def _delete(self, pk): """ Delete function logic, override to implement diferent logic deletes the record with primary_key = pk :param pk: record primary key to delete """ item = self.datamodel.get(pk, self._base_filters) if not item: abort(404) try: self.pre_delete(item) except Exception as e: flash(str(e), "danger") else: view_menu = security_manager.find_view_menu(item.get_perm()) pvs = ( security_manager.get_session.query( security_manager.permissionview_model ) .filter_by(view_menu=view_menu) .all() ) schema_view_menu = None if hasattr(item, "schema_perm"): schema_view_menu = security_manager.find_view_menu(item.schema_perm) pvs.extend( security_manager.get_session.query( security_manager.permissionview_model ) .filter_by(view_menu=schema_view_menu) .all() ) if self.datamodel.delete(item): self.post_delete(item) for pv in pvs: security_manager.get_session.delete(pv) if view_menu: security_manager.get_session.delete(view_menu) if schema_view_menu: security_manager.get_session.delete(schema_view_menu) security_manager.get_session.commit() flash(*self.datamodel.message) self.update_redirect()
def _delete(self: BaseView, primary_key: int) -> None: """ Delete function logic, override to implement diferent logic deletes the record with primary_key = primary_key :param primary_key: record primary key to delete """ item = self.datamodel.get(primary_key, self._base_filters) if not item: abort(404) try: self.pre_delete(item) except Exception as ex: # pylint: disable=broad-except flash(str(ex), "danger") else: view_menu = security_manager.find_view_menu(item.get_perm()) pvs = (security_manager.get_session.query( security_manager.permissionview_model).filter_by( view_menu=view_menu).all()) if self.datamodel.delete(item): self.post_delete(item) for pv in pvs: security_manager.get_session.delete(pv) if view_menu: security_manager.get_session.delete(view_menu) security_manager.get_session.commit() flash(*self.datamodel.message) self.update_redirect()
def test_sqllab_viz(self): self.login("admin") examples_dbid = get_example_database().id payload = { "chartType": "dist_bar", "datasourceName": f"test_viz_flow_table_{random()}", "schema": "superset", "columns": [ {"is_date": False, "type": "STRING", "name": f"viz_type_{random()}"}, {"is_date": False, "type": "OBJECT", "name": f"ccount_{random()}"}, ], "sql": """\ SELECT * FROM birth_names LIMIT 10""", "dbId": examples_dbid, } data = {"data": json.dumps(payload)} resp = self.get_json_resp("/superset/sqllab_viz/", data=data) self.assertIn("table_id", resp) # ensure owner is set correctly table_id = resp["table_id"] table = db.session.query(SqlaTable).filter_by(id=table_id).one() self.assertEqual([owner.username for owner in table.owners], ["admin"]) view_menu = security_manager.find_view_menu(table.get_perm()) assert view_menu is not None # Cleanup db.session.delete(table) db.session.commit()
def run(self) -> None: self.validate() if not self._models: return None try: DatasetDAO.bulk_delete(self._models) for model in self._models: view_menu = (security_manager.find_view_menu(model.get_perm()) if model else None) if view_menu: permission_views = (db.session.query( security_manager.permissionview_model).filter_by( view_menu=view_menu).all()) for permission_view in permission_views: db.session.delete(permission_view) if view_menu: db.session.delete(view_menu) else: if not view_menu: logger.error( "Could not find the data access permission for the dataset", exc_info=True, ) db.session.commit() return None except DeleteFailedError as ex: logger.exception(ex.exception) raise DatasetBulkDeleteFailedError() from ex
def run(self) -> Model: self.validate() try: dataset = DatasetDAO.delete(self._model, commit=False) view_menu = (security_manager.find_view_menu( self._model.get_perm()) if self._model else None) if view_menu: permission_views = (db.session.query( security_manager.permissionview_model).filter_by( view_menu=view_menu).all()) for permission_view in permission_views: db.session.delete(permission_view) if view_menu: db.session.delete(view_menu) else: if not view_menu: logger.error( "Could not find the data access permission for the dataset", exc_info=True, ) db.session.commit() except (SQLAlchemyError, DAODeleteFailedError) as ex: logger.exception(ex) db.session.rollback() raise DatasetDeleteFailedError() from ex return dataset
