2019-01-15 18:53:27 -05:00
|
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
|
|
# or more contributor license agreements. See the NOTICE file
|
|
|
|
# distributed with this work for additional information
|
|
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
|
|
# to you under the Apache License, Version 2.0 (the
|
|
|
|
# "License"); you may not use this file except in compliance
|
|
|
|
# with the License. You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing,
|
|
|
|
# software distributed under the License is distributed on an
|
|
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
|
|
# KIND, either express or implied. See the License for the
|
|
|
|
# specific language governing permissions and limitations
|
|
|
|
# under the License.
|
2019-11-20 10:47:06 -05:00
|
|
|
# isort:skip_file
|
2016-11-10 02:08:22 -05:00
|
|
|
"""Unit tests for Superset"""
|
2016-10-20 18:30:09 -04:00
|
|
|
import json
|
2016-10-02 21:03:19 -04:00
|
|
|
import unittest
|
2019-03-27 17:08:36 -04:00
|
|
|
from unittest import mock
|
2021-11-04 14:09:08 -04:00
|
|
|
|
|
|
|
import pytest
|
|
|
|
from sqlalchemy import inspect
|
|
|
|
|
2021-07-01 11:03:07 -04:00
|
|
|
from tests.integration_tests.fixtures.birth_names_dashboard import (
|
|
|
|
load_birth_names_dashboard_with_slices,
|
|
|
|
)
|
|
|
|
from tests.integration_tests.fixtures.world_bank_dashboard import (
|
|
|
|
load_world_bank_dashboard_with_slices,
|
|
|
|
)
|
|
|
|
from tests.integration_tests.fixtures.energy_dashboard import (
|
|
|
|
load_energy_table_with_slice,
|
|
|
|
)
|
|
|
|
from tests.integration_tests.test_app import app # isort:skip
|
2019-11-20 10:47:06 -05:00
|
|
|
from superset import db, security_manager
|
2017-03-10 12:11:51 -05:00
|
|
|
from superset.connectors.connector_registry import ConnectorRegistry
|
|
|
|
from superset.connectors.druid.models import DruidDatasource
|
2017-11-07 23:23:40 -05:00
|
|
|
from superset.connectors.sqla.models import SqlaTable
|
|
|
|
from superset.models import core as models
|
2019-12-17 19:17:49 -05:00
|
|
|
from superset.models.datasource_access_request import DatasourceAccessRequest
|
2021-11-04 14:09:08 -04:00
|
|
|
from superset.utils.core import get_example_database
|
2019-10-18 17:44:27 -04:00
|
|
|
|
2016-11-10 02:08:22 -05:00
|
|
|
from .base_tests import SupersetTestCase
|
2016-10-02 21:03:19 -04:00
|
|
|
|
2016-10-20 18:30:09 -04:00
|
|
|
ROLE_TABLES_PERM_DATA = {
|
2019-06-25 16:34:48 -04:00
|
|
|
"role_name": "override_me",
|
|
|
|
"database": [
|
|
|
|
{
|
|
|
|
"datasource_type": "table",
|
2019-07-17 00:36:56 -04:00
|
|
|
"name": "examples",
|
2019-06-25 16:34:48 -04:00
|
|
|
"schema": [{"name": "", "datasources": ["birth_names"]}],
|
|
|
|
}
|
|
|
|
],
|
2016-10-20 18:30:09 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
ROLE_ALL_PERM_DATA = {
|
2019-06-25 16:34:48 -04:00
|
|
|
"role_name": "override_me",
|
|
|
|
"database": [
|
|
|
|
{
|
|
|
|
"datasource_type": "table",
|
2019-07-17 00:36:56 -04:00
|
|
|
"name": "examples",
|
2019-06-25 16:34:48 -04:00
|
|
|
"schema": [{"name": "", "datasources": ["birth_names"]}],
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"datasource_type": "druid",
|
|
|
|
"name": "druid_test",
|
|
|
|
"schema": [{"name": "", "datasources": ["druid_ds_1", "druid_ds_2"]}],
|
|
|
|
},
|
2017-11-08 00:32:45 -05:00
|
|
|
],
|
2016-10-20 18:30:09 -04:00
|
|
|
}
|
2016-10-02 21:03:19 -04:00
|
|
|
|
2017-01-24 21:11:51 -05:00
|
|
|
EXTEND_ROLE_REQUEST = (
|
2019-06-25 16:34:48 -04:00
|
|
|
"/superset/approve?datasource_type={}&datasource_id={}&"
|
|
|
|
"created_by={}&role_to_extend={}"
|
|
|
|
)
|
2017-01-24 21:11:51 -05:00
|
|
|
GRANT_ROLE_REQUEST = (
|
2019-06-25 16:34:48 -04:00
|
|
|
"/superset/approve?datasource_type={}&datasource_id={}&"
|
|
|
|
"created_by={}&role_to_grant={}"
|
|
|
|
)
|
|
|
|
TEST_ROLE_1 = "test_role1"
|
|
|
|
TEST_ROLE_2 = "test_role2"
|
|
|
|
DB_ACCESS_ROLE = "db_access_role"
|
|
|
|
SCHEMA_ACCESS_ROLE = "schema_access_role"
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2017-02-08 14:52:58 -05:00
|
|
|
|
2020-08-06 18:33:48 -04:00
|
|
|
def create_access_request(session, ds_type, ds_name, role_name, user_name):
|
2017-03-10 12:11:51 -05:00
|
|
|
ds_class = ConnectorRegistry.sources[ds_type]
|
2017-01-24 21:11:51 -05:00
|
|
|
# TODO: generalize datasource names
|
2019-06-25 16:34:48 -04:00
|
|
|
if ds_type == "table":
|
