def test_migrate_role(descriptiom, new_pvms, pvm_map, external_pvms,
deleted_views, deleted_permissions):
"""
Permission migration: generic tests
"""
logger.info(descriptiom)
with create_old_role(pvm_map, external_pvms) as old_role:
role_name = old_role.name
session = db.session
# Run migrations
add_pvms(session, new_pvms)
migrate_roles(session, pvm_map)
role = db.session.query(Role).filter(
Role.name == role_name).one_or_none()
for old_pvm, new_pvms in pvm_map.items():
old_pvm_model = security_manager.find_permission_view_menu(
old_pvm.permission, old_pvm.view)
assert old_pvm_model is None
new_pvm_model = security_manager.find_permission_view_menu(
new_pvms[0].permission, new_pvms[0].view)
assert new_pvm_model is not None
assert new_pvm_model in role.permissions
# assert deleted view menus
for deleted_view in deleted_views:
assert security_manager.find_view_menu(deleted_view) is None
# assert deleted permissions
for deleted_permission in deleted_permissions:
assert security_manager.find_permission(deleted_permission) is None
# assert externals are still there
for external_pvm in external_pvms:
assert (security_manager.find_permission_view_menu(
external_pvm.permission, external_pvm.view) is not None)
def create_old_role(pvm_map: PvmMigrationMapType, external_pvms):
with app.app_context():
pvms = []
for old_pvm, new_pvms in pvm_map.items():
pvms.append(
security_manager.add_permission_view_menu(
old_pvm.permission, old_pvm.view))
for external_pvm in external_pvms:
pvms.append(
security_manager.find_permission_view_menu(
external_pvm.permission, external_pvm.view))
new_role = Role(name="Dummy Role", permissions=pvms)
db.session.add(new_role)
db.session.commit()
yield new_role
new_role = (db.session.query(Role).filter(
Role.name == "Dummy Role").one_or_none())
new_role.permissions = []
db.session.merge(new_role)
for old_pvm, new_pvms in pvm_map.items():
security_manager.del_permission_view_menu(old_pvm.permission,
old_pvm.view)
for new_pvm in new_pvms:
security_manager.del_permission_view_menu(
new_pvm.permission, new_pvm.view)
db.session.delete(new_role)
db.session.commit()
def run(self) -> Model:
self.validate()
if not self._model:
raise DatabaseNotFoundError()
old_database_name = self._model.database_name
try:
database = DatabaseDAO.update(self._model,
self._properties,
commit=False)
database.set_sqlalchemy_uri(database.sqlalchemy_uri)
# adding a new database we always want to force refresh schema list
# TODO Improve this simplistic implementation for catching DB conn fails
try:
schemas = database.get_all_schema_names()
except Exception as ex:
db.session.rollback()
raise DatabaseConnectionFailedError() from ex
# Update database schema permissions
new_schemas: List[str] = []
for schema in schemas:
old_view_menu_name = security_manager.get_schema_perm(
old_database_name, schema)
new_view_menu_name = security_manager.get_schema_perm(
database.database_name, schema)
schema_pvm = security_manager.find_permission_view_menu(
"schema_access", old_view_menu_name)
# Update the schema permission if the database name changed
if schema_pvm and old_database_name != database.database_name:
schema_pvm.view_menu.name = new_view_menu_name
else:
new_schemas.append(schema)
for schema in new_schemas:
security_manager.add_permission_view_menu(
"schema_access",
security_manager.get_schema_perm(database, schema))
db.session.commit()
except DAOUpdateFailedError as ex:
logger.exception(ex.exception)
raise DatabaseUpdateFailedError() from ex
return database