Make edit / add / delete perms available to all users. (#1722)

* Make edit / add / delete perms available to all users. * Add tests and restrict from editing the datasources.
2026-04-19 08:04:53 +00:00 · 2016-11-30 17:05:09 -05:00
parent 32fc0ff6d0
commit e822d5a1b7
2 changed files with 90 additions and 24 deletions
--- a/tests/base_tests.py
+++ b/tests/base_tests.py
@@ -25,10 +25,10 @@ class SupersetTestCase(unittest.TestCase):

    def __init__(self, *args, **kwargs):
        if (
-                self.requires_examples and
-                not os.environ.get('SOLO_TEST') and
-                not os.environ.get('examples_loaded')
-            ):
+                        self.requires_examples and
+                        not os.environ.get('SOLO_TEST') and
+                    not os.environ.get('examples_loaded')
+        ):
            logging.info("Loading examples")
            cli.load_examples(load_test_data=True)
            logging.info("Done loading examples")
@@ -95,7 +95,6 @@ class SupersetTestCase(unittest.TestCase):
            session.add(druid_datasource2)
            session.commit()

-
    def get_or_create(self, cls, criteria, session):
        obj = session.query(cls).filter_by(**criteria).first()
        if not obj:
@@ -118,8 +117,8 @@ class SupersetTestCase(unittest.TestCase):
        session = db.create_scoped_session()
        query = (
            session.query(models.Query)
-            .order_by(models.Query.id.desc())
-            .first()
+                .order_by(models.Query.id.desc())
+                .first()
        )
        session.close()
        return query
@@ -127,8 +126,8 @@ class SupersetTestCase(unittest.TestCase):
    def get_slice(self, slice_name, session):
        slc = (
            session.query(models.Slice)
-            .filter_by(slice_name=slice_name)
-            .one()
+                .filter_by(slice_name=slice_name)
+                .one()
        )
        session.expunge_all()
        return slc
@@ -159,21 +158,21 @@ class SupersetTestCase(unittest.TestCase):
    def get_main_database(self, session):
        return (
            db.session.query(models.Database)
-            .filter_by(database_name='main')
-            .first()
+                .filter_by(database_name='main')
+                .first()
        )

    def get_access_requests(self, username, ds_type, ds_id):
-            DAR = models.DatasourceAccessRequest
-            return (
-                db.session.query(DAR)
+        DAR = models.DatasourceAccessRequest
+        return (
+            db.session.query(DAR)
                .filter(
-                    DAR.created_by == sm.find_user(username=username),
-                    DAR.datasource_type == ds_type,
-                    DAR.datasource_id == ds_id,
+                DAR.created_by == sm.find_user(username=username),
+                DAR.datasource_type == ds_type,
+                DAR.datasource_id == ds_id,
                )
                .first()
-            )
+        )

    def logout(self):
        self.client.get('/logout/', follow_redirects=True)
@@ -205,3 +204,56 @@ class SupersetTestCase(unittest.TestCase):
                      client_id=client_id),
        )
        return resp
+
+    def test_gamma_permissions(self):
+        def assert_can_read(view_menu):
+            self.assertIn(('can_show', view_menu), gamma_perm_set)
+            self.assertIn(('can_list', view_menu), gamma_perm_set)
+
+        def assert_can_write(view_menu):
+            self.assertIn(('can_add', view_menu), gamma_perm_set)
+            self.assertIn(('can_download', view_menu), gamma_perm_set)
+            self.assertIn(('can_delete', view_menu), gamma_perm_set)
+            self.assertIn(('can_edit', view_menu), gamma_perm_set)
+
+        def assert_cannot_write(view_menu):
+            self.assertNotIn(('can_add', view_menu), gamma_perm_set)
+            self.assertNotIn(('can_download', view_menu), gamma_perm_set)
+            self.assertNotIn(('can_delete', view_menu), gamma_perm_set)
+            self.assertNotIn(('can_edit', view_menu), gamma_perm_set)
+            self.assertNotIn(('can_save', view_menu), gamma_perm_set)
+
+        def assert_can_all(view_menu):
+            assert_can_read(view_menu)
+            assert_can_write(view_menu)
+
+        gamma_perm_set = set()
+        for perm in sm.find_role('Gamma').permissions:
+            gamma_perm_set.add((perm.permission.name, perm.view_menu.name))
+
+        # check read only perms
+        assert_can_read('TableModelView')
+        assert_cannot_write('DruidColumnInlineView')
+
+        # make sure that user can create slices and dashboards
+        assert_can_all('SliceModelView')
+        assert_can_all('DashboardModelView')
+
+        self.assertIn(('can_add_slices', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_copy_dash', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_activity_per_day', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_created_dashboards', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_created_slices', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_csv', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_dashboard', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_explore', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_explore_json', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_fave_dashboards', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_fave_slices', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_save_dash', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_slice', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_update_explore', 'Superset'), gamma_perm_set)
+
+
+
+