2020-08-06 18:33:48 -04:00
|
|
|
ds = session.query(ds_class).filter(ds_class.table_name == ds_name).first()
|
2017-01-24 21:11:51 -05:00
|
|
|
else:
|
2020-08-06 18:33:48 -04:00
|
|
|
ds = session.query(ds_class).filter(ds_class.datasource_name == ds_name).first()
|
2018-03-27 19:46:02 -04:00
|
|
|
ds_perm_view = security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", ds.perm
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_permission_role(
|
2019-06-25 16:34:48 -04:00
|
|
|
security_manager.find_role(role_name), ds_perm_view
|
|
|
|
)
|
2019-12-17 19:17:49 -05:00
|
|
|
access_request = DatasourceAccessRequest(
|
2017-01-24 21:11:51 -05:00
|
|
|
datasource_id=ds.id,
|
|
|
|
datasource_type=ds_type,
|
2018-03-27 19:46:02 -04:00
|
|
|
created_by_fk=security_manager.find_user(username=user_name).id,
|
2017-01-24 21:11:51 -05:00
|
|
|
)
|
2020-08-06 18:33:48 -04:00
|
|
|
session.add(access_request)
|
|
|
|
session.commit()
|
2017-01-24 21:11:51 -05:00
|
|
|
return access_request
|
|
|
|
|
2016-10-21 19:09:51 -04:00
|
|
|
|
2020-06-29 18:36:06 -04:00
|
|
|
class TestRequestAccess(SupersetTestCase):
|
2016-10-20 18:30:09 -04:00
|
|
|
@classmethod
|
|
|
|
def setUpClass(cls):
|
2019-11-20 10:47:06 -05:00
|
|
|
with app.app_context():
|
2020-06-29 18:36:06 -04:00
|
|
|
cls.create_druid_test_objects()
|
|
|
|
|
2019-11-20 10:47:06 -05:00
|
|
|
security_manager.add_role("override_me")
|
|
|
|
security_manager.add_role(TEST_ROLE_1)
|
|
|
|
security_manager.add_role(TEST_ROLE_2)
|
|
|
|
security_manager.add_role(DB_ACCESS_ROLE)
|
|
|
|
security_manager.add_role(SCHEMA_ACCESS_ROLE)
|
|
|
|
db.session.commit()
|
2016-10-20 18:30:09 -04:00
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def tearDownClass(cls):
|
2019-11-20 10:47:06 -05:00
|
|
|
with app.app_context():
|
|
|
|
override_me = security_manager.find_role("override_me")
|
|
|
|
db.session.delete(override_me)
|
|
|
|
db.session.delete(security_manager.find_role(TEST_ROLE_1))
|
|
|
|
db.session.delete(security_manager.find_role(TEST_ROLE_2))
|
|
|
|
db.session.delete(security_manager.find_role(DB_ACCESS_ROLE))
|
|
|
|
db.session.delete(security_manager.find_role(SCHEMA_ACCESS_ROLE))
|
|
|
|
db.session.commit()
|
2016-10-20 18:30:09 -04:00
|
|
|
|
|
|
|
def setUp(self):
|
2019-06-25 16:34:48 -04:00
|
|
|
self.login("admin")
|
2016-10-20 18:30:09 -04:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
self.logout()
|
2019-06-25 16:34:48 -04:00
|
|
|
override_me = security_manager.find_role("override_me")
|
2016-10-20 18:30:09 -04:00
|
|
|
override_me.permissions = []
|
|
|
|
db.session.commit()
|
2020-08-06 18:33:48 -04:00
|
|
|
db.session.close()
|
2016-10-20 18:30:09 -04:00
|
|
|
|
|
|
|
def test_override_role_permissions_is_admin_only(self):
|
|
|
|
self.logout()
|
2019-06-25 16:34:48 -04:00
|
|
|
self.login("alpha")
|
2016-10-20 18:30:09 -04:00
|
|
|
response = self.client.post(
|
2019-06-25 16:34:48 -04:00
|
|
|
"/superset/override_role_permissions/",
|
2016-10-20 18:30:09 -04:00
|
|
|
data=json.dumps(ROLE_TABLES_PERM_DATA),
|
2019-06-25 16:34:48 -04:00
|
|
|
content_type="application/json",
|
|
|
|
follow_redirects=True,
|
|
|
|
)
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertNotEqual(405, response.status_code)
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2021-01-11 08:57:55 -05:00
|
|
|
@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
|
2016-10-20 18:30:09 -04:00
|
|
|
def test_override_role_permissions_1_table(self):
|
2021-11-04 14:09:08 -04:00
|
|
|
database = get_example_database()
|
|
|
|
engine = database.get_sqla_engine()
|
|
|
|
schema = inspect(engine).default_schema_name
|
|
|
|
|
|
|
|
perm_data = ROLE_TABLES_PERM_DATA.copy()
|
|
|
|
perm_data["database"][0]["schema"][0]["name"] = schema
|
|
|
|
|
2016-10-20 18:30:09 -04:00
|
|
|
response = self.client.post(
|
2019-06-25 16:34:48 -04:00
|
|
|
"/superset/override_role_permissions/",
|
2021-11-04 14:09:08 -04:00
|
|
|
data=json.dumps(perm_data),
|
2019-06-25 16:34:48 -04:00
|
|
|
content_type="application/json",
|
|
|
|
)
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(201, response.status_code)
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
updated_override_me = security_manager.find_role("override_me")
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(1, len(updated_override_me.permissions))
|
2021-08-02 15:45:55 -04:00
|
|
|
birth_names = self.get_table(name="birth_names")
