refactor: remove obsolete Flask flash messaging system (#35237)

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-19 08:04:53 +00:00 · 2025-09-25 00:05:16 -07:00
parent 927cc1cda1
commit abc2d46fed
19 changed files with 85 additions and 274 deletions
--- a/tests/integration_tests/dashboards/security/security_rbac_tests.py
+++ b/tests/integration_tests/dashboards/security/security_rbac_tests.py
@@ -108,7 +108,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):

        # act
        response = self.get_dashboard_view_response(dashboard_to_access)
-        assert response.status_code == 302
+        assert response.status_code == 404

        request_payload = get_query_context("birth_names")
        rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
@@ -129,7 +129,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        response = self.get_dashboard_view_response(dashboard_to_access)

        # assert
-        assert response.status_code == 302
+        assert response.status_code == 404

        # post
        revoke_access_to_dashboard(dashboard_to_access, new_role)  # noqa: F405
@@ -147,9 +147,9 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        dashboard = create_dashboard_to_db(published=True, slices=[slice])
        self.login(GAMMA_USERNAME)

-        # assert redirect on regular rbac access denied
+        # assert 404 on regular rbac access denied (prevents information leakage)
        response = self.get_dashboard_view_response(dashboard)
-        assert response.status_code == 302
+        assert response.status_code == 404

        request_payload = get_query_context("birth_names")
        rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data")
@@ -221,7 +221,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        response = self.get_dashboard_view_response(dashboard_to_access)

        # assert
-        assert response.status_code == 302
+        assert response.status_code == 404

    @pytest.mark.usefixtures("public_role_like_gamma")
    def test_get_dashboard_view__public_user_with_dashboard_permission_can_not_access_draft(  # noqa: E501
@@ -234,7 +234,7 @@ class TestDashboardRoleBasedSecurity(BaseTestDashboardSecurity):
        response = self.get_dashboard_view_response(dashboard_to_access)

        # assert
-        assert response.status_code == 302
+        assert response.status_code == 404

        # post
        revoke_access_to_dashboard(dashboard_to_access, "Public")  # noqa: F405