This is an automated email from the ASF dual-hosted git repository.
dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new c39cf36d27 fix: css template permissions for gamma role (#23083)
c39cf36d27 is described below
commit c39cf36d2718133a57bbd37f54832d6cecfda414
Author: Daniel Vaz Gaspar <[email protected]>
AuthorDate: Wed Feb 15 15:26:02 2023 +0000
fix: css template permissions for gamma role (#23083)
---
superset/security/manager.py | 1 +
tests/integration_tests/security_tests.py | 16 +++++++++++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/superset/security/manager.py b/superset/security/manager.py
index b1be13b782..4e174c420d 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -164,6 +164,7 @@ class SupersetSecurityManager( # pylint:
disable=too-many-public-methods
GAMMA_READ_ONLY_MODEL_VIEWS = {
"Dataset",
"Datasource",
+ "CssTemplate",
} | READ_ONLY_MODEL_VIEWS
ADMIN_ONLY_VIEW_MENUS = {
diff --git a/tests/integration_tests/security_tests.py
b/tests/integration_tests/security_tests.py
index 58bfb36d69..6ee6bc6524 100644
--- a/tests/integration_tests/security_tests.py
+++ b/tests/integration_tests/security_tests.py
@@ -1328,13 +1328,26 @@ class TestRolePermission(SupersetTestCase):
def assert_can_menu(self, view_menu, permissions_set):
self.assertIn(("menu_access", view_menu), permissions_set)
+ def assert_cannot_menu(self, view_menu, permissions_set):
+ self.assertNotIn(("menu_access", view_menu), permissions_set)
+
+ def assert_cannot_gamma(self, perm_set):
+ self.assert_cannot_write("CssTemplate", perm_set)
+ self.assert_cannot_menu("CSS Templates", perm_set)
+ self.assert_cannot_menu("Manage", perm_set)
+ self.assert_cannot_menu("Queries", perm_set)
+ self.assert_cannot_menu("Import dashboards", perm_set)
+ self.assert_cannot_menu("Upload a CSV", perm_set)
+ self.assert_cannot_menu("ReportSchedule", perm_set)
+ self.assert_cannot_menu("Alerts & Report", perm_set)
+
def assert_can_gamma(self, perm_set):
+ self.assert_can_read("CssTemplate", perm_set)
self.assert_can_read("Dataset", perm_set)
# make sure that user can create slices and dashboards
self.assert_can_all("Dashboard", perm_set)
self.assert_can_all("Chart", perm_set)
-
self.assertIn(("can_add_slices", "Superset"), perm_set)
self.assertIn(("can_copy_dash", "Superset"), perm_set)
self.assertIn(("can_created_dashboards", "Superset"), perm_set)
@@ -1477,6 +1490,7 @@ class TestRolePermission(SupersetTestCase):
def test_gamma_permissions_basic(self):
self.assert_can_gamma(get_perm_tuples("Gamma"))
self.assert_cannot_alpha(get_perm_tuples("Gamma"))
+ self.assert_cannot_gamma(get_perm_tuples("Gamma"))
@pytest.mark.usefixtures("public_role_like_gamma")
def test_public_permissions_basic(self):