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
birth_names.perm, updated_override_me.permissions[0].view_menu.name
|
|
|
|
)
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", updated_override_me.permissions[0].permission.name
|
|
|
|
)
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2021-01-11 08:57:55 -05:00
|
|
|
@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
|
2016-10-20 18:30:09 -04:00
|
|
|
def test_override_role_permissions_druid_and_table(self):
|
2021-11-04 14:09:08 -04:00
|
|
|
database = get_example_database()
|
|
|
|
engine = database.get_sqla_engine()
|
|
|
|
schema = inspect(engine).default_schema_name
|
|
|
|
|
|
|
|
perm_data = ROLE_ALL_PERM_DATA.copy()
|
|
|
|
perm_data["database"][0]["schema"][0]["name"] = schema
|
2016-10-20 18:30:09 -04:00
|
|
|
response = self.client.post(
|
2019-06-25 16:34:48 -04:00
|
|
|
"/superset/override_role_permissions/",
|
2016-10-20 18:30:09 -04:00
|
|
|
data=json.dumps(ROLE_ALL_PERM_DATA),
|
2019-06-25 16:34:48 -04:00
|
|
|
content_type="application/json",
|
|
|
|
)
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(201, response.status_code)
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
updated_role = security_manager.find_role("override_me")
|
|
|
|
perms = sorted(updated_role.permissions, key=lambda p: p.view_menu.name)
|
|
|
|
druid_ds_1 = self.get_druid_ds_by_name("druid_ds_1")
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(druid_ds_1.perm, perms[0].view_menu.name)
|
|
|
|
self.assertEqual("datasource_access", perms[0].permission.name)
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
druid_ds_2 = self.get_druid_ds_by_name("druid_ds_2")
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(druid_ds_2.perm, perms[1].view_menu.name)
|
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", updated_role.permissions[1].permission.name
|
|
|
|
)
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2021-08-02 15:45:55 -04:00
|
|
|
birth_names = self.get_table(name="birth_names")
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(birth_names.perm, perms[2].view_menu.name)
|
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", updated_role.permissions[2].permission.name
|
|
|
|
)
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(3, len(perms))
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2021-01-11 08:57:55 -05:00
|
|
|
@pytest.mark.usefixtures(
|
|
|
|
"load_energy_table_with_slice", "load_birth_names_dashboard_with_slices"
|
|
|
|
)
|
2016-10-20 18:30:09 -04:00
|
|
|
def test_override_role_permissions_drops_absent_perms(self):
|
2021-11-04 14:09:08 -04:00
|
|
|
database = get_example_database()
|
|
|
|
engine = database.get_sqla_engine()
|
|
|
|
schema = inspect(engine).default_schema_name
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
override_me = security_manager.find_role("override_me")
|
2016-10-20 18:30:09 -04:00
|
|
|
override_me.permissions.append(
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.find_permission_view_menu(
|
2021-08-02 15:45:55 -04:00
|
|
|
view_menu_name=self.get_table(name="energy_usage").perm,
|
2019-06-25 16:34:48 -04:00
|
|
|
permission_name="datasource_access",
|
|
|
|
)
|
2016-10-20 18:30:09 -04:00
|
|
|
)
|
|
|
|
db.session.flush()
|
|
|
|
|
2021-11-04 14:09:08 -04:00
|
|
|
perm_data = ROLE_TABLES_PERM_DATA.copy()
|
|
|
|
perm_data["database"][0]["schema"][0]["name"] = schema
|
|
|
|
|
2016-10-20 18:30:09 -04:00
|
|
|
response = self.client.post(
|
2019-06-25 16:34:48 -04:00
|
|
|
"/superset/override_role_permissions/",
|
2021-11-04 14:09:08 -04:00
|
|
|
data=json.dumps(perm_data),
|
2019-06-25 16:34:48 -04:00
|
|
|
content_type="application/json",
|
|
|
|
)
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(201, response.status_code)
|
2019-06-25 16:34:48 -04:00
|
|
|
updated_override_me = security_manager.find_role("override_me")
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(1, len(updated_override_me.permissions))
|
2021-08-02 15:45:55 -04:00
|
|
|
birth_names = self.get_table(name="birth_names")
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
birth_names.perm, updated_override_me.permissions[0].view_menu.name
|
|
|
|
)
|
2019-10-21 10:49:12 -04:00
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", updated_override_me.permissions[0].permission.name
|
|
|
|
)
|
2016-10-20 18:30:09 -04:00
|
|
|
|
2017-01-24 21:11:51 -05:00
|
|
|
