refactor(api): csrf token on the new REST API (#13212)

* refactor(api): csrf token on the new REST API * improve OpenAPI spec description * fix test * remove public role like has default for all tests * fix test
2026-04-19 08:04:53 +00:00 · 2021-02-23 09:50:22 +00:00
parent e37c2bf8fd
commit 9e2455aab7
12 changed files with 200 additions and 20 deletions
--- a/tests/dashboards/security/security_rbac_tests.py
+++ b/tests/dashboards/security/security_rbac_tests.py
@@ -17,6 +17,8 @@
 """Unit tests for Superset"""
 from unittest import mock

+import pytest
+
 from tests.dashboards.dashboard_test_utils import *
 from tests.dashboards.security.base_case import BaseTestDashboardSecurity
 from tests.dashboards.superset_factory_util import (
@@ -25,6 +27,7 @@ from tests.dashboards.superset_factory_util import (
    create_datasource_table_to_db,
    create_slice_to_db,
 )
+from tests.fixtures.public_role import public_role_like_gamma


@mock.patch.dict(
@@ -117,6 +120,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        # post
        revoke_access_to_dashboard(dashboard_to_access, new_role)

+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboard_view__public_user_can_not_access_without_permission(self):
        dashboard_to_access = create_dashboard_to_db(published=True)
        self.logout()
@@ -127,6 +131,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        # assert
        self.assert403(response)

+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboard_view__public_user_with_dashboard_permission_can_not_access_draft(
        self,
    ):
@@ -143,6 +148,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        # post
        revoke_access_to_dashboard(dashboard_to_access, "Public")

+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboard_view__public_user_access_with_dashboard_permission(self):
        # arrange
        dashboard_to_access = create_dashboard_to_db(
@@ -267,6 +273,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        self.login(username)
        return new_role, draft_dashboards, published_dashboards

+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboards_list__public_user_without_any_permissions_get_empty_list(
        self,
    ):
@@ -278,6 +285,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        # assert
        self.assert_dashboards_list_view_response(response, 0)

+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboards_list__public_user_get_only_published_permitted_dashboards(
        self,
    ):
@@ -370,6 +378,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        for dash in published_dashboards + draft_dashboards:
            revoke_access_to_dashboard(dash, new_role)

+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboards_api__public_user_without_any_permissions_get_empty_list(
        self,
    ):
@@ -382,6 +391,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        # assert
        self.assert_dashboards_api_response(response, 0)

+    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboards_api__public_user_get_only_published_permitted_dashboards(
        self,
    ):