def _delete(self, pk): """ Delete function logic, override to implement diferent logic deletes the record with primary_key = pk :param pk: record primary key to delete """ item = self.datamodel.get(pk, self._base_filters) if not item: abort(404) try: self.pre_delete(item) except Exception as e: flash(str(e), 'danger') else: view_menu = security_manager.find_view_menu(item.get_perm()) pvs = security_manager.get_session.query( security_manager.permissionview_model).filter_by( view_menu=view_menu).all() schema_view_menu = None if hasattr(item, 'schema_perm'): schema_view_menu = security_manager.find_view_menu(item.schema_perm) pvs.extend(security_manager.get_session.query( security_manager.permissionview_model).filter_by( view_menu=schema_view_menu).all()) if self.datamodel.delete(item): self.post_delete(item) for pv in pvs: security_manager.get_session.delete(pv) if view_menu: security_manager.get_session.delete(view_menu) if schema_view_menu: security_manager.get_session.delete(schema_view_menu) security_manager.get_session.commit() flash(*self.datamodel.message) self.update_redirect()
def test_sync_druid_perm(self, PyDruid): self.login(username="******") instance = PyDruid.return_value instance.time_boundary.return_value = [{"result": {"maxTime": "2016-01-01"}}] instance.segment_metadata.return_value = SEGMENT_METADATA cluster = ( db.session.query(DruidCluster) .filter_by(cluster_name="test_cluster") .first() ) if cluster: for datasource in ( db.session.query(DruidDatasource).filter_by(cluster_id=cluster.id).all() ): db.session.delete(datasource) db.session.delete(cluster) db.session.commit() cluster = DruidCluster( cluster_name="test_cluster", broker_host="localhost", broker_port=7980, metadata_last_refreshed=datetime.now(), ) db.session.add(cluster) cluster.get_datasources = PickableMock(return_value=["test_datasource"]) cluster.refresh_datasources() cluster.datasources[0].merge_flag = True metadata = cluster.datasources[0].latest_metadata() self.assertEqual(len(metadata), 4) db.session.commit() view_menu_name = cluster.datasources[0].get_perm() view_menu = security_manager.find_view_menu(view_menu_name) permission = security_manager.find_permission("datasource_access") pv = ( security_manager.get_session.query(security_manager.permissionview_model) .filter_by(permission=permission, view_menu=view_menu) .first() ) assert pv is not None
def test_sync_druid_perm(self, PyDruid): self.login(username='******') instance = PyDruid.return_value instance.time_boundary.return_value = [ {'result': {'maxTime': '2016-01-01'}}] instance.segment_metadata.return_value = SEGMENT_METADATA cluster = ( db.session .query(DruidCluster) .filter_by(cluster_name='test_cluster') .first() ) if cluster: db.session.delete(cluster) db.session.commit() cluster = DruidCluster( cluster_name='test_cluster', coordinator_host='localhost', coordinator_port=7979, broker_host='localhost', broker_port=7980, metadata_last_refreshed=datetime.now()) db.session.add(cluster) cluster.get_datasources = PickableMock( return_value=['test_datasource'], ) cluster.refresh_datasources() cluster.datasources[0].merge_flag = True metadata = cluster.datasources[0].latest_metadata() self.assertEqual(len(metadata), 4) db.session.commit() view_menu_name = cluster.datasources[0].get_perm() view_menu = security_manager.find_view_menu(view_menu_name) permission = security_manager.find_permission('datasource_access') pv = security_manager.get_session.query( security_manager.permissionview_model).filter_by( permission=permission, view_menu=view_menu).first() assert pv is not None
def assert_permissions_were_deleted(self, deleted_dashboard): view_menu = security_manager.find_view_menu( deleted_dashboard.view_name) self.assertIsNone(view_menu)
