mirror of
https://github.com/apache/superset.git
synced 2026-04-09 03:16:07 +00:00
111 lines
4.0 KiB
Python
111 lines
4.0 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
from superset.security.manager import SupersetSecurityManager
|
|
|
|
|
|
def test_granular_export_permissions_registered_in_create_custom_permissions(
|
|
app_context: None,
|
|
) -> None:
|
|
"""Verify that create_custom_permissions registers all granular export perms."""
|
|
from superset.extensions import appbuilder
|
|
|
|
sm = SupersetSecurityManager(appbuilder)
|
|
sm.add_permission_view_menu = MagicMock()
|
|
|
|
sm.create_custom_permissions()
|
|
|
|
calls = [
|
|
(call.args[0], call.args[1])
|
|
for call in sm.add_permission_view_menu.call_args_list
|
|
]
|
|
assert ("can_export_data", "Superset") in calls
|
|
assert ("can_export_image", "Superset") in calls
|
|
assert ("can_copy_clipboard", "Superset") in calls
|
|
|
|
|
|
def test_sqllab_extra_permission_views_include_export_perms() -> None:
|
|
"""Verify SQLLAB_EXTRA_PERMISSION_VIEWS includes granular export perms."""
|
|
assert ("can_export_data", "Superset") in (
|
|
SupersetSecurityManager.SQLLAB_EXTRA_PERMISSION_VIEWS
|
|
)
|
|
assert ("can_copy_clipboard", "Superset") in (
|
|
SupersetSecurityManager.SQLLAB_EXTRA_PERMISSION_VIEWS
|
|
)
|
|
|
|
|
|
def test_gamma_excluded_pvms_excludes_export_data_and_image() -> None:
|
|
"""Verify GAMMA_EXCLUDED_PVMS excludes can_export_data and can_export_image."""
|
|
assert ("can_export_data", "Superset") in (
|
|
SupersetSecurityManager.GAMMA_EXCLUDED_PVMS
|
|
)
|
|
assert ("can_export_image", "Superset") in (
|
|
SupersetSecurityManager.GAMMA_EXCLUDED_PVMS
|
|
)
|
|
|
|
|
|
def test_gamma_excluded_pvms_allows_copy_clipboard() -> None:
|
|
"""Verify GAMMA_EXCLUDED_PVMS does NOT exclude can_copy_clipboard."""
|
|
assert ("can_copy_clipboard", "Superset") not in (
|
|
SupersetSecurityManager.GAMMA_EXCLUDED_PVMS
|
|
)
|
|
|
|
|
|
def test_is_gamma_pvm_excludes_export_data(app_context: None) -> None:
|
|
"""Verify _is_gamma_pvm returns False for can_export_data."""
|
|
from superset.extensions import appbuilder
|
|
|
|
sm = SupersetSecurityManager(appbuilder)
|
|
pvm = MagicMock()
|
|
pvm.permission.name = "can_export_data"
|
|
pvm.view_menu.name = "Superset"
|
|
|
|
assert sm._is_gamma_pvm(pvm) is False
|
|
|
|
|
|
def test_is_gamma_pvm_excludes_export_image(app_context: None) -> None:
|
|
"""Verify _is_gamma_pvm returns False for can_export_image."""
|
|
from superset.extensions import appbuilder
|
|
|
|
sm = SupersetSecurityManager(appbuilder)
|
|
pvm = MagicMock()
|
|
pvm.permission.name = "can_export_image"
|
|
pvm.view_menu.name = "Superset"
|
|
|
|
assert sm._is_gamma_pvm(pvm) is False
|
|
|
|
|
|
def test_is_gamma_pvm_allows_copy_clipboard(app_context: None) -> None:
|
|
"""Verify _is_gamma_pvm returns True for can_copy_clipboard."""
|
|
from superset.extensions import appbuilder
|
|
|
|
sm = SupersetSecurityManager(appbuilder)
|
|
pvm = MagicMock()
|
|
pvm.permission.name = "can_copy_clipboard"
|
|
pvm.view_menu.name = "Superset"
|
|
# Ensure the pvm doesn't trigger other exclusion checks
|
|
with (
|
|
patch.object(sm, "_is_user_defined_permission", return_value=False),
|
|
patch.object(sm, "_is_admin_only", return_value=False),
|
|
patch.object(sm, "_is_alpha_only", return_value=False),
|
|
patch.object(sm, "_is_sql_lab_only", return_value=False),
|
|
patch.object(sm, "_is_accessible_to_all", return_value=False),
|
|
):
|
|
assert sm._is_gamma_pvm(pvm) is True
|