QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-19 08:04:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "chore: Cleanup database sessions (#10427)" (#10537)

Browse Source 
This reverts commit 7645fc85c3.
This commit is contained in:
Erik Ritter
2020-08-06 15:33:48 -07:00
committed by GitHub
parent 2055ecc1ba
commit fd2d1c58c5
39 changed files with 637 additions and 488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
tests/security_tests.py
View File

@@ -69,8 +69,9 @@ class TestRolePermission(SupersetTestCase):
"""Testing export role permissions."""
def setUp(self):
session = db.session
security_manager.add_role(SCHEMA_ACCESS_ROLE)
db.session.commit()
session.commit()
ds = (
db.session.query(SqlaTable)
@@ -81,7 +82,7 @@ class TestRolePermission(SupersetTestCase):
ds.schema_perm = ds.get_schema_perm()
ds_slices = (
db.session.query(Slice)
session.query(Slice)
.filter_by(datasource_type="table")
.filter_by(datasource_id=ds.id)
.all()
@@ -91,11 +92,12 @@ class TestRolePermission(SupersetTestCase):
create_schema_perm("[examples].[temp_schema]")
gamma_user = security_manager.find_user(username="gamma")
gamma_user.roles.append(security_manager.find_role(SCHEMA_ACCESS_ROLE))
db.session.commit()
session.commit()
def tearDown(self):
session = db.session
ds = (
db.session.query(SqlaTable)
session.query(SqlaTable)
.filter_by(table_name="wb_health_population")
.first()
)
@@ -103,7 +105,7 @@ class TestRolePermission(SupersetTestCase):
ds.schema = None
ds.schema_perm = None
ds_slices = (
db.session.query(Slice)
session.query(Slice)
.filter_by(datasource_type="table")
.filter_by(datasource_id=ds.id)
.all()
@@ -112,20 +114,21 @@ class TestRolePermission(SupersetTestCase):
s.schema_perm = None
delete_schema_perm(schema_perm)
db.session.delete(security_manager.find_role(SCHEMA_ACCESS_ROLE))
db.session.commit()
session.delete(security_manager.find_role(SCHEMA_ACCESS_ROLE))
session.commit()
def test_set_perm_sqla_table(self):
session = db.session
table = SqlaTable(
schema="tmp_schema",
table_name="tmp_perm_table",
database=get_example_database(),
)
db.session.add(table)
db.session.commit()
session.add(table)
session.commit()
stored_table = (
db.session.query(SqlaTable).filter_by(table_name="tmp_perm_table").one()
session.query(SqlaTable).filter_by(table_name="tmp_perm_table").one()
)
self.assertEqual(
stored_table.perm, f"[examples].[tmp_perm_table](id:{stored_table.id})"
@@ -144,9 +147,9 @@ class TestRolePermission(SupersetTestCase):
# table name change
stored_table.table_name = "tmp_perm_table_v2"
db.session.commit()
session.commit()
stored_table = (
db.session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
)
self.assertEqual(
stored_table.perm, f"[examples].[tmp_perm_table_v2](id:{stored_table.id})"
@@ -166,9 +169,9 @@ class TestRolePermission(SupersetTestCase):
# schema name change
stored_table.schema = "tmp_schema_v2"
db.session.commit()
session.commit()
stored_table = (
db.session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
)
self.assertEqual(
stored_table.perm, f"[examples].[tmp_perm_table_v2](id:{stored_table.id})"
@@ -188,13 +191,13 @@ class TestRolePermission(SupersetTestCase):
# database change
new_db = Database(sqlalchemy_uri="some_uri", database_name="tmp_db")
db.session.add(new_db)
session.add(new_db)
stored_table.database = (
db.session.query(Database).filter_by(database_name="tmp_db").one()
session.query(Database).filter_by(database_name="tmp_db").one()
)
db.session.commit()
session.commit()
stored_table = (
