mirror of https://github.com/apache/superset.git
Make edit / add / delete perms available to all users. (#1722)
* Make edit / add / delete perms available to all users. * Add tests and restrict from editing the datasources.
This commit is contained in:
parent
32fc0ff6d0
commit
e822d5a1b7
|
@ -15,6 +15,19 @@ READ_ONLY_MODELVIEWS = {
|
|||
'DatabaseView',
|
||||
'DruidClusterModelView',
|
||||
}
|
||||
|
||||
GAMMA_READ_ONLY_MODELVIEWS = {
|
||||
'ColumnInlineView',
|
||||
'SqlMetricInlineView',
|
||||
'TableColumnInlineView',
|
||||
'TableModelView',
|
||||
'DatasourceModelView',
|
||||
'DruidColumnInlineView',
|
||||
'MetricInlineView',
|
||||
'DruidDatasourceModelView',
|
||||
'DruidMetricInlineView',
|
||||
} | READ_ONLY_MODELVIEWS
|
||||
|
||||
ADMIN_ONLY_VIEW_MENUES = {
|
||||
'AccessRequestsModelView',
|
||||
'Manage',
|
||||
|
@ -45,11 +58,6 @@ READ_ONLY_PERMISSION = {
|
|||
}
|
||||
|
||||
ALPHA_ONLY_PERMISSIONS = set([
|
||||
'can_add',
|
||||
'can_download',
|
||||
'can_delete',
|
||||
'can_edit',
|
||||
'can_save',
|
||||
'datasource_access',
|
||||
'schema_access',
|
||||
'database_access',
|
||||
|
@ -59,6 +67,10 @@ ALPHA_ONLY_PERMISSIONS = set([
|
|||
READ_ONLY_PRODUCT = set(
|
||||
product(READ_ONLY_PERMISSION, READ_ONLY_MODELVIEWS))
|
||||
|
||||
GAMMA_READ_ONLY_PRODUCT = set(
|
||||
product(READ_ONLY_PERMISSION, GAMMA_READ_ONLY_MODELVIEWS))
|
||||
|
||||
|
||||
OBJECT_SPEC_PERMISSIONS = set([
|
||||
'database_access',
|
||||
'schema_access',
|
||||
|
@ -147,10 +159,12 @@ def sync_role_definitions():
|
|||
if (
|
||||
(
|
||||
p.view_menu.name not in ADMIN_ONLY_VIEW_MENUES and
|
||||
p.view_menu.name not in GAMMA_READ_ONLY_MODELVIEWS and
|
||||
p.permission.name not in ADMIN_ONLY_PERMISSIONS and
|
||||
p.permission.name not in ALPHA_ONLY_PERMISSIONS
|
||||
) or
|
||||
(p.permission.name, p.view_menu.name) in READ_ONLY_PRODUCT
|
||||
(p.permission.name, p.view_menu.name) in
|
||||
GAMMA_READ_ONLY_PRODUCT
|
||||
):
|
||||
sm.add_permission_role(gamma, p)
|
||||
if PUBLIC_ROLE_LIKE_GAMMA:
|
||||
|
|
|
@ -25,10 +25,10 @@ class SupersetTestCase(unittest.TestCase):
|
|||
|
||||
def __init__(self, *args, **kwargs):
|
||||
if (
|
||||
self.requires_examples and
|
||||
not os.environ.get('SOLO_TEST') and
|
||||
not os.environ.get('examples_loaded')
|
||||
):
|
||||
self.requires_examples and
|
||||
not os.environ.get('SOLO_TEST') and
|
||||
not os.environ.get('examples_loaded')
|
||||
):
|
||||
logging.info("Loading examples")
|
||||
cli.load_examples(load_test_data=True)
|
||||
logging.info("Done loading examples")
|
||||
|
@ -95,7 +95,6 @@ class SupersetTestCase(unittest.TestCase):
|
|||
session.add(druid_datasource2)
|
||||
session.commit()
|
||||
|
||||
|
||||
def get_or_create(self, cls, criteria, session):
|
||||
obj = session.query(cls).filter_by(**criteria).first()
|
||||
if not obj:
|
||||
|
@ -118,8 +117,8 @@ class SupersetTestCase(unittest.TestCase):
|
|||
session = db.create_scoped_session()
|
||||
query = (
|
||||
session.query(models.Query)
|
||||
.order_by(models.Query.id.desc())
|
||||
.first()
|
||||
.order_by(models.Query.id.desc())
|
||||
.first()
|
||||
)
|
||||
session.close()
|
||||
return query
|
||||
|
@ -127,8 +126,8 @@ class SupersetTestCase(unittest.TestCase):
|
|||
def get_slice(self, slice_name, session):
|
||||
slc = (
|
||||
session.query(models.Slice)
|
||||
.filter_by(slice_name=slice_name)
|
||||
.one()
|
||||
.filter_by(slice_name=slice_name)
|
||||
.one()
|
||||
)
|
||||
session.expunge_all()
|
||||
return slc
|
||||
|
