fix(dashboard): draft dashboards should be viewable (#14207)

* fix(dashboard): draft dashboards should have open access

* Remove a duplicate test

tests/dashboards/api_tests.py

@@ -190,11 +190,14 @@ class TestDashboardApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixi
         self.assertEqual(response.status_code, 404)
 
     @pytest.mark.usefixtures("load_world_bank_dashboard_with_slices")
-    def test_get_dashboard_datasets_not_allowed(self):
+    def test_get_draft_dashboard_datasets(self):
+        """
+        All users should have access to dashboards without roles
+        """
         self.login(username="gamma")
         uri = "api/v1/dashboard/world_health/datasets"
         response = self.get_assert_metric(uri, "get_datasets")
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 200)
 
     @pytest.mark.usefixtures("create_dashboards")
     def get_dashboard_by_slug(self):
@@ -215,12 +218,15 @@ class TestDashboardApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixi
         self.assertEqual(response.status_code, 404)
 
     @pytest.mark.usefixtures("create_dashboards")
-    def get_dashboard_by_slug_not_allowed(self):
+    def get_draft_dashboard_by_slug(self):
+        """
+        All users should have access to dashboards without roles
+        """
         self.login(username="gamma")
         dashboard = self.dashboards[0]
         uri = f"api/v1/dashboard/{dashboard.slug}"
         response = self.get_assert_metric(uri, "get")
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 200)
 
     @pytest.mark.usefixtures("create_dashboards")
     def test_get_dashboard_charts(self):
@@ -266,15 +272,15 @@ class TestDashboardApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixi
         self.assertEqual(response.status_code, 404)
 
     @pytest.mark.usefixtures("create_dashboards")
-    def test_get_dashboard_charts_not_allowed(self):
+    def test_get_draft_dashboard_charts(self):
         """
-        Dashboard API: Test getting charts on a dashboard a user does not have access to
+        All users should have access to draft dashboards without roles
         """
         self.login(username="gamma")
         dashboard = self.dashboards[0]
         uri = f"api/v1/dashboard/{dashboard.id}/charts"
         response = self.get_assert_metric(uri, "get_charts")
-        self.assertEqual(response.status_code, 404)
+        assert response.status_code == 200
 
     @pytest.mark.usefixtures("create_dashboards")
     def test_get_dashboard_charts_empty(self):
@@ -382,7 +388,7 @@ class TestDashboardApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixi
         self.login(username="gamma")
         uri = f"api/v1/dashboard/{dashboard.id}"
         rv = self.client.get(uri)
-        self.assertEqual(rv.status_code, 404)
+        self.assertEqual(rv.status_code, 200)
         # rollback changes
         db.session.delete(dashboard)
         db.session.commit()

tests/dashboards/security/security_dataset_tests.py

@@ -208,20 +208,6 @@ class TestDashboardDatasetSecurity(DashboardTestCase):
         finally:
             self.revoke_public_access_to_table(accessed_table)
 
-    def test_get_dashboard_api_no_data_access(self):
-        """
-        Dashboard API: Test get dashboard without data access
-        """
-        admin = self.get_user("admin")
-        dashboard = create_dashboard_to_db(
-            random_title(), random_slug(), owners=[admin]
-        )
-
-        self.login(username="gamma")
-        uri = DASHBOARD_API_URL_FORMAT.format(dashboard.id)
-        rv = self.client.get(uri)
-        self.assert404(rv)
-
     def test_get_dashboards_api_no_data_access(self):
         """
         Dashboard API: Test get dashboards no data access