Add schema level access control on csv upload (#5787)

* Add schema level access control on csv upload * add db migrate merge point * fix flake 8 * fix test * remove unnecessary db migration * fix flake * nit * fix test for test_schemas_access_for_csv_upload_endpoint * fix test_csv_import test * use security_manager to check whether schema is allowed to be accessed * bring security manager to the party * flake8 & repush to retrigger test * address comments * remove trailing comma
2026-04-19 08:04:53 +00:00 · 2018-09-20 11:21:11 -07:00
parent a0e7c176e9
commit b6d7d57c40
11 changed files with 224 additions and 24 deletions
--- a/tests/core_tests.py
+++ b/tests/core_tests.py
@@ -17,6 +17,7 @@ import re
 import string
 import unittest

+import mock
 import pandas as pd
 import psycopg2
 from six import text_type
@@ -697,6 +698,35 @@ class CoreTests(SupersetTestCase):
        self.assertEqual(data['status'], None)
        self.assertEqual(data['error'], None)

+    @mock.patch('superset.security.SupersetSecurityManager.schemas_accessible_by_user')
+    @mock.patch('superset.security.SupersetSecurityManager.database_access')
+    @mock.patch('superset.security.SupersetSecurityManager.all_datasource_access')
+    def test_schemas_access_for_csv_upload_endpoint(self,
+                                                    mock_all_datasource_access,
+                                                    mock_database_access,
+                                                    mock_schemas_accessible):
+        mock_all_datasource_access.return_value = False
+        mock_database_access.return_value = False
+        mock_schemas_accessible.return_value = ['this_schema_is_allowed_too']
+        database_name = 'fake_db_100'
+        db_id = 100
+        extra = """{
+            "schemas_allowed_for_csv_upload":
+            ["this_schema_is_allowed", "this_schema_is_allowed_too"]
+        }"""
+
+        self.login(username='admin')
+        dbobj = self.get_or_create(
+            cls=models.Database,
+            criteria={'database_name': database_name},
+            session=db.session,
+            id=db_id,
+            extra=extra)
+        data = self.get_json_resp(
+            url='/superset/schema_access_for_csv_upload?db_id={db_id}'
+                .format(db_id=dbobj.id))
+        assert data == ['this_schema_is_allowed_too']
+

 if __name__ == '__main__':
    unittest.main()