init__(self, *args, **kwargs): if ( self.requires_examples and not os.environ.get('SOLO_TEST') and not os.environ.get('examples_loaded') ): logging.info("Loading examples") cli.load_examples(load_test_data=True) logging.info("Done loading examples") sync_role_definitions() os.environ['examples_loaded'] = '1' else: sync_role_definitions() super(SupersetTestCase, self).__init__(*args, **kwargs) self.client = app.test_client() self.maxDiff = None gamma_sqllab_role = sm.add_role("gamma_sqllab") for perm in sm.find_role('Gamma').permissions: sm.add_permission_role(gamma_sqllab_role, perm) db_perm = self.get_main_database(sm.get_session).perm security.merge_perm(sm, 'database_access', db_perm) db_pvm = sm.find_permission_view_menu( view_menu_name=db_perm, permission_name='database_access') gamma_sqllab_role.permissions.append(db_pvm) for perm in sm.find_role('sql_lab').permissions: sm.add_permission_role(gamma_sqllab_role, perm) admin = appbuilder.sm.find_user('admin') if not admin: appbuilder.sm.add_user( 'admin', 'admin', ' user', '*****@*****.**', appbuilder.sm.find_role('Admin'), password='******') gamma = appbuilder.sm.find_user('gamma') if not gamma: appbuilder.sm.add_user( 'gamma', 'gamma', 'user', '*****@*****.**', appbuilder.sm.find_role('Gamma'), password='******') gamma2 = appbuilder.sm.find_user('gamma2') if not gamma2: appbuilder.sm.add_user( 'gamma2', 'gamma2', 'user', '*****@*****.**', appbuilder.sm.find_role('Gamma'), password='******') gamma_sqllab_user = appbuilder.sm.find_user('gamma_sqllab') if not gamma_sqllab_user: appbuilder.sm.add_user( 'gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**', gamma_sqllab_role, password='******') alpha = appbuilder.sm.find_user('alpha') if not alpha: appbuilder.sm.add_user( 'alpha', 'alpha', 'user', '*****@*****.**', appbuilder.sm.find_role('Alpha'), password='******') sm.get_session.commit() # create druid cluster and druid datasources session = db.session cluster = ( session.query(DruidCluster) .filter_by(cluster_name="druid_test") .first() ) if not cluster: cluster = DruidCluster(cluster_name="druid_test") session.add(cluster) session.commit() druid_datasource1 = DruidDatasource( datasource_name='druid_ds_1', cluster_name='druid_test' ) session.add(druid_datasource1) druid_datasource2 = DruidDatasource( datasource_name='druid_ds_2', cluster_name='druid_test' ) session.add(druid_datasource2) session.commit()
def pre_add(self, cluster): security.merge_perm(sm, 'database_access', cluster.perm)
def post_update(self, columns): if columns.is_restricted: security.merge_perm(sm, 'columns_access', columns.perm)
def __init__(self, *args, **kwargs): if self.requires_examples and not os.environ.get("SOLO_TEST") and not os.environ.get("examples_loaded"): logging.info("Loading examples") cli.load_examples(load_test_data=True) logging.info("Done loading examples") sync_role_definitions() os.environ["examples_loaded"] = "1" else: sync_role_definitions() super(SupersetTestCase, self).__init__(*args, **kwargs) self.client = app.test_client() self.maxDiff = None gamma_sqllab_role = sm.add_role("gamma_sqllab") for perm in sm.find_role("Gamma").permissions: sm.add_permission_role(gamma_sqllab_role, perm) db_perm = self.get_main_database(sm.get_session).perm security.merge_perm(sm, "database_access", db_perm) db_pvm = sm.find_permission_view_menu(view_menu_name=db_perm, permission_name="database_access") gamma_sqllab_role.permissions.append(db_pvm) for perm in sm.find_role("sql_lab").permissions: sm.add_permission_role(gamma_sqllab_role, perm) admin = appbuilder.sm.find_user("admin") if not admin: appbuilder.sm.add_user( "admin", "admin", " user", "*****@*****.