(superset) 01/01: chore: unit tests for catalog_access`

[beto]

This is an automated email from the ASF dual-hosted git repository.

beto pushed a commit to branch tests-for-catalog-access
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 123126624671944131eb2032f3da915674ba6ce9
Author: Beto Dealmeida <robe...@dealmeida.net>
AuthorDate: Thu May 9 11:05:50 2024 -0400

    chore: unit tests for catalog_access`
---
 tests/unit_tests/security/manager_test.py | 48 +++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/tests/unit_tests/security/manager_test.py 
b/tests/unit_tests/security/manager_test.py
index 0334462908..cf7587b11b 100644
--- a/tests/unit_tests/security/manager_test.py
+++ b/tests/unit_tests/security/manager_test.py
@@ -561,3 +561,51 @@ def test_get_schema_perm() -> None:
     )
     assert sm.get_schema_perm("my_db", None, None) is None
     assert sm.get_schema_perm("my_db", "my_catalog", None) is None
+
+
+def test_raise_for_access_catalog(
+    mocker: MockFixture,
+    app_context: None,
+) -> None:
+    """
+    Test catalog-level permissions.
+    """
+    sm = SupersetSecurityManager(appbuilder)
+    mocker.patch.object(sm, "can_access_database", return_value=False)
+    mocker.patch.object(
+        sm,
+        "get_catalog_perm",
+        return_value="[PostgreSQL].[db1].[public]",
+    )
+    mocker.patch.object(sm, "is_guest_user", return_value=False)
+    SqlaTable = mocker.patch("superset.connectors.sqla.models.SqlaTable")
+    SqlaTable.query_datasources_by_name.return_value = []
+
+    database = mocker.MagicMock()
+    database.get_default_catalog.return_value = "db1"
+    database.get_default_schema_for_query.return_value = "public"
+    query = mocker.MagicMock()
+    query.database = database
+    query.sql = "SELECT * FROM ab_user"
+
+    can_access = mocker.patch.object(sm, "can_access", return_value=True)
+    sm.raise_for_access(query=query)
+    can_access.assert_called_with("catalog_access", 
"[PostgreSQL].[db1].[public]")
+
+    mocker.patch.object(sm, "can_access", return_value=False)
+    with pytest.raises(SupersetSecurityException) as excinfo:
+        sm.raise_for_access(query=query)
+    assert (
+        str(excinfo.value)
+        == """You need access to the following tables: `db1.public.ab_user`,
+            `all_database_access` or `all_datasource_access` permission"""
+    )
+
+    query.sql = "SELECT * FROM db2.public.ab_user"
+    with pytest.raises(SupersetSecurityException) as excinfo:
+        sm.raise_for_access(query=query)
+    assert (
+        str(excinfo.value)
+        == """You need access to the following tables: `db2.public.ab_user`,
+            `all_database_access` or `all_datasource_access` permission"""
+    )