fix: dashboard, chart and dataset import validation (#32500)

2026-04-23 10:04:45 +00:00 · 2025-03-05 08:47:49 +00:00
parent d8686c2d12
commit fc844d3dfd
6 changed files with 171 additions and 7 deletions
--- a/tests/unit_tests/dashboards/commands/importers/v1/import_test.py
+++ b/tests/unit_tests/dashboards/commands/importers/v1/import_test.py
@@ -122,7 +122,7 @@ def test_import_dashboard_without_permission(
    mock_can_access.assert_called_once_with("can_write", "Dashboard")


-def test_import_existing_dashboard_without_permission(
+def test_import_existing_dashboard_without_access_permission(
    mocker: MockerFixture,
    session_with_data: Session,
 ) -> None:
@@ -142,7 +142,56 @@ def test_import_existing_dashboard_without_permission(
        .one_or_none()
    )

-    with override_user("admin"):
+    admin = User(
+        first_name="Alice",
+        last_name="Doe",
+        email="adoe@example.org",
+        username="admin",
+        roles=[Role(name="Admin")],
+    )
+
+    with override_user(admin):
+        with pytest.raises(ImportFailedError) as excinfo:
+            import_dashboard(dashboard_config, overwrite=True)
+        assert (
+            str(excinfo.value)
+            == "A dashboard already exists and user doesn't have permissions to overwrite it"  # noqa: E501
+        )
+
+    # Assert that the can write to dashboard was checked
+    mock_can_access.assert_called_once_with("can_write", "Dashboard")
+    mock_can_access_dashboard.assert_called_once_with(dashboard)
+
+
+def test_import_existing_dashboard_without_owner_permission(
+    mocker: MockerFixture,
+    session_with_data: Session,
+) -> None:
+    """
+    Test importing a dashboard when a user doesn't have ownership and is not an Admin.
+    """
+    mock_can_access = mocker.patch.object(
+        security_manager, "can_access", return_value=True
+    )
+    mock_can_access_dashboard = mocker.patch.object(
+        security_manager, "can_access_dashboard", return_value=True
+    )
+
+    dashboard = (
+        session_with_data.query(Dashboard)
+        .filter(Dashboard.uuid == dashboard_config["uuid"])
+        .one_or_none()
+    )
+
+    user = User(
+        first_name="Alice",
+        last_name="Doe",
+        email="adoe@example.org",
+        username="admin",
+        roles=[Role(name="Gamma")],
+    )
+
+    with override_user(user):
        with pytest.raises(ImportFailedError) as excinfo:
            import_dashboard(dashboard_config, overwrite=True)
        assert (