db.session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
)
self.assertEqual(
stored_table.perm, f"[tmp_db].[tmp_perm_table_v2](id:{stored_table.id})"
@@ -214,9 +217,9 @@ class TestRolePermission(SupersetTestCase):
# no schema
stored_table.schema = None
db.session.commit()
session.commit()
stored_table = (
db.session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
session.query(SqlaTable).filter_by(table_name="tmp_perm_table_v2").one()
)
self.assertEqual(
stored_table.perm, f"[tmp_db].[tmp_perm_table_v2](id:{stored_table.id})"
@@ -228,25 +231,26 @@ class TestRolePermission(SupersetTestCase):
)
self.assertIsNone(stored_table.schema_perm)
db.session.delete(new_db)
db.session.delete(stored_table)
db.session.commit()
session.delete(new_db)
session.delete(stored_table)
session.commit()
def test_set_perm_druid_datasource(self):
session = db.session
druid_cluster = (
db.session.query(DruidCluster).filter_by(cluster_name="druid_test").one()
session.query(DruidCluster).filter_by(cluster_name="druid_test").one()
)
datasource = DruidDatasource(
datasource_name="tmp_datasource",
cluster=druid_cluster,
cluster_id=druid_cluster.id,
)
db.session.add(datasource)
db.session.commit()
session.add(datasource)
session.commit()
# store without a schema
stored_datasource = (
db.session.query(DruidDatasource)
session.query(DruidDatasource)
.filter_by(datasource_name="tmp_datasource")
.one()
)
@@ -263,7 +267,7 @@ class TestRolePermission(SupersetTestCase):
# store with a schema
stored_datasource.datasource_name = "tmp_schema.tmp_datasource"
db.session.commit()
session.commit()
self.assertEqual(
stored_datasource.perm,
f"[druid_test].[tmp_schema.tmp_datasource](id:{stored_datasource.id})",
@@ -280,15 +284,16 @@ class TestRolePermission(SupersetTestCase):
)
)
db.session.delete(stored_datasource)
db.session.commit()
session.delete(stored_datasource)
session.commit()
def test_set_perm_druid_cluster(self):
session = db.session
cluster = DruidCluster(cluster_name="tmp_druid_cluster")
db.session.add(cluster)
session.add(cluster)
stored_cluster = (
db.session.query(DruidCluster)
session.query(DruidCluster)
.filter_by(cluster_name="tmp_druid_cluster")
.one()
)
@@ -302,7 +307,7 @@ class TestRolePermission(SupersetTestCase):
)
stored_cluster.cluster_name = "tmp_druid_cluster2"
db.session.commit()
session.commit()
self.assertEqual(
stored_cluster.perm, f"[tmp_druid_cluster2].(id:{stored_cluster.id})"
)
@@ -312,17 +317,18 @@ class TestRolePermission(SupersetTestCase):
)
)
db.session.delete(stored_cluster)
db.session.commit()
session.delete(stored_cluster)
session.commit()
def test_set_perm_database(self):
session = db.session
database = Database(
database_name="tmp_database", sqlalchemy_uri="sqlite://test"
)
db.session.add(database)
session.add(database)
stored_db = (
db.session.query(Database).filter_by(database_name="tmp_database").one()
session.query(Database).filter_by(database_name="tmp_database").one()
)
self.assertEqual(stored_db.perm, f"[tmp_database].(id:{stored_db.id})")
self.assertIsNotNone(
@@ -332,9 +338,9 @@ class TestRolePermission(SupersetTestCase):
)
stored_db.database_name = "tmp_database2"
db.session.commit()
session.commit()
stored_db = (
db.session.query(Database).filter_by(database_name="tmp_database2").one()
session.query(Database).filter_by(database_name="tmp_database2").one()
)
self.assertEqual(stored_db.perm, f"[tmp_database2].(id:{stored_db.id})")
self.assertIsNotNone(
@@ -343,8 +349,8 @@ class TestRolePermission(SupersetTestCase):
)
)
db.session.delete(stored_db)
db.session.commit()