def test_clean_requests_after_role_extend(self):
|
2020-08-06 18:33:48 -04:00
|
|
|
session = db.session
|
2017-01-24 21:11:51 -05:00
|
|
|
|
|
|
|
# Case 1. Gamma and gamma2 requested test_role1 on energy_usage access
|
|
|
|
# Gamma already has role test_role1
|
|
|
|
# Extend test_role1 with energy_usage access for gamma2
|
|
|
|
# Check if access request for gamma at energy_usage was deleted
|
|
|
|
|
|
|
|
# gamma2 and gamma request table_role on energy usage
|
2019-10-30 19:19:16 -04:00
|
|
|
if app.config["ENABLE_ACCESS_REQUEST"]:
|
2018-02-14 17:49:22 -05:00
|
|
|
access_request1 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "table", "random_time_series", TEST_ROLE_1, "gamma2"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
ds_1_id = access_request1.datasource_id
|
2020-08-06 18:33:48 -04:00
|
|
|
create_access_request(
|
|
|
|
session, "table", "random_time_series", TEST_ROLE_1, "gamma"
|
|
|
|
)
|
2019-06-25 16:34:48 -04:00
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
self.assertTrue(access_requests)
|
|
|
|
# gamma gets test_role1
|
2019-06-25 16:34:48 -04:00
|
|
|
self.get_resp(
|
|
|
|
GRANT_ROLE_REQUEST.format("table", ds_1_id, "gamma", TEST_ROLE_1)
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
# extend test_role1 with access on energy usage
|
2019-06-25 16:34:48 -04:00
|
|
|
self.client.get(
|
|
|
|
EXTEND_ROLE_REQUEST.format("table", ds_1_id, "gamma2", TEST_ROLE_1)
|
|
|
|
)
|
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
self.assertFalse(access_requests)
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
|
|
|
gamma_user.roles.remove(security_manager.find_role("test_role1"))
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2021-01-11 08:57:55 -05:00
|
|
|
@pytest.mark.usefixtures("load_birth_names_dashboard_with_slices")
|
2017-01-24 21:11:51 -05:00
|
|
|
def test_clean_requests_after_alpha_grant(self):
|
2020-08-06 18:33:48 -04:00
|
|
|
session = db.session
|
|
|
|
|
2017-01-24 21:11:51 -05:00
|
|
|
# Case 2. Two access requests from gamma and gamma2
|
|
|
|
# Gamma becomes alpha, gamma2 gets granted
|
|
|
|
# Check if request by gamma has been deleted
|
|
|
|
|
|
|
|
access_request1 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "table", "birth_names", TEST_ROLE_1, "gamma"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2020-08-06 18:33:48 -04:00
|
|
|
create_access_request(session, "table", "birth_names", TEST_ROLE_2, "gamma2")
|
2017-01-24 21:11:51 -05:00
|
|
|
ds_1_id = access_request1.datasource_id
|
|
|
|
# gamma becomes alpha
|
2019-06-25 16:34:48 -04:00
|
|
|
alpha_role = security_manager.find_role("Alpha")
|
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
2017-01-24 21:11:51 -05:00
|
|
|
gamma_user.roles.append(alpha_role)
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2019-06-25 16:34:48 -04:00
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2017-01-24 21:11:51 -05:00
|
|
|
self.assertTrue(access_requests)
|
2019-06-25 16:34:48 -04:00
|
|
|
self.client.get(
|
|
|
|
EXTEND_ROLE_REQUEST.format("table", ds_1_id, "gamma2", TEST_ROLE_2)
|
|
|
|
)
|
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2017-01-24 21:11:51 -05:00
|
|
|
self.assertFalse(access_requests)
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
|
|
|
gamma_user.roles.remove(security_manager.find_role("Alpha"))
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2020-12-09 15:02:29 -05:00
|
|
|
@pytest.mark.usefixtures("load_energy_table_with_slice")
|
2017-01-24 21:11:51 -05:00
|
|
|
def test_clean_requests_after_db_grant(self):
|
2020-08-06 18:33:48 -04:00
|
|
|
session = db.session
|
|
|
|
|
2017-01-24 21:11:51 -05:00
|
|
|
# Case 3. Two access requests from gamma and gamma2
|
|
|
|
# Gamma gets database access, gamma2 access request granted
|
|
|
|
# Check if request by gamma has been deleted
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
2017-01-24 21:11:51 -05:00
|
|
|
access_request1 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "table", "energy_usage", TEST_ROLE_1, "gamma"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2020-08-06 18:33:48 -04:00
|
|
|
create_access_request(session, "table", "energy_usage", TEST_ROLE_2, "gamma2")
|
2017-01-24 21:11:51 -05:00
|
|
|
ds_1_id = access_request1.datasource_id
|
|
|
|
# gamma gets granted database access
|
2020-08-06 18:33:48 -04:00
|
|
|
database = session.query(models.Database).first()
