refactor(api): csrf token on the new REST API (#13212)

* refactor(api): csrf token on the new REST API * improve OpenAPI spec description * fix test * remove public role like has default for all tests * fix test
2026-04-19 16:14:52 +00:00 · 2021-02-23 09:50:22 +00:00
parent e37c2bf8fd
commit 9e2455aab7
12 changed files with 200 additions and 20 deletions
--- a/tests/dashboard_tests.py
+++ b/tests/dashboard_tests.py
@@ -20,20 +20,21 @@ from datetime import datetime
 import json
 import unittest
 from random import random
-from tests.fixtures.birth_names_dashboard import load_birth_names_dashboard_with_slices

 import pytest
 from flask import escape, url_for
 from sqlalchemy import func

-from tests.fixtures.unicode_dashboard import load_unicode_dashboard_with_position
 from tests.test_app import app
 from superset import db, security_manager
 from superset.connectors.sqla.models import SqlaTable
 from superset.models import core as models
 from superset.models.dashboard import Dashboard
 from superset.models.slice import Slice
+from tests.fixtures.birth_names_dashboard import load_birth_names_dashboard_with_slices
 from tests.fixtures.energy_dashboard import load_energy_table_with_slice
+from tests.fixtures.public_role import public_role_like_gamma
+from tests.fixtures.unicode_dashboard import load_unicode_dashboard_with_position
 from tests.fixtures.world_bank_dashboard import load_world_bank_dashboard_with_slices

 from .base_tests import SupersetTestCase
@@ -378,6 +379,7 @@ class TestDashboard(SupersetTestCase):
        self.assertEqual(len(data["slices"]), origin_slices_length - 1)

    @pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_public_user_dashboard_access(self):
        table = db.session.query(SqlaTable).filter_by(table_name="birth_names").one()

@@ -419,6 +421,7 @@ class TestDashboard(SupersetTestCase):
        self.revoke_public_access_to_table(table)

    @pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_dashboard_with_created_by_can_be_accessed_by_public_users(self):
        self.logout()
        table = db.session.query(SqlaTable).filter_by(table_name="birth_names").one()
@@ -455,6 +458,7 @@ class TestDashboard(SupersetTestCase):

    @pytest.mark.usefixtures("load_energy_table_with_slice", "load_dashboard")
    def test_users_can_view_published_dashboard(self):
+        self.login("alpha")
        resp = self.get_resp("/api/v1/dashboard/")
        self.assertNotIn(f"/superset/dashboard/{pytest.hidden_dash_slug}/", resp)
        self.assertIn(f"/superset/dashboard/{pytest.published_dash_slug}/", resp)