QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-19 08:04:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(dashboard-rbac): use normal rbac when no roles chosen (#23586)

Browse Source
This commit is contained in:
Ville Brofeldt
2023-04-07 09:53:35 +03:00
committed by GitHub
parent 8f0328006b
commit a8230336ff
8 changed files with 107 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
tests/integration_tests/dashboards/security/security_rbac_tests.py
View File

@@ -91,13 +91,11 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
# act
response = self.get_dashboard_view_response(dashboard_to_access)
assert response.status_code == 302
request_payload = get_query_context("birth_names")
rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
self.assertEqual(rv.status_code, 403)
# assert
self.assert403(response)
assert rv.status_code == 403
def test_get_dashboard_view__user_with_dashboard_permission_can_not_access_draft(
self,
@@ -114,11 +112,57 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
response = self.get_dashboard_view_response(dashboard_to_access)
# assert
self.assert403(response)
assert response.status_code == 302
# post
revoke_access_to_dashboard(dashboard_to_access, new_role)
@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
def test_get_dashboard_view__user_no_access_regular_rbac(self):
if backend() == "hive":
return
slice = (
db.session.query(Slice)
.filter_by(slice_name="Girl Name Cloud")
.one_or_none()
)
dashboard = create_dashboard_to_db(published=True, slices=[slice])
self.login("gamma")
# assert redirect on regular rbac access denied
response = self.get_dashboard_view_response(dashboard)
assert response.status_code == 302
request_payload = get_query_context("birth_names")
rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
assert rv.status_code == 403
db.session.delete(dashboard)
db.session.commit()
@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
def test_get_dashboard_view__user_access_regular_rbac(self):
if backend() == "hive":
return
slice = (
db.session.query(Slice)
.filter_by(slice_name="Girl Name Cloud")
.one_or_none()
)
dashboard = create_dashboard_to_db(published=True, slices=[slice])
self.login("gamma_sqllab")
response = self.get_dashboard_view_response(dashboard)
assert response.status_code == 200
request_payload = get_query_context("birth_names")
rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
assert rv.status_code == 200
db.session.delete(dashboard)
db.session.commit()
@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
def test_get_dashboard_view__user_access_with_dashboard_permission(self):
if backend() == "hive":
@@ -155,13 +199,14 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
@pytest.mark.usefixtures("public_role_like_gamma")
def test_get_dashboard_view__public_user_can_not_access_without_permission(self):
dashboard_to_access = create_dashboard_to_db(published=True)
grant_access_to_dashboard(dashboard_to_access, "Alpha")
self.logout()
# act
response = self.get_dashboard_view_response(dashboard_to_access)
# assert
self.assert403(response)
assert response.status_code == 302
@pytest.mark.usefixtures("public_role_like_gamma")
def test_get_dashboard_view__public_user_with_dashboard_permission_can_not_access_draft(
@@ -175,7 +220,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
response = self.get_dashboard_view_response(dashboard_to_access)
# assert
self.assert403(response)
assert response.status_code == 302
# post
revoke_access_to_dashboard(dashboard_to_access, "Public")