From 8a406b18f5cce1b4a941e05bd53e98ed3fddb28a Mon Sep 17 00:00:00 2001 From: Andrii Sydorchuk Date: Tue, 17 May 2016 00:24:43 -0400 Subject: [PATCH] Add PUBLIC_ROLE_LIKE_GAMMA config flag (#473) --- caravel/config.py | 9 +++++++++ caravel/utils.py | 37 +++++++++++++++++++++---------------- tests/core_tests.py | 22 ++++++---------------- 3 files changed, 36 insertions(+), 32 deletions(-) diff --git a/caravel/config.py b/caravel/config.py index 99b3fb1940736..e20c4ef976862 100644 --- a/caravel/config.py +++ b/caravel/config.py @@ -93,6 +93,15 @@ # { 'name': 'AOL', 'url': 'http://openid.aol.com/' }, # { 'name': 'Flickr', 'url': 'http://www.flickr.com/' }, # { 'name': 'MyOpenID', 'url': 'https://www.myopenid.com' }] + +# --------------------------------------------------- +# Roles config +# --------------------------------------------------- +# Grant public role the same set of permissions as for the GAMMA role. +# This is useful if one wants to enable anonymous users to view +# dashboards. Explicit grant on specific datasets is still required. +PUBLIC_ROLE_LIKE_GAMMA = False + # --------------------------------------------------- # Babel config for translations # --------------------------------------------------- diff --git a/caravel/utils.py b/caravel/utils.py index b473a9f9f0021..7e3d4c079f500 100644 --- a/caravel/utils.py +++ b/caravel/utils.py @@ -154,6 +154,7 @@ def init(caravel): sm = caravel.appbuilder.sm alpha = sm.add_role("Alpha") admin = sm.add_role("Admin") + config = caravel.app.config merge_perm(sm, 'all_datasource_access', 'all_datasource_access') @@ -167,24 +168,28 @@ def init(caravel): sm.add_permission_role(alpha, perm) sm.add_permission_role(admin, perm) gamma = sm.add_role("Gamma") + public_role = sm.find_role("Public") + public_role_like_gamma = \ + public_role and config.get('PUBLIC_ROLE_LIKE_GAMMA', False) for perm in perms: - if( - perm.view_menu and perm.view_menu.name not in ( - 'ResetPasswordView', - 'RoleModelView', - 'UserDBModelView', - 'Security') and - perm.permission.name not in ( - 'all_datasource_access', - 'can_add', - 'can_download', - 'can_delete', - 'can_edit', - 'can_save', - 'datasource_access', - 'muldelete', - )): + if (perm.view_menu and perm.view_menu.name not in ( + 'ResetPasswordView', + 'RoleModelView', + 'UserDBModelView', + 'Security') and + perm.permission.name not in ( + 'all_datasource_access', + 'can_add', + 'can_download', + 'can_delete', + 'can_edit', + 'can_save', + 'datasource_access', + 'muldelete', + )): sm.add_permission_role(gamma, perm) + if public_role_like_gamma: + sm.add_permission_role(public_role, perm) session = db.session() table_perms = [ table.perm for table in session.query(models.SqlaTable).all()] diff --git a/tests/core_tests.py b/tests/core_tests.py index 362bd56cbbd93..3b66dc3209ba7 100644 --- a/tests/core_tests.py +++ b/tests/core_tests.py @@ -24,6 +24,7 @@ app.config['CSRF_ENABLED'] = False app.config['SECRET_KEY'] = 'thisismyscretkey' app.config['WTF_CSRF_ENABLED'] = False +app.config['PUBLIC_ROLE_LIKE_GAMMA'] = True BASE_DIR = app.config.get("BASE_DIR") cli = imp.load_source('cli', BASE_DIR + "/bin/caravel") @@ -68,20 +69,9 @@ def setup_public_access_for_dashboard(self, dashboard_name): public_role = appbuilder.sm.find_role('Public') perms = db.session.query(ab_models.PermissionView).all() for perm in perms: - if perm.permission.name not in ( - 'can_list', - 'can_dashboard', - 'can_explore', - 'datasource_access'): - continue - if not perm.view_menu: - continue - if perm.view_menu.name not in ( - 'SliceModelView', - 'DashboardModelView', - 'Caravel') and dashboard_name not in perm.view_menu.name: - continue - appbuilder.sm.add_permission_role(public_role, perm) + if (perm.permission.name == 'datasource_access' and + perm.view_menu and dashboard_name in perm.view_menu.name): + appbuilder.sm.add_permission_role(public_role, perm) class CoreTests(CaravelTestCase): @@ -195,9 +185,9 @@ def test_public_user_dashboard_access(self): data = resp.data.decode('utf-8') assert '' not in data - resp = self.client.get('/caravel/dashboard/births/') + resp = self.client.get('/caravel/explore/table/3/', follow_redirects=True) data = resp.data.decode('utf-8') - assert '[dashboard] Births' not in data + assert "You don't seem to have access to this datasource" in data self.setup_public_access_for_dashboard('birth_names')