def test_public_sync_role_data_perms(self): """ Security: Tests if the sync role method preserves data access permissions if they already exist on a public role. Also check that non data access permissions are removed """ table = db.session.query(SqlaTable).filter_by( table_name="birth_names").one() self.grant_public_access_to_table(table) public_role = security_manager.get_public_role() unwanted_pvm = security_manager.find_permission_view_menu( "menu_access", "Security") public_role.permissions.append(unwanted_pvm) db.session.commit() security_manager.sync_role_definitions() public_role = security_manager.get_public_role() public_role_resource_names = [ permission.view_menu.name for permission in public_role.permissions ] assert table.get_perm() in public_role_resource_names assert "Security" not in public_role_resource_names # Cleanup self.revoke_public_access_to_table(table)
def test_public_sync_role_builtin_perms(self): """ Security: Tests public role creation based on a builtin role """ public_role = security_manager.get_public_role() public_role_resource_names = [[ permission.view_menu.name, permission.permission.name ] for permission in public_role.permissions] for pvm in current_app.config["FAB_ROLES"]["TestRole"]: assert pvm in public_role_resource_names
def test_get_anonymous_roles(self, mock_g): mock_g.user = security_manager.get_anonymous_user() roles = security_manager.get_user_roles() self.assertEqual([security_manager.get_public_role()], roles)
def get_user_roles() -> List[Role]: if g.user.is_anonymous: public_role = conf.get("AUTH_ROLE_PUBLIC") return [security_manager.get_public_role()] if public_role else [] return g.user.roles