session.delete(stored_db)
session.commit()
def test_hybrid_perm_druid_cluster(self):
cluster = DruidCluster(cluster_name="tmp_druid_cluster3")
@@ -394,13 +400,14 @@ class TestRolePermission(SupersetTestCase):
db.session.commit()
def test_set_perm_slice(self):
session = db.session
database = Database(
database_name="tmp_database", sqlalchemy_uri="sqlite://test"
)
table = SqlaTable(table_name="tmp_perm_table", database=database)
db.session.add(database)
db.session.add(table)
db.session.commit()
session.add(database)
session.add(table)
session.commit()
# no schema permission
slice = Slice(
@@ -409,10 +416,10 @@ class TestRolePermission(SupersetTestCase):
datasource_name="tmp_perm_table",
slice_name="slice_name",
)
db.session.add(slice)
db.session.commit()
session.add(slice)
session.commit()
slice = db.session.query(Slice).filter_by(slice_name="slice_name").one()
slice = session.query(Slice).filter_by(slice_name="slice_name").one()
self.assertEqual(slice.perm, table.perm)
self.assertEqual(slice.perm, f"[tmp_database].[tmp_perm_table](id:{table.id})")
self.assertEqual(slice.schema_perm, table.schema_perm)
@@ -420,7 +427,7 @@ class TestRolePermission(SupersetTestCase):
table.schema = "tmp_perm_schema"
table.table_name = "tmp_perm_table_v2"
db.session.commit()
session.commit()
# TODO(bogdan): modify slice permissions on the table update.
self.assertNotEquals(slice.perm, table.perm)
self.assertEqual(slice.perm, f"[tmp_database].[tmp_perm_table](id:{table.id})")
@@ -433,7 +440,7 @@ class TestRolePermission(SupersetTestCase):
# updating slice refreshes the permissions
slice.slice_name = "slice_name_v2"
db.session.commit()
session.commit()
self.assertEqual(slice.perm, table.perm)
self.assertEqual(
slice.perm, f"[tmp_database].[tmp_perm_table_v2](id:{table.id})"
@@ -441,10 +448,11 @@ class TestRolePermission(SupersetTestCase):
self.assertEqual(slice.schema_perm, table.schema_perm)
self.assertEqual(slice.schema_perm, "[tmp_database].[tmp_perm_schema]")
db.session.delete(slice)
db.session.delete(table)
db.session.delete(database)
db.session.commit()
session.delete(slice)
session.delete(table)
session.delete(database)
session.commit()
# TODO test slice permission
@@ -524,11 +532,11 @@ class TestRolePermission(SupersetTestCase):
self.assertNotIn("Girl Name Cloud", data) # birth_names slice, no access
def test_sqllab_gamma_user_schema_access_to_sqllab(self):
example_db = (
db.session.query(Database).filter_by(database_name="examples").one()
)
session = db.session
example_db = session.query(Database).filter_by(database_name="examples").one()
example_db.expose_in_sqllab = True
db.session.commit()
session.commit()
arguments = {
"keys": ["none"],
@@ -951,10 +959,12 @@ class TestRowLevelSecurity(SupersetTestCase):
rls_entry = None
def setUp(self):
session = db.session
# Create the RowLevelSecurityFilter
self.rls_entry = RowLevelSecurityFilter()
self.rls_entry.tables.extend(
db.session.query(SqlaTable)
session.query(SqlaTable)
.filter(SqlaTable.table_name.in_(["energy_usage", "unicode_test"]))
.all()
)
@@ -964,11 +974,13 @@ class TestRowLevelSecurity(SupersetTestCase):
) # db.session.query(Role).filter_by(name="Gamma").first())
self.rls_entry.roles.append(security_manager.find_role("Alpha"))
db.session.add(self.rls_entry)
db.session.commit()
def tearDown(self):
db.session.delete(self.rls_entry)
db.session.commit()
session = db.session
session.delete(self.rls_entry)
session.commit()
# Do another test to make sure it doesn't alter another query
def test_rls_filter_alters_query(self):