[API] Deprecate /update_role/ API endpoint (#4041)

superset/views/core.py

@@ -735,58 +735,6 @@ appbuilder.add_view_no_menu(R)
 
 class Superset(BaseSupersetView):
     """The base views for Superset!"""
-    @api
-    @has_access_api
-    @expose('/update_role/', methods=['POST'])
-    def update_role(self):
-        """Assigns a list of found users to the given role."""
-        data = request.get_json(force=True)
-        gamma_role = sm.find_role('Gamma')
-
-        username_set = set()
-        user_data_dict = {}
-        for user_data in data['users']:
-            username = user_data['username']
-            if not username:
-                continue
-            user_data_dict[username] = user_data
-            username_set.add(username)
-
-        existing_users = db.session.query(sm.user_model).filter(
-            sm.user_model.username.in_(username_set)).all()
-        missing_users = username_set.difference(
-            set([u.username for u in existing_users]))
-        logging.info('Missing users: {}'.format(missing_users))
-
-        created_users = []
-        for username in missing_users:
-            user_data = user_data_dict[username]
-            user = sm.find_user(email=user_data['email'])
-            if not user:
-                logging.info('Adding user: {}.'.format(user_data))
-                sm.add_user(
-                    username=user_data['username'],
-                    first_name=user_data['first_name'],
-                    last_name=user_data['last_name'],
-                    email=user_data['email'],
-                    role=gamma_role,
-                )
-                sm.get_session.commit()
-                user = sm.find_user(username=user_data['username'])
-            existing_users.append(user)
-            created_users.append(user.username)
-
-        role_name = data['role_name']
-        role = sm.find_role(role_name)
-        role.user = existing_users
-        sm.get_session.commit()
-        return self.json_response({
-            'role': role_name,
-            '# missing users': len(missing_users),
-            '# granted': len(existing_users),
-            'created_users': created_users,
-        }, status=201)
-
     def json_response(self, obj, status=200):
         return Response(
             json.dumps(obj, default=utils.json_int_dttm_ser),

tests/access_tests.py

@@ -520,79 +520,6 @@ class RequestAccessTests(SupersetTestCase):
         gamma_user.roles.remove(sm.find_role('dummy_role'))
         session.commit()
 
-    def test_update_role_do_not_exist(self):
-        update_role_str = 'update_me'
-        update_role = sm.find_role(update_role_str)
-        if update_role:
-            db.session.delete(update_role)
-        db.session.commit()
-        data = json.dumps({
-            'users': [{
-                'username': 'gamma',
-                'first_name': 'Gamma',
-                'last_name': 'Gamma',
-                'email': 'gamma@superset.com',
-            }],
-            'role_name': update_role_str})
-        r = self.client.post('/superset/update_role/', data=data,
-                             follow_redirects=True)
-        self.assertEquals(500, r.status_code)
-
-    def test_update_role(self):
-        update_role_str = 'update_me'
-        sm.add_role(update_role_str)
-        db.session.commit()
-        resp = self.client.post(
-            '/superset/update_role/',
-            data=json.dumps({
-                'users': [{
-                    'username': 'gamma',
-                    'first_name': 'Gamma',
-                    'last_name': 'Gamma',
-                    'email': 'gamma@superset.com',
-                }],
-                'role_name': update_role_str,
-            }),
-            follow_redirects=True,
-        )
-        update_role = sm.find_role(update_role_str)
-        self.assertEquals(
-            update_role.user, [sm.find_user(username='gamma')])
-        self.assertEquals(resp.status_code, 201)
-
-        resp = self.client.post(
-            '/superset/update_role/',
-            data=json.dumps({
-                'users': [{
-                    'username': 'alpha',
-                    'first_name': 'Alpha',
-                    'last_name': 'Alpha',
-                    'email': 'alpha@superset.com',
-                }, {
-                    'username': 'unknown',
-                    'first_name': 'Unknown1',
-                    'last_name': 'Unknown2',
-                    'email': 'unknown@superset.com',
-                }],
-                'role_name': update_role_str,
-            }),
-            follow_redirects=True,
-        )
-        self.assertEquals(resp.status_code, 201)
-        update_role = sm.find_role(update_role_str)
-        self.assertEquals(
-            update_role.user, [
-                sm.find_user(username='alpha'),
-                sm.find_user(username='unknown'),
-            ])
-        unknown = sm.find_user(username='unknown')
-        self.assertEquals('Unknown2', unknown.last_name)
-        self.assertEquals('Unknown1', unknown.first_name)
-        self.assertEquals('unknown@superset.com', unknown.email)
-        db.session.delete(update_role)
-        db.session.delete(unknown)
-        db.session.commit()
-
 
 if __name__ == '__main__':
     unittest.main()

tests/security_tests.py

@@ -94,7 +94,6 @@ class RolePermissionTests(SupersetTestCase):
         self.assertIn(('can_sync_druid_source', 'Superset'), perm_set)
         self.assertIn(('can_override_role_permissions', 'Superset'), perm_set)
         self.assertIn(('can_approve', 'Superset'), perm_set)
-        self.assertIn(('can_update_role', 'Superset'), perm_set)
 
     def test_is_admin_only(self):
         self.assertFalse(security.is_admin_only(