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
security_manager.add_permission_view_menu("database_access", database.perm)
|
2018-03-27 19:46:02 -04:00
|
|
|
ds_perm_view = security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"database_access", database.perm
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_permission_role(
|
2019-06-25 16:34:48 -04:00
|
|
|
security_manager.find_role(DB_ACCESS_ROLE), ds_perm_view
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
gamma_user.roles.append(security_manager.find_role(DB_ACCESS_ROLE))
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2019-06-25 16:34:48 -04:00
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2017-01-24 21:11:51 -05:00
|
|
|
self.assertTrue(access_requests)
|
|
|
|
# gamma2 request gets fulfilled
|
2019-06-25 16:34:48 -04:00
|
|
|
self.client.get(
|
|
|
|
EXTEND_ROLE_REQUEST.format("table", ds_1_id, "gamma2", TEST_ROLE_2)
|
|
|
|
)
|
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2017-01-24 21:11:51 -05:00
|
|
|
|
|
|
|
self.assertFalse(access_requests)
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
2018-03-27 19:46:02 -04:00
|
|
|
gamma_user.roles.remove(security_manager.find_role(DB_ACCESS_ROLE))
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2021-01-13 17:20:05 -05:00
|
|
|
@pytest.mark.usefixtures("load_world_bank_dashboard_with_slices")
|
2017-01-24 21:11:51 -05:00
|
|
|
def test_clean_requests_after_schema_grant(self):
|
2020-08-06 18:33:48 -04:00
|
|
|
session = db.session
|
|
|
|
|
2017-01-24 21:11:51 -05:00
|
|
|
# Case 4. Two access requests from gamma and gamma2
|
|
|
|
# Gamma gets schema access, gamma2 access request granted
|
|
|
|
# Check if request by gamma has been deleted
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
2017-01-24 21:11:51 -05:00
|
|
|
access_request1 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "table", "wb_health_population", TEST_ROLE_1, "gamma"
|
|
|
|
)
|
|
|
|
create_access_request(
|
|
|
|
session, "table", "wb_health_population", TEST_ROLE_2, "gamma2"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2017-01-24 21:11:51 -05:00
|
|
|
ds_1_id = access_request1.datasource_id
|
2019-06-25 16:34:48 -04:00
|
|
|
ds = (
|
2020-08-06 18:33:48 -04:00
|
|
|
session.query(SqlaTable)
|
2019-06-25 16:34:48 -04:00
|
|
|
.filter_by(table_name="wb_health_population")
|
|
|
|
.first()
|
|
|
|
)
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
ds.schema = "temp_schema"
|
|
|
|
security_manager.add_permission_view_menu("schema_access", ds.schema_perm)
|
2018-03-27 19:46:02 -04:00
|
|
|
schema_perm_view = security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"schema_access", ds.schema_perm
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_permission_role(
|
2019-06-25 16:34:48 -04:00
|
|
|
security_manager.find_role(SCHEMA_ACCESS_ROLE), schema_perm_view
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
gamma_user.roles.append(security_manager.find_role(SCHEMA_ACCESS_ROLE))
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2017-01-24 21:11:51 -05:00
|
|
|
# gamma2 request gets fulfilled
|
2019-06-25 16:34:48 -04:00
|
|
|
self.client.get(
|
|
|
|
EXTEND_ROLE_REQUEST.format("table", ds_1_id, "gamma2", TEST_ROLE_2)
|
|
|
|
)
|
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2017-01-24 21:11:51 -05:00
|
|
|
self.assertFalse(access_requests)
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
2018-03-27 19:46:02 -04:00
|
|
|
gamma_user.roles.remove(security_manager.find_role(SCHEMA_ACCESS_ROLE))
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
ds = (
|
2020-08-06 18:33:48 -04:00
|
|
|
session.query(SqlaTable)
|
2019-06-25 16:34:48 -04:00
|
|
|
.filter_by(table_name="wb_health_population")
|
|
|
|
.first()
|
|
|
|
)
|
2017-01-24 21:11:51 -05:00
|
|
|
ds.schema = None
|
|
|
|
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2017-01-24 21:11:51 -05:00
|
|
|
|
2020-06-26 11:49:12 -04:00
|
|
|
@mock.patch("superset.utils.core.send_mime_email")
|
2017-01-13 22:30:17 -05:00
|
|
|
def test_approve(self, mock_send_mime):
|
2019-10-30 19:19:16 -04:00
|
|
|
if app.config["ENABLE_ACCESS_REQUEST"]:
|
2020-08-06 18:33:48 -04:00
|
|
|
session = db.session
|
2019-06-25 16:34:48 -04:00
|
|
|
TEST_ROLE_NAME = "table_role"
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_role(TEST_ROLE_NAME)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# Case 1. Grant new role to the user.
