From 8a406b18f5cce1b4a941e05bd53e98ed3fddb28a Mon Sep 17 00:00:00 2001
From: Andrii Sydorchuk <sydorchuk.andriy@gmail.com>
Date: Tue, 17 May 2016 00:24:43 -0400
Subject: [PATCH] Add PUBLIC_ROLE_LIKE_GAMMA config flag (#473)

---
 caravel/config.py   |  9 +++++++++
 caravel/utils.py    | 37 +++++++++++++++++++++----------------
 tests/core_tests.py | 22 ++++++----------------
 3 files changed, 36 insertions(+), 32 deletions(-)

diff --git a/caravel/config.py b/caravel/config.py
index 99b3fb1940..e20c4ef976 100644
--- a/caravel/config.py
+++ b/caravel/config.py
@@ -93,6 +93,15 @@ AUTH_TYPE = AUTH_DB
 #    { 'name': 'AOL', 'url': 'http://openid.aol.com/<username>' },
 #    { 'name': 'Flickr', 'url': 'http://www.flickr.com/<username>' },
 #    { 'name': 'MyOpenID', 'url': 'https://www.myopenid.com' }]
+
+# ---------------------------------------------------
+# Roles config
+# ---------------------------------------------------
+# Grant public role the same set of permissions as for the GAMMA role.
+# This is useful if one wants to enable anonymous users to view
+# dashboards. Explicit grant on specific datasets is still required.
+PUBLIC_ROLE_LIKE_GAMMA = False
+
 # ---------------------------------------------------
 # Babel config for translations
 # ---------------------------------------------------
diff --git a/caravel/utils.py b/caravel/utils.py
index b473a9f9f0..7e3d4c079f 100644
--- a/caravel/utils.py
+++ b/caravel/utils.py
@@ -154,6 +154,7 @@ def init(caravel):
     sm = caravel.appbuilder.sm
     alpha = sm.add_role("Alpha")
     admin = sm.add_role("Admin")
+    config = caravel.app.config
 
     merge_perm(sm, 'all_datasource_access', 'all_datasource_access')
 
@@ -167,24 +168,28 @@ def init(caravel):
             sm.add_permission_role(alpha, perm)
         sm.add_permission_role(admin, perm)
     gamma = sm.add_role("Gamma")
+    public_role = sm.find_role("Public")
+    public_role_like_gamma = \
+        public_role and config.get('PUBLIC_ROLE_LIKE_GAMMA', False)
     for perm in perms:
-        if(
-                perm.view_menu and perm.view_menu.name not in (
-                    'ResetPasswordView',
-                    'RoleModelView',
-                    'UserDBModelView',
-                    'Security') and
-                perm.permission.name not in (
-                    'all_datasource_access',
-                    'can_add',
-                    'can_download',
-                    'can_delete',
-                    'can_edit',
-                    'can_save',
-                    'datasource_access',
-                    'muldelete',
-                )):
+        if (perm.view_menu and perm.view_menu.name not in (
+                'ResetPasswordView',
+                'RoleModelView',
+                'UserDBModelView',
+                'Security') and
+            perm.permission.name not in (
+                'all_datasource_access',
+                'can_add',
+                'can_download',
+                'can_delete',
+                'can_edit',
+                'can_save',
+                'datasource_access',
+                'muldelete',
+            )):
             sm.add_permission_role(gamma, perm)
+            if public_role_like_gamma:
+                sm.add_permission_role(public_role, perm)
     session = db.session()
     table_perms = [
         table.perm for table in session.query(models.SqlaTable).all()]
diff --git a/tests/core_tests.py b/tests/core_tests.py
index 362bd56cbb..3b66dc3209 100644
--- a/tests/core_tests.py
+++ b/tests/core_tests.py
@@ -24,6 +24,7 @@ app.config['TESTING'] = True
 app.config['CSRF_ENABLED'] = False
 app.config['SECRET_KEY'] = 'thisismyscretkey'
 app.config['WTF_CSRF_ENABLED'] = False
+app.config['PUBLIC_ROLE_LIKE_GAMMA'] = True
 BASE_DIR = app.config.get("BASE_DIR")
 cli = imp.load_source('cli', BASE_DIR + "/bin/caravel")
 
@@ -68,20 +69,9 @@ class CaravelTestCase(unittest.TestCase):
         public_role = appbuilder.sm.find_role('Public')
         perms = db.session.query(ab_models.PermissionView).all()
         for perm in perms:
-            if perm.permission.name not in (
-                'can_list',
-                'can_dashboard',
-                'can_explore',
-                'datasource_access'):
-                continue
-            if not perm.view_menu:
-                continue
-            if perm.view_menu.name not in (
-                'SliceModelView',
-                'DashboardModelView',
-                'Caravel') and dashboard_name not in perm.view_menu.name:
-                continue
-            appbuilder.sm.add_permission_role(public_role, perm)
+            if (perm.permission.name == 'datasource_access' and
+                perm.view_menu and dashboard_name in perm.view_menu.name):
+                appbuilder.sm.add_permission_role(public_role, perm)
 
 
 class CoreTests(CaravelTestCase):
@@ -195,9 +185,9 @@ class CoreTests(CaravelTestCase):
         data = resp.data.decode('utf-8')
         assert '<a href="/caravel/dashboard/births/">' not in data
 
-        resp = self.client.get('/caravel/dashboard/births/')
+        resp = self.client.get('/caravel/explore/table/3/', follow_redirects=True)
         data = resp.data.decode('utf-8')
-        assert '[dashboard] Births' not in data
+        assert "You don&#39;t seem to have access to this datasource" in data
 
         self.setup_public_access_for_dashboard('birth_names')