mirror of
https://github.com/apache/superset.git
synced 2026-07-11 17:25:31 +00:00
49 lines
1.8 KiB
Python
49 lines
1.8 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
"""Tests for config-based permission extension hooks.
|
|
|
|
Follows the same pattern as EXTRA_DYNAMIC_QUERY_FILTERS tests in
|
|
tests/unit_tests/databases/api_test.py.
|
|
"""
|
|
|
|
from unittest.mock import Mock
|
|
|
|
|
|
def test_raise_for_access_bypass_skips_checks(app_context: None, monkeypatch):
|
|
"""EXTRA_RAISE_FOR_ACCESS_BYPASS returning True skips all permission checks."""
|
|
from flask import current_app
|
|
|
|
from superset import security_manager
|
|
|
|
bypass_mock = Mock(return_value=True)
|
|
monkeypatch.setitem(
|
|
current_app.config, "EXTRA_RAISE_FOR_ACCESS_BYPASS", bypass_mock
|
|
)
|
|
|
|
security_manager.raise_for_access(dashboard=None, chart=None)
|
|
assert bypass_mock.call_count == 1
|
|
|
|
|
|
def test_raise_for_access_no_bypass_without_config(app_context: None, monkeypatch):
|
|
"""Without EXTRA_RAISE_FOR_ACCESS_BYPASS, normal checks proceed."""
|
|
from flask import current_app
|
|
|
|
from superset import security_manager
|
|
|
|
monkeypatch.setitem(current_app.config, "EXTRA_RAISE_FOR_ACCESS_BYPASS", None)
|
|
security_manager.raise_for_access(dashboard=None, chart=None)
|