|
|
|
|
|
|
|
|
access_request1 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "table", "unicode_test", TEST_ROLE_NAME, "gamma"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
ds_1_id = access_request1.datasource_id
|
2019-06-25 16:34:48 -04:00
|
|
|
self.get_resp(
|
|
|
|
GRANT_ROLE_REQUEST.format("table", ds_1_id, "gamma", TEST_ROLE_NAME)
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
# Test email content.
|
|
|
|
self.assertTrue(mock_send_mime.called)
|
|
|
|
call_args = mock_send_mime.call_args[0]
|
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
[
|
|
|
|
security_manager.find_user(username="gamma").email,
|
|
|
|
security_manager.find_user(username="admin").email,
|
|
|
|
],
|
|
|
|
call_args[1],
|
|
|
|
)
|
|
|
|
self.assertEqual(
|
|
|
|
"[Superset] Access to the datasource {} was granted".format(
|
2020-04-23 07:30:48 -04:00
|
|
|
self.get_table_by_id(ds_1_id).full_name
|
2019-06-25 16:34:48 -04:00
|
|
|
),
|
|
|
|
call_args[2]["Subject"],
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
self.assertIn(TEST_ROLE_NAME, call_args[2].as_string())
|
2019-06-25 16:34:48 -04:00
|
|
|
self.assertIn("unicode_test", call_args[2].as_string())
|
2018-02-14 17:49:22 -05:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_1_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
# request was removed
|
|
|
|
self.assertFalse(access_requests)
|
|
|
|
# user was granted table_role
|
2019-06-25 16:34:48 -04:00
|
|
|
user_roles = [r.name for r in security_manager.find_user("gamma").roles]
|
2018-02-14 17:49:22 -05:00
|
|
|
self.assertIn(TEST_ROLE_NAME, user_roles)
|
|
|
|
|
|
|
|
# Case 2. Extend the role to have access to the table
|
|
|
|
|
|
|
|
access_request2 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "table", "energy_usage", TEST_ROLE_NAME, "gamma"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
ds_2_id = access_request2.datasource_id
|
2018-11-19 18:27:25 -05:00
|
|
|
energy_usage_perm = access_request2.datasource.perm
|
2018-02-14 17:49:22 -05:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
self.client.get(
|
|
|
|
EXTEND_ROLE_REQUEST.format(
|
|
|
|
"table", access_request2.datasource_id, "gamma", TEST_ROLE_NAME
|
|
|
|
)
|
|
|
|
)
|
|
|
|
access_requests = self.get_access_requests("gamma", "table", ds_2_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# Test email content.
|
|
|
|
self.assertTrue(mock_send_mime.called)
|
|
|
|
call_args = mock_send_mime.call_args[0]
|
|
|
|
self.assertEqual(
|
2019-06-25 16:34:48 -04:00
|
|
|
[
|
|
|
|
security_manager.find_user(username="gamma").email,
|
|
|
|
security_manager.find_user(username="admin").email,
|
|
|
|
],
|
|
|
|
call_args[1],
|
|
|
|
)
|
|
|
|
self.assertEqual(
|
|
|
|
"[Superset] Access to the datasource {} was granted".format(
|
2020-04-23 07:30:48 -04:00
|
|
|
self.get_table_by_id(ds_2_id).full_name
|
2019-06-25 16:34:48 -04:00
|
|
|
),
|
|
|
|
call_args[2]["Subject"],
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
self.assertIn(TEST_ROLE_NAME, call_args[2].as_string())
|
2019-06-25 16:34:48 -04:00
|
|
|
self.assertIn("energy_usage", call_args[2].as_string())
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# request was removed
|
|
|
|
self.assertFalse(access_requests)
|
2018-11-19 18:27:25 -05:00
|
|
|
# table_role was extended to grant access to the energy_usage table/
|
2018-03-27 19:46:02 -04:00
|
|
|
perm_view = security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", energy_usage_perm
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
TEST_ROLE = security_manager.find_role(TEST_ROLE_NAME)
|
2018-02-14 17:49:22 -05:00
|
|
|
self.assertIn(perm_view, TEST_ROLE.permissions)
