[GitHub] [incubator-superset] amitNielsen commented on a change in pull request #10594: [WIP] - Dashboard access permissions

GitBox Mon, 31 Aug 2020 03:35:38 -0700


amitNielsen commented on a change in pull request #10594:
URL: 
https://github.com/apache/incubator-superset/pull/10594#discussion_r480037922




##########
File path: tests/base_tests.py
##########
@@ -250,6 +250,52 @@ def grant_public_access_to_table(self, table):
             ):
                 security_manager.add_permission_role(public_role, perm)
 
+    @staticmethod
+    def get_dashboards_access_permission_views(dashboard=None, edit_too=False):
+        used_consts = (
+            SecurityConsts.Dashboard if dashboard else 
SecurityConsts.AllDashboard
+        )
+        view_name = dashboard.view_name if dashboard else used_consts.VIEW_NAME
+        pvm_pairs = [(used_consts.ACCESS_PERMISSION_NAME, view_name)]
+        if edit_too and not dashboard:
+            pvm_pairs.append((used_consts.EDIT_PERMISSION_NAME, view_name,))
+        return map(
+            lambda pvm: security_manager.find_permission_view_menu(pvm[0], 
pvm[1]),
+            pvm_pairs,
+        )
+
+    def grant_access_to_all_dashboards(
+        self, is_dashboard_level_access_enabled=True, role_name="Public"
+    ):
+        self.grant_access_to_dashboard(
+            None, is_dashboard_level_access_enabled, role_name
+        )
+
+    def revoke_access_to_all_dashboards(
+        self, is_dashboard_level_access_enabled=True, role_name="Public"
+    ):
+        self.revoke_access_to_dashboard(
+            None, is_dashboard_level_access_enabled, role_name
+        )
+
+    def grant_access_to_dashboard(
+        self, dashboard, is_dashboard_level_access_enabled=True, 
role_name="Public"
+    ):
+        if is_dashboard_level_access_enabled:
+            role = security_manager.find_role(role_name)
+            pvs = self.get_dashboards_access_permission_views(dashboard)
+            for pv in pvs:
+                security_manager.add_permission_role(role, pv)
+
+    def revoke_access_to_dashboard(
+        self, dashboard, is_dashboard_level_access_enabled=True, 
role_name="Public"
+    ):
+        if is_dashboard_level_access_enabled:
+            role = security_manager.find_role(role_name)
+            pvs = self.get_dashboards_access_permission_views(dashboard)
+            for pv in pvs:
+                security_manager.del_permission_role(role, pv)
+

Review comment:
       this should be extracted to different test utils per a 
model(dashboard,chart, permissionsView)
   otherwise base_tests will become huge and overtime not maintainable




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [incubator-superset] amitNielsen commented on a change in pull request #10594: [WIP] - Dashboard access permissions

Reply via email to