Programatically sync the role with user list. (#1619)

2026-04-19 08:04:53 +00:00 · 2016-11-21 13:06:43 -05:00
parent 868e5c45fe
commit c90dd4902f
3 changed files with 65 additions and 0 deletions
--- a/superset/security.py
+++ b/superset/security.py
@@ -36,6 +36,7 @@ ADMIN_ONLY_PERMISSIONS = {
    'can_sync_druid_source',
    'can_override_role_permissions',
    'can_approve',
+    'can_update_role',
 }
 READ_ONLY_PERMISSION = {
    'can_show',
--- a/superset/views.py
+++ b/superset/views.py
@@ -1108,6 +1108,22 @@ appbuilder.add_view_no_menu(R)

 class Superset(BaseSupersetView):
    """The base views for Superset!"""
+    @has_access_api
+    @expose("/update_role/", methods=['POST'])
+    def update_role(self):
+        """Assigns a list of found users to the given role."""
+        data = request.get_json(force=True)
+        user_emails = data['user_emails']
+        role_name = data['role_name']
+        role = sm.find_role(role_name)
+        role.user = []
+        for user_email in user_emails:
+            user = sm.find_user(email=user_email)
+            if user:
+                role.user.append(user)
+        db.session.commit()
+        return Response(status=201)
+
    @has_access_api
    @expose("/override_role_permissions/", methods=['POST'])
    def override_role_permissions(self):
--- a/tests/access_tests.py
+++ b/tests/access_tests.py
@@ -348,6 +348,54 @@ class RequestAccessTests(SupersetTestCase):
        gamma_user.roles.remove(sm.find_role('dummy_role'))
        session.commit()

+    def test_update_role_do_not_exist(self):
+        update_role_str = 'update_me'
+        update_role = sm.find_role(update_role_str)
+        if update_role:
+            db.session.delete(update_role)
+        db.session.commit()
+        with self.assertRaises(AttributeError):
+            self.get_resp(
+                '/superset/update_role/',
+                data=json.dumps({
+                    'user_emails': ['gamma@fab.org'],
+                    'role_name': update_role_str,
+                })
+            )
+
+    def test_update_role(self):
+        update_role_str = 'update_me'
+        sm.add_role(update_role_str)
+        db.session.commit()
+        resp = self.client.post(
+            '/superset/update_role/',
+            data=json.dumps({
+                'user_emails': ['gamma@fab.org'],
+                'role_name': update_role_str
+            }),
+            follow_redirects=True
+        )
+        update_role = sm.find_role(update_role_str)
+        self.assertEquals(
+            update_role.user, [sm.find_user(email='gamma@fab.org')])
+        self.assertEquals(resp.status_code, 201)
+
+        resp = self.client.post(
+            '/superset/update_role/',
+            data=json.dumps({
+                'user_emails': ['alpha@fab.org', 'unknown@fab.org'],
+                'role_name': update_role_str
+            }),
+            follow_redirects=True
+        )
+        self.assertEquals(resp.status_code, 201)
+        update_role = sm.find_role(update_role_str)
+        self.assertEquals(
+            update_role.user, [sm.find_user(email='alpha@fab.org')])
+
+        db.session.delete(update_role)
+        db.session.commit()
+

 if __name__ == '__main__':
    unittest.main()