|
|
|
|
|
|
|
|
# Case 3. Grant new role to the user to access the druid datasource.
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
security_manager.add_role("druid_role")
|
2018-02-14 17:49:22 -05:00
|
|
|
access_request3 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "druid", "druid_ds_1", "druid_role", "gamma"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
|
|
|
self.get_resp(
|
|
|
|
GRANT_ROLE_REQUEST.format(
|
|
|
|
"druid", access_request3.datasource_id, "gamma", "druid_role"
|
|
|
|
)
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# user was granted table_role
|
2019-06-25 16:34:48 -04:00
|
|
|
user_roles = [r.name for r in security_manager.find_user("gamma").roles]
|
|
|
|
self.assertIn("druid_role", user_roles)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# Case 4. Extend the role to have access to the druid datasource
|
|
|
|
|
|
|
|
access_request4 = create_access_request(
|
2020-08-06 18:33:48 -04:00
|
|
|
session, "druid", "druid_ds_2", "druid_role", "gamma"
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
druid_ds_2_perm = access_request4.datasource.perm
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
self.client.get(
|
|
|
|
EXTEND_ROLE_REQUEST.format(
|
|
|
|
"druid", access_request4.datasource_id, "gamma", "druid_role"
|
|
|
|
)
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
# druid_role was extended to grant access to the druid_access_ds_2
|
2019-06-25 16:34:48 -04:00
|
|
|
druid_role = security_manager.find_role("druid_role")
|
2018-03-27 19:46:02 -04:00
|
|
|
perm_view = security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", druid_ds_2_perm
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
self.assertIn(perm_view, druid_role.permissions)
|
|
|
|
|
|
|
|
# cleanup
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
|
|
|
gamma_user.roles.remove(security_manager.find_role("druid_role"))
|
2018-03-27 19:46:02 -04:00
|
|
|
gamma_user.roles.remove(security_manager.find_role(TEST_ROLE_NAME))
|
2020-08-06 18:33:48 -04:00
|
|
|
session.delete(security_manager.find_role("druid_role"))
|
|
|
|
session.delete(security_manager.find_role(TEST_ROLE_NAME))
|
|
|
|
session.commit()
|
2016-10-02 21:03:19 -04:00
|
|
|
|
|
|
|
def test_request_access(self):
|
2019-10-30 19:19:16 -04:00
|
|
|
if app.config["ENABLE_ACCESS_REQUEST"]:
|
2020-08-06 18:33:48 -04:00
|
|
|
session = db.session
|
2018-02-14 17:49:22 -05:00
|
|
|
self.logout()
|
2019-06-25 16:34:48 -04:00
|
|
|
self.login(username="gamma")
|
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
|
|
|
security_manager.add_role("dummy_role")
|
|
|
|
gamma_user.roles.append(security_manager.find_role("dummy_role"))
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
ACCESS_REQUEST = (
|
2019-06-25 16:34:48 -04:00
|
|
|
"/superset/request_access?"
|
|
|
|
"datasource_type={}&"
|
|
|
|
"datasource_id={}&"
|
|
|
|
"action={}&"
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
ROLE_GRANT_LINK = (
|
|
|
|
'<a href="/superset/approve?datasource_type={}&datasource_id={}&'
|
2019-06-25 16:34:48 -04:00
|
|
|
'created_by={}&role_to_grant={}">Grant {} Role</a>'
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# Request table access, there are no roles have this table.
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
table1 = (
|
2020-08-06 18:33:48 -04:00
|
|
|
session.query(SqlaTable)
|
2019-06-25 16:34:48 -04:00
|
|
|
.filter_by(table_name="random_time_series")
|
|
|
|
.first()
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
table_1_id = table1.id
|
|
|
|
|
|
|
|
# request access to the table
|
2019-06-25 16:34:48 -04:00
|
|
|
resp = self.get_resp(ACCESS_REQUEST.format("table", table_1_id, "go"))
|
|
|
|
assert "Access was requested" in resp
|
|
|
|
access_request1 = self.get_access_requests("gamma", "table", table_1_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