def assert_permission_kept_and_changed(self, updated_dashboard, excepted_view_id): view_menu_after_title_changed = security_manager.find_view_menu( updated_dashboard.view_name) self.assertIsNotNone(view_menu_after_title_changed) self.assertEqual(view_menu_after_title_changed.id, excepted_view_id)
def assert_permission_was_created(self, dashboard): view_menu = security_manager.find_view_menu(dashboard.view_name) self.assertIsNotNone(view_menu) self.assertEqual( len(security_manager.find_permissions_view_menu(view_menu)), 1)
def test_set_perm_sqla_table(self): security_manager.on_view_menu_after_insert = Mock() security_manager.on_permission_view_after_insert = Mock() session = db.session table = SqlaTable( schema="tmp_schema", table_name="tmp_perm_table", database=get_example_database(), ) session.add(table) session.commit() stored_table = (session.query(SqlaTable).filter_by( table_name="tmp_perm_table").one()) self.assertEqual(stored_table.perm, f"[examples].[tmp_perm_table](id:{stored_table.id})") pvm_dataset = security_manager.find_permission_view_menu( "datasource_access", stored_table.perm) pvm_schema = security_manager.find_permission_view_menu( "schema_access", stored_table.schema_perm) self.assertIsNotNone(pvm_dataset) self.assertEqual(stored_table.schema_perm, "[examples].[tmp_schema]") self.assertIsNotNone(pvm_schema) # assert on permission hooks view_menu_dataset = security_manager.find_view_menu( f"[examples].[tmp_perm_table](id:{stored_table.id})") view_menu_schema = security_manager.find_view_menu( f"[examples].[tmp_schema]") security_manager.on_view_menu_after_insert.assert_has_calls([ call(ANY, ANY, view_menu_dataset), call(ANY, ANY, view_menu_schema), ]) security_manager.on_permission_view_after_insert.assert_has_calls([ call(ANY, ANY, pvm_dataset), call(ANY, ANY, pvm_schema), ]) # table name change stored_table.table_name = "tmp_perm_table_v2" session.commit() stored_table = (session.query(SqlaTable).filter_by( table_name="tmp_perm_table_v2").one()) self.assertEqual( stored_table.perm, f"[examples].[tmp_perm_table_v2](id:{stored_table.id})") self.assertIsNotNone( security_manager.find_permission_view_menu("datasource_access", stored_table.perm)) # no changes in schema self.assertEqual(stored_table.schema_perm, "[examples].[tmp_schema]") self.assertIsNotNone( security_manager.find_permission_view_menu( "schema_access", stored_table.schema_perm)) # schema name change stored_table.schema = "tmp_schema_v2" session.commit() stored_table = (session.query(SqlaTable).filter_by( table_name="tmp_perm_table_v2").one()) self.assertEqual( stored_table.perm, f"[examples].[tmp_perm_table_v2](id:{stored_table.id})") self.assertIsNotNone( security_manager.find_permission_view_menu("datasource_access", stored_table.perm)) # no changes in schema self.assertEqual(stored_table.schema_perm, "[examples].[tmp_schema_v2]") self.assertIsNotNone( security_manager.find_permission_view_menu( "schema_access", stored_table.schema_perm)) # database change new_db = Database(sqlalchemy_uri="sqlite://", database_name="tmp_db") session.add(new_db) stored_table.database = (session.query(Database).filter_by( database_name="tmp_db").one()) session.commit() stored_table = (session.query(SqlaTable).filter_by( table_name="tmp_perm_table_v2").one()) self.assertEqual( stored_table.perm, f"[tmp_db].[tmp_perm_table_v2](id:{stored_table.id})") self.assertIsNotNone( security_manager.find_permission_view_menu("datasource_access", stored_table.perm)) # no changes in schema self.assertEqual(stored_table.schema_perm, "[tmp_db].[tmp_schema_v2]") self.assertIsNotNone( security_manager.find_permission_view_menu( "schema_access", stored_table.schema_perm)) # no schema stored_table.schema = None session.commit() stored_table = (session.query(SqlaTable).filter_by( table_name="tmp_perm_table_v2").one()) self.assertEqual( stored_table.perm, f"[tmp_db].[tmp_perm_table_v2](id:{stored_table.id})") self.assertIsNotNone( security_manager.find_permission_view_menu("datasource_access", stored_table.perm)) self.assertIsNone(stored_table.schema_perm) session.delete(new_db) session.delete(stored_table) session.commit()