Skip to content

Commit

Permalink
Add PUBLIC_ROLE_LIKE_GAMMA config flag (#473)
Browse files Browse the repository at this point in the history
  • Loading branch information
asydorchuk authored and mistercrunch committed May 17, 2016
1 parent 2620aec commit 8a406b1
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 32 deletions.
9 changes: 9 additions & 0 deletions caravel/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,15 @@
# { 'name': 'AOL', 'url': 'http://openid.aol.com/<username>' },
# { 'name': 'Flickr', 'url': 'http://www.flickr.com/<username>' },
# { 'name': 'MyOpenID', 'url': 'https://www.myopenid.com' }]

# ---------------------------------------------------
# Roles config
# ---------------------------------------------------
# Grant public role the same set of permissions as for the GAMMA role.
# This is useful if one wants to enable anonymous users to view
# dashboards. Explicit grant on specific datasets is still required.
PUBLIC_ROLE_LIKE_GAMMA = False

# ---------------------------------------------------
# Babel config for translations
# ---------------------------------------------------
Expand Down
37 changes: 21 additions & 16 deletions caravel/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ def init(caravel):
sm = caravel.appbuilder.sm
alpha = sm.add_role("Alpha")
admin = sm.add_role("Admin")
config = caravel.app.config

merge_perm(sm, 'all_datasource_access', 'all_datasource_access')

Expand All @@ -167,24 +168,28 @@ def init(caravel):
sm.add_permission_role(alpha, perm)
sm.add_permission_role(admin, perm)
gamma = sm.add_role("Gamma")
public_role = sm.find_role("Public")
public_role_like_gamma = \
public_role and config.get('PUBLIC_ROLE_LIKE_GAMMA', False)
for perm in perms:
if(
perm.view_menu and perm.view_menu.name not in (
'ResetPasswordView',
'RoleModelView',
'UserDBModelView',
'Security') and
perm.permission.name not in (
'all_datasource_access',
'can_add',
'can_download',
'can_delete',
'can_edit',
'can_save',
'datasource_access',
'muldelete',
)):
if (perm.view_menu and perm.view_menu.name not in (
'ResetPasswordView',
'RoleModelView',
'UserDBModelView',
'Security') and
perm.permission.name not in (
'all_datasource_access',
'can_add',
'can_download',
'can_delete',
'can_edit',
'can_save',
'datasource_access',
'muldelete',
)):
sm.add_permission_role(gamma, perm)
if public_role_like_gamma:
sm.add_permission_role(public_role, perm)
session = db.session()
table_perms = [
table.perm for table in session.query(models.SqlaTable).all()]
Expand Down
22 changes: 6 additions & 16 deletions tests/core_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
app.config['CSRF_ENABLED'] = False
app.config['SECRET_KEY'] = 'thisismyscretkey'
app.config['WTF_CSRF_ENABLED'] = False
app.config['PUBLIC_ROLE_LIKE_GAMMA'] = True
BASE_DIR = app.config.get("BASE_DIR")
cli = imp.load_source('cli', BASE_DIR + "/bin/caravel")

Expand Down Expand Up @@ -68,20 +69,9 @@ def setup_public_access_for_dashboard(self, dashboard_name):
public_role = appbuilder.sm.find_role('Public')
perms = db.session.query(ab_models.PermissionView).all()
for perm in perms:
if perm.permission.name not in (
'can_list',
'can_dashboard',
'can_explore',
'datasource_access'):
continue
if not perm.view_menu:
continue
if perm.view_menu.name not in (
'SliceModelView',
'DashboardModelView',
'Caravel') and dashboard_name not in perm.view_menu.name:
continue
appbuilder.sm.add_permission_role(public_role, perm)
if (perm.permission.name == 'datasource_access' and
perm.view_menu and dashboard_name in perm.view_menu.name):
appbuilder.sm.add_permission_role(public_role, perm)


class CoreTests(CaravelTestCase):
Expand Down Expand Up @@ -195,9 +185,9 @@ def test_public_user_dashboard_access(self):
data = resp.data.decode('utf-8')
assert '<a href="/caravel/dashboard/births/">' not in data

resp = self.client.get('/caravel/dashboard/births/')
resp = self.client.get('/caravel/explore/table/3/', follow_redirects=True)
data = resp.data.decode('utf-8')
assert '[dashboard] Births' not in data
assert "You don&#39;t seem to have access to this datasource" in data

self.setup_public_access_for_dashboard('birth_names')

Expand Down

0 comments on commit 8a406b1

Please sign in to comment.