assert access_request1 is not None
|
|
|
|
|
|
|
|
# Request access, roles exist that contains the table.
|
|
|
|
# add table to the existing roles
|
2019-06-25 16:34:48 -04:00
|
|
|
table3 = (
|
2020-08-06 18:33:48 -04:00
|
|
|
session.query(SqlaTable).filter_by(table_name="energy_usage").first()
|
2019-06-25 16:34:48 -04:00
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
table_3_id = table3.id
|
|
|
|
table3_perm = table3.perm
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
security_manager.add_role("energy_usage_role")
|
|
|
|
alpha_role = security_manager.find_role("Alpha")
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_permission_role(
|
2018-02-14 17:49:22 -05:00
|
|
|
alpha_role,
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", table3_perm
|
|
|
|
),
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_permission_role(
|
2019-06-25 16:34:48 -04:00
|
|
|
security_manager.find_role("energy_usage_role"),
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", table3_perm
|
|
|
|
),
|
|
|
|
)
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2018-02-14 17:49:22 -05:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
self.get_resp(ACCESS_REQUEST.format("table", table_3_id, "go"))
|
|
|
|
access_request3 = self.get_access_requests("gamma", "table", table_3_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
approve_link_3 = ROLE_GRANT_LINK.format(
|
2019-06-25 16:34:48 -04:00
|
|
|
"table", table_3_id, "gamma", "energy_usage_role", "energy_usage_role"
|
|
|
|
)
|
|
|
|
self.assertEqual(
|
|
|
|
access_request3.roles_with_datasource,
|
|
|
|
"<ul><li>{}</li></ul>".format(approve_link_3),
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# Request druid access, there are no roles have this table.
|
2019-06-25 16:34:48 -04:00
|
|
|
druid_ds_4 = (
|
2020-08-06 18:33:48 -04:00
|
|
|
session.query(DruidDatasource)
|
2019-06-25 16:34:48 -04:00
|
|
|
.filter_by(datasource_name="druid_ds_1")
|
|
|
|
.first()
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
druid_ds_4_id = druid_ds_4.id
|
|
|
|
|
|
|
|
# request access to the table
|
2019-06-25 16:34:48 -04:00
|
|
|
self.get_resp(ACCESS_REQUEST.format("druid", druid_ds_4_id, "go"))
|
|
|
|
access_request4 = self.get_access_requests("gamma", "druid", druid_ds_4_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
2020-04-04 16:23:18 -04:00
|
|
|
self.assertEqual(access_request4.roles_with_datasource, "<ul></ul>")
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# Case 5. Roles exist that contains the druid datasource.
|
|
|
|
# add druid ds to the existing roles
|
2019-06-25 16:34:48 -04:00
|
|
|
druid_ds_5 = (
|
2020-08-06 18:33:48 -04:00
|
|
|
session.query(DruidDatasource)
|
2019-06-25 16:34:48 -04:00
|
|
|
.filter_by(datasource_name="druid_ds_2")
|
|
|
|
.first()
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
druid_ds_5_id = druid_ds_5.id
|
|
|
|
druid_ds_5_perm = druid_ds_5.perm
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
druid_ds_2_role = security_manager.add_role("druid_ds_2_role")
|
|
|
|
admin_role = security_manager.find_role("Admin")
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_permission_role(
|
2018-02-14 17:49:22 -05:00
|
|
|
admin_role,
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", druid_ds_5_perm
|
|
|
|
),
|
|
|
|
)
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.add_permission_role(
|
2018-02-14 17:49:22 -05:00
|
|
|
druid_ds_2_role,
|
2018-03-27 19:46:02 -04:00
|
|
|
security_manager.find_permission_view_menu(
|
2019-06-25 16:34:48 -04:00
|
|
|
"datasource_access", druid_ds_5_perm
|
|
|
|
),
|
|
|
|
)
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2018-02-14 17:49:22 -05:00
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
self.get_resp(ACCESS_REQUEST.format("druid", druid_ds_5_id, "go"))
|
|
|
|
access_request5 = self.get_access_requests("gamma", "druid", druid_ds_5_id)
|
2018-02-14 17:49:22 -05:00
|
|
|
approve_link_5 = ROLE_GRANT_LINK.format(
|
2019-06-25 16:34:48 -04:00
|
|
|
"druid", druid_ds_5_id, "gamma", "druid_ds_2_role", "druid_ds_2_role"
|
|
|
|
)
|
|
|
|
self.assertEqual(
|
|
|
|
access_request5.roles_with_datasource,
|
|
|
|
"<ul><li>{}</li></ul>".format(approve_link_5),
|
|
|
|
)
|
2018-02-14 17:49:22 -05:00
|
|
|
|
|
|
|
# cleanup
|
2019-06-25 16:34:48 -04:00
|
|
|
gamma_user = security_manager.find_user(username="gamma")
|
|
|
|
gamma_user.roles.remove(security_manager.find_role("dummy_role"))
|
2020-08-06 18:33:48 -04:00
|
|
|
session.commit()
|
2016-10-02 21:03:19 -04:00
|
|
|
|
|
|
|
|
2019-06-25 16:34:48 -04:00
|
|
|
if __name__ == "__main__":
|
2016-10-02 21:03:19 -04:00
|
|
|
unittest.main()
|