Show only Slices and Dashboards users have access to (#404)

* Introducing more security features * Many to many owners for slices and dashboards * Slices are filtered to only slices that the user has access to * Adding unit tests
2026-04-19 16:14:52 +00:00 · 2016-04-26 16:44:51 -07:00
parent ab64a26b5b
commit b634d03ac3
5 changed files with 205 additions and 42 deletions
--- a/tests/core_tests.py
+++ b/tests/core_tests.py
@@ -32,18 +32,36 @@ class CaravelTestCase(unittest.TestCase):
    def __init__(self, *args, **kwargs):
        super(CaravelTestCase, self).__init__(*args, **kwargs)
        self.client = app.test_client()
-        role_admin = appbuilder.sm.find_role('Admin')
-        user = appbuilder.sm.find_user('admin')
-        if not user:
+
+        utils.init(caravel)
+        admin = appbuilder.sm.find_user('admin')
+        if not admin:
            appbuilder.sm.add_user(
                'admin', 'admin',' user', 'admin@fab.org',
-                role_admin, 'general')
+                appbuilder.sm.find_role('Admin'),
+                password='general')

-    def login(self):
-        self.client.post(
+        gamma = appbuilder.sm.find_user('gamma')
+        if not gamma:
+            appbuilder.sm.add_user(
+                'gamma', 'gamma', 'user', 'gamma@fab.org',
+                appbuilder.sm.find_role('Gamma'),
+                password='general')
+        utils.init(caravel)
+
+    def login_admin(self):
+        resp = self.client.post(
            '/login/',
            data=dict(username='admin', password='general'),
            follow_redirects=True)
+        assert 'Welcome' in resp.data.decode('utf-8')
+
+    def login_gamma(self):
+        resp = self.client.post(
+            '/login/',
+            data=dict(username='gamma', password='general'),
+            follow_redirects=True)
+        assert 'Welcome' in resp.data.decode('utf-8')


 class CoreTests(CaravelTestCase):
@@ -55,7 +73,6 @@ class CoreTests(CaravelTestCase):
            .query(models.SqlaTable)
            .all()
        )}
-        utils.init(caravel)
        self.load_examples()

    def setUp(self):
@@ -68,9 +85,13 @@ class CoreTests(CaravelTestCase):
        cli.load_examples(sample=True)

    def test_save_slice(self):
-        self.login()
+        self.login_admin()
+
+        slice_id = (
+            db.session.query(models.Slice.id)
+            .filter_by(slice_name="Energy Sankey")
+            .scalar())

-        slice_id = db.session.query(models.Slice.id).filter_by(slice_name="Energy Sankey").scalar()
        copy_name = "Test Sankey Save"
        tbl_id = self.table_ids.get('energy_usage')
        url = "/caravel/explore/table/{}/?viz_type=sankey&groupby=source&groupby=target&metric=sum__value&row_limit=5000&where=&having=&flt_col_0=source&flt_op_0=in&flt_eq_0=&slice_id={}&slice_name={}&collapsed_fieldsets=&action={}&datasource_name=energy_usage&datasource_id=1&datasource_type=table&previous_viz_type=sankey"
@@ -87,7 +108,7 @@ class CoreTests(CaravelTestCase):

    def test_slices(self):
        # Testing by running all the examples
-        self.login()
+        self.login_admin()
        Slc = models.Slice
        urls = []
        for slc in db.session.query(Slc).all():
@@ -99,7 +120,7 @@ class CoreTests(CaravelTestCase):
            self.client.get(url)

    def test_dashboard(self):
-        self.login()
+        self.login_admin()
        urls = {}
        for dash in db.session.query(models.Dashboard).all():
            urls[dash.dashboard_title] = dash.url
@@ -118,19 +139,28 @@ class CoreTests(CaravelTestCase):
        assert self.client.get('/ping').data.decode('utf-8') == "OK"

    def test_shortner(self):
-        self.login()
+        self.login_admin()
        data = "//caravel/explore/table/1/?viz_type=sankey&groupby=source&groupby=target&metric=sum__value&row_limit=5000&where=&having=&flt_col_0=source&flt_op_0=in&flt_eq_0=&slice_id=78&slice_name=Energy+Sankey&collapsed_fieldsets=&action=&datasource_name=energy_usage&datasource_id=1&datasource_type=table&previous_viz_type=sankey"
        resp = self.client.post('/r/shortner/', data=data)
        assert '/r/' in resp.data.decode('utf-8')

    def test_save_dash(self):
-        self.login()
+        self.login_admin()
        dash = db.session.query(models.Dashboard).filter_by(slug="births").first()
        data = """{"positions":[{"slice_id":"131","col":8,"row":8,"size_x":2,"size_y":4},{"slice_id":"132","col":10,"row":8,"size_x":2,"size_y":4},{"slice_id":"133","col":1,"row":1,"size_x":2,"size_y":2},{"slice_id":"134","col":3,"row":1,"size_x":2,"size_y":2},{"slice_id":"135","col":5,"row":4,"size_x":3,"size_y":3},{"slice_id":"136","col":1,"row":7,"size_x":7,"size_y":4},{"slice_id":"137","col":9,"row":1,"size_x":3,"size_y":3},{"slice_id":"138","col":5,"row":1,"size_x":4,"size_y":3},{"slice_id":"139","col":1,"row":3,"size_x":4,"size_y":4},{"slice_id":"140","col":8,"row":4,"size_x":4,"size_y":4}],"css":"None","expanded_slices":{}}"""
        url = '/caravel/save_dash/{}/'.format(dash.id)
        resp = self.client.post(url, data=dict(data=data))
        assert "SUCCESS" in resp.data.decode('utf-8')

+    def test_gamma(self):
+        self.login_gamma()
+        resp = self.client.get('/slicemodelview/list/')
+        print(resp.data.decode('utf-8'))
+        assert "List Slice" in resp.data.decode('utf-8')
+
+        resp = self.client.get('/dashboardmodelview/list/')
+        assert "List Dashboard" in resp.data.decode('utf-8')
+

 SEGMENT_METADATA = [{
  "id": "some_id",
@@ -188,7 +218,7 @@ class DruidTests(CaravelTestCase):

    @patch('caravel.models.PyDruid')
    def test_client(self, PyDruid):
-        self.login()
+        self.login_admin()
        instance = PyDruid.return_value
        instance.time_boundary.return_value = [
            {'result': {'maxTime': '2016-01-01'}}]