**", appbuilder.sm.find_role("Admin"), password="******" ) gamma = appbuilder.sm.find_user("gamma") if not gamma: appbuilder.sm.add_user( "gamma", "gamma", "user", "*****@*****.**", appbuilder.sm.find_role("Gamma"), password="******" ) gamma_sqllab_user = appbuilder.sm.find_user("gamma_sqllab") if not gamma_sqllab_user: appbuilder.sm.add_user( "gamma_sqllab", "gamma_sqllab", "user", "*****@*****.**", gamma_sqllab_role, password="******" ) alpha = appbuilder.sm.find_user("alpha") if not alpha: appbuilder.sm.add_user( "alpha", "alpha", "user", "*****@*****.**", appbuilder.sm.find_role("Alpha"), password="******" ) sm.get_session.commit() # create druid cluster and druid datasources session = db.session cluster = session.query(models.DruidCluster).filter_by(cluster_name="druid_test").first() if not cluster: cluster = models.DruidCluster(cluster_name="druid_test") session.add(cluster) session.commit() druid_datasource1 = models.DruidDatasource(datasource_name="druid_ds_1", cluster_name="druid_test") session.add(druid_datasource1) druid_datasource2 = models.DruidDatasource(datasource_name="druid_ds_2", cluster_name="druid_test") session.add(druid_datasource2) session.commit()
def __init__(self, *args, **kwargs): if (self.requires_examples and not os.environ.get('SOLO_TEST') and not os.environ.get('examples_loaded')): logging.info('Loading examples') cli.load_examples(load_test_data=True) logging.info('Done loading examples') sync_role_definitions() os.environ['examples_loaded'] = '1' else: sync_role_definitions() super(SupersetTestCase, self).__init__(*args, **kwargs) self.client = app.test_client() self.maxDiff = None gamma_sqllab_role = sm.add_role('gamma_sqllab') for perm in sm.find_role('Gamma').permissions: sm.add_permission_role(gamma_sqllab_role, perm) db_perm = self.get_main_database(sm.get_session).perm security.merge_perm(sm, 'database_access', db_perm) db_pvm = sm.find_permission_view_menu( view_menu_name=db_perm, permission_name='database_access') gamma_sqllab_role.permissions.append(db_pvm) for perm in sm.find_role('sql_lab').permissions: sm.add_permission_role(gamma_sqllab_role, perm) admin = appbuilder.sm.find_user('admin') if not admin: appbuilder.sm.add_user('admin', 'admin', ' user', '*****@*****.**', appbuilder.sm.find_role('Admin'), password='******') gamma = appbuilder.sm.find_user('gamma') if not gamma: appbuilder.sm.add_user('gamma', 'gamma', 'user', '*****@*****.**', appbuilder.sm.find_role('Gamma'), password='******') gamma2 = appbuilder.sm.find_user('gamma2') if not gamma2: appbuilder.sm.add_user('gamma2', 'gamma2', 'user', '*****@*****.**', appbuilder.sm.find_role('Gamma'), password='******') gamma_sqllab_user = appbuilder.sm.find_user('gamma_sqllab') if not gamma_sqllab_user: appbuilder.sm.add_user('gamma_sqllab', 'gamma_sqllab', 'user', '*****@*****.**', gamma_sqllab_role, password='******') alpha = appbuilder.sm.find_user('alpha') if not alpha: appbuilder.sm.add_user('alpha', 'alpha', 'user', '*****@*****.**', appbuilder.sm.find_role('Alpha'), password='******') sm.get_session.commit() # create druid cluster and druid datasources session = db.session cluster = (session.query(DruidCluster).filter_by( cluster_name='druid_test').first()) if not cluster: cluster = DruidCluster(cluster_name='druid_test') session.add(cluster) session.commit() druid_datasource1 = DruidDatasource( datasource_name='druid_ds_1', cluster_name='druid_test', ) session.add(druid_datasource1) druid_datasource2 = DruidDatasource( datasource_name='druid_ds_2', cluster_name='druid_test', ) session.add(druid_datasource2) session.commit()
def post_add(self, metric): if metric.is_restricted: security.merge_perm(security_manager, 'metric_access', metric.get_perm())