fix: Address dashboard permission regression in #23586 (#24350)

tests/integration_tests/dashboards/api_tests.py

@@ -19,7 +19,6 @@
 import json
 from io import BytesIO
 from time import sleep
-from typing import Optional
 from unittest.mock import ANY, patch
 from zipfile import is_zipfile, ZipFile
 
@@ -77,48 +76,6 @@ class TestDashboardApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixi
         "published": False,
     }
 
-    def insert_dashboard(
-        self,
-        dashboard_title: str,
-        slug: Optional[str],
-        owners: list[int],
-        roles: list[int] = [],
-        created_by=None,
-        slices: Optional[list[Slice]] = None,
-        position_json: str = "",
-        css: str = "",
-        json_metadata: str = "",
-        published: bool = False,
-        certified_by: Optional[str] = None,
-        certification_details: Optional[str] = None,
-    ) -> Dashboard:
-        obj_owners = list()
-        obj_roles = list()
-        slices = slices or []
-        for owner in owners:
-            user = db.session.query(security_manager.user_model).get(owner)
-            obj_owners.append(user)
-        for role in roles:
-            role_obj = db.session.query(security_manager.role_model).get(role)
-            obj_roles.append(role_obj)
-        dashboard = Dashboard(
-            dashboard_title=dashboard_title,
-            slug=slug,
-            owners=obj_owners,
-            roles=obj_roles,
-            position_json=position_json,
-            css=css,
-            json_metadata=json_metadata,
-            slices=slices,
-            published=published,
-            created_by=created_by,
-            certified_by=certified_by,
-            certification_details=certification_details,
-        )
-        db.session.add(dashboard)
-        db.session.commit()
-        return dashboard
-
     @pytest.fixture()
     def create_dashboards(self):
         with self.create_app().app_context():
@@ -507,43 +464,6 @@ class TestDashboardApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixi
         db.session.delete(dashboard)
         db.session.commit()
 
-    def test_get_draft_dashboard_without_roles_by_uuid(self):
-        """
-        Dashboard API: Test get draft dashboard without roles by uuid
-        """
-        admin = self.get_user("admin")
-        dashboard = self.insert_dashboard("title", "slug1", [admin.id])
-        assert not dashboard.published
-        assert dashboard.roles == []
-
-        self.login(username="gamma")
-        uri = f"api/v1/dashboard/{dashboard.uuid}"
-        rv = self.client.get(uri)
-        assert rv.status_code == 200
-        # rollback changes
-        db.session.delete(dashboard)
-        db.session.commit()
-
-    def test_cannot_get_draft_dashboard_with_roles_by_uuid(self):
-        """
-        Dashboard API: Test get dashboard by uuid
-        """
-        admin = self.get_user("admin")
-        admin_role = self.get_role("Admin")
-        dashboard = self.insert_dashboard(
-            "title", "slug1", [admin.id], roles=[admin_role.id]
-        )
-        assert not dashboard.published
-        assert dashboard.roles == [admin_role]
-
-        self.login(username="gamma")
-        uri = f"api/v1/dashboard/{dashboard.uuid}"
-        rv = self.client.get(uri)
-        assert rv.status_code == 403
-        # rollback changes
-        db.session.delete(dashboard)
-        db.session.commit()
-
     def test_get_dashboards_changed_on(self):
         """
         Dashboard API: Test get dashboards changed on