@ -159,21 +158,21 @@ class SupersetTestCase(unittest.TestCase):
|
|||
def get_main_database(self, session):
|
||||
return (
|
||||
db.session.query(models.Database)
|
||||
.filter_by(database_name='main')
|
||||
.first()
|
||||
.filter_by(database_name='main')
|
||||
.first()
|
||||
)
|
||||
|
||||
def get_access_requests(self, username, ds_type, ds_id):
|
||||
DAR = models.DatasourceAccessRequest
|
||||
return (
|
||||
db.session.query(DAR)
|
||||
DAR = models.DatasourceAccessRequest
|
||||
return (
|
||||
db.session.query(DAR)
|
||||
.filter(
|
||||
DAR.created_by == sm.find_user(username=username),
|
||||
DAR.datasource_type == ds_type,
|
||||
DAR.datasource_id == ds_id,
|
||||
DAR.created_by == sm.find_user(username=username),
|
||||
DAR.datasource_type == ds_type,
|
||||
DAR.datasource_id == ds_id,
|
||||
)
|
||||
.first()
|
||||
)
|
||||
)
|
||||
|
||||
def logout(self):
|
||||
self.client.get('/logout/', follow_redirects=True)
|
||||
|
@ -205,3 +204,56 @@ class SupersetTestCase(unittest.TestCase):
|
|||
client_id=client_id),
|
||||
)
|
||||
return resp
|
||||
|
||||
def test_gamma_permissions(self):
|
||||
def assert_can_read(view_menu):
|
||||
self.assertIn(('can_show', view_menu), gamma_perm_set)
|
||||
self.assertIn(('can_list', view_menu), gamma_perm_set)
|
||||
|
||||
def assert_can_write(view_menu):
|
||||
self.assertIn(('can_add', view_menu), gamma_perm_set)
|
||||
self.assertIn(('can_download', view_menu), gamma_perm_set)
|
||||
self.assertIn(('can_delete', view_menu), gamma_perm_set)
|
||||
self.assertIn(('can_edit', view_menu), gamma_perm_set)
|
||||
|
||||
def assert_cannot_write(view_menu):
|
||||
self.assertNotIn(('can_add', view_menu), gamma_perm_set)
|
||||
self.assertNotIn(('can_download', view_menu), gamma_perm_set)
|
||||
self.assertNotIn(('can_delete', view_menu), gamma_perm_set)
|
||||
self.assertNotIn(('can_edit', view_menu), gamma_perm_set)
|
||||
self.assertNotIn(('can_save', view_menu), gamma_perm_set)
|
||||
|
||||
def assert_can_all(view_menu):
|
||||
assert_can_read(view_menu)
|
||||
assert_can_write(view_menu)
|
||||
|
||||
gamma_perm_set = set()
|
||||
for perm in sm.find_role('Gamma').permissions:
|
||||
gamma_perm_set.add((perm.permission.name, perm.view_menu.name))
|
||||
|
||||
# check read only perms
|
||||
assert_can_read('TableModelView')
|
||||
assert_cannot_write('DruidColumnInlineView')
|
||||
|
||||
# make sure that user can create slices and dashboards
|
||||
assert_can_all('SliceModelView')
|
||||
assert_can_all('DashboardModelView')
|
||||
|
||||
self.assertIn(('can_add_slices', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_copy_dash', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_activity_per_day', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_created_dashboards', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_created_slices', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_csv', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_dashboard', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_explore', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_explore_json', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_fave_dashboards', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_fave_slices', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_save_dash', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_slice', 'Superset'), gamma_perm_set)
|
||||
self.assertIn(('can_update_explore', 'Superset'), gamma_perm_set)
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue