(superset) branch master updated: fix(roles): Add SqlLabPermalinkRestApi as default sqlab roles. (#32284)

[rusackas]

This is an automated email from the ASF dual-hosted git repository.

rusackas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 2c37ddb2f6 fix(roles): Add SqlLabPermalinkRestApi as default sqlab 
roles. (#32284)
2c37ddb2f6 is described below

commit 2c37ddb2f63d216665c8d81232500986281ccfc0
Author: Levis Mbote <111055098+levisng...@users.noreply.github.com>
AuthorDate: Sat Feb 22 01:42:35 2025 +0300

    fix(roles): Add SqlLabPermalinkRestApi as default sqlab roles. (#32284)
---
 superset/security/manager.py                       |  2 ++
 tests/integration_tests/security_tests.py          |  2 ++
 .../sql_lab/permalink/api_tests.py                 | 22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+)

diff --git a/superset/security/manager.py b/superset/security/manager.py
index 33cbc814d4..450265ccb9 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -330,6 +330,8 @@ class SupersetSecurityManager(  # pylint: 
disable=too-many-public-methods
         ("menu_access", "SQL Editor"),
         ("menu_access", "Saved Queries"),
         ("menu_access", "Query Search"),
+        ("can_read", "SqlLabPermalinkRestApi"),
+        ("can_write", "SqlLabPermalinkRestApi"),
     }
 
     SQLLAB_EXTRA_PERMISSION_VIEWS = {
diff --git a/tests/integration_tests/security_tests.py 
b/tests/integration_tests/security_tests.py
index f148f9418e..a89bb47af7 100644
--- a/tests/integration_tests/security_tests.py
+++ b/tests/integration_tests/security_tests.py
@@ -1488,6 +1488,8 @@ class TestRolePermission(SupersetTestCase):
             ("menu_access", "Saved Queries"),
             ("menu_access", "SQL Editor"),
             ("menu_access", "SQL Lab"),
+            ("can_read", "SqlLabPermalinkRestApi"),
+            ("can_write", "SqlLabPermalinkRestApi"),
         }
 
         self.assert_cannot_alpha(sql_lab_set)
diff --git a/tests/integration_tests/sql_lab/permalink/api_tests.py 
b/tests/integration_tests/sql_lab/permalink/api_tests.py
index 7d515b796f..a67d78989f 100644
--- a/tests/integration_tests/sql_lab/permalink/api_tests.py
+++ b/tests/integration_tests/sql_lab/permalink/api_tests.py
@@ -58,6 +58,28 @@ def permalink_salt(app_context) -> Iterator[str]:
     db.session.commit()
 
 
+def test_sqllab_user_can_access_shared_query(
+    tab_state_data: dict[str, Any], permalink_salt: str, test_client, login_as
+):
+    login_as(GAMMA_SQLLAB_USERNAME)
+
+    resp = test_client.post("api/v1/sqllab/permalink", json=tab_state_data)
+    assert resp.status_code == 201, "Failed to create permalink"
+
+    data = resp.json
+    key = data["key"]
+
+    resp = test_client.get(f"api/v1/sqllab/permalink/{key}")
+    assert resp.status_code == 200, "SQL Lab user access expected"
+
+    result = json.loads(resp.data.decode("utf-8"))
+    assert result == tab_state_data, "Query data mismatch"
+
+    id_ = decode_permalink_id(key, permalink_salt)
+    db.session.query(KeyValueEntry).filter_by(id=id_).delete()
+    db.session.commit()
+
+
 def test_post(
     tab_state_data: dict[str, Any], permalink_salt: str, test_client, login_as
 ):