Fix tests

2024-11-06 17:15:17 +00:00 · 2016-10-26 11:47:40 +03:00 · 2016-10-26 11:47:40 +03:00 · df17759ab4
commit df17759ab4
parent 028393b229
6 changed files with 16 additions and 13 deletions
--- a/redash/handlers/dashboards.py
+++ b/redash/handlers/dashboards.py
@ -6,7 +6,7 @@ from itertools import chain

 from redash import models
 from redash.models import ConflictDetectedError
-from redash.permissions import require_permission, require_admin_or_owner, require_object_modify_permission, ACCESS_TYPE_MODIFY
+from redash.permissions import require_permission, require_admin_or_owner, require_object_modify_permission, can_modify
 from redash.handlers.base import BaseResource, get_object_or_404


@ -53,7 +53,7 @@ class DashboardResource(BaseResource):
            response['public_url'] = url_for('redash.public_dashboard', token=api_key.api_key, org_slug=self.current_org.slug, _external=True)
            response['api_key'] = api_key.api_key

-        response['can_edit'] = models.AccessPermission.exists(dashboard, ACCESS_TYPE_MODIFY, self.current_user)
+        response['can_edit'] = can_modify(dashboard, self.current_user)

        return response

--- a/redash/handlers/queries.py
+++ b/redash/handlers/queries.py
@ -9,8 +9,8 @@ from itertools import chain
 from redash.handlers.base import routes, org_scoped_rule, paginate
 from redash.handlers.query_results import run_query
 from redash import models
-from redash.permissions import require_permission, require_access, require_admin_or_owner, not_view_only, view_only, is_admin_or_owner, \
-    require_object_modify_permission, ACCESS_TYPE_MODIFY
+from redash.permissions import require_permission, require_access, require_admin_or_owner, not_view_only, view_only, \
+    require_object_modify_permission, can_modify
 from redash.handlers.base import BaseResource, get_object_or_404
 from redash.utils import collect_parameters_from_request

@ -129,7 +129,7 @@ class QueryResource(BaseResource):
        require_access(q.groups, self.current_user, view_only)

        result = q.to_dict(with_visualizations=True)
-        result['can_edit'] = models.AccessPermission.exists(q, ACCESS_TYPE_MODIFY, self.current_user)
+        result['can_edit'] = can_modify(q, self.current_user)
        return result

    # TODO: move to resource of its own? (POST /queries/{id}/archive)
--- a/redash/models.py
+++ b/redash/models.py
@ -876,6 +876,10 @@ class AccessPermission(BaseModel):

    @classmethod
    def exists(cls, obj, access_type, grantee):
+        # TODO: this will wrongly return False for a user ApiUser who has permission to edit the query...
+        if isinstance(grantee, ApiUser):
+            return False
+
        return cls.find(obj, access_type, grantee).count() > 0

    @classmethod
--- a/tests/handlers/test_dashboards.py
+++ b/tests/handlers/test_dashboards.py
@ -87,9 +87,7 @@ class TestDashboardResourcePost(BaseTestCase):
                               data={'name': new_name, 'layout': '[]', 'version': d.version}, user=user)
        self.assertEqual(rv.status_code, 403)

-        AccessPermission.grant_permission(object_type='Dashboard',
-                                          object_id=d.id, access_type=ACCESS_TYPE_MODIFY,
-                                          grantee=user, grantor=d.user)
+        AccessPermission.grant(obj=d, access_type=ACCESS_TYPE_MODIFY, grantee=user, grantor=d.user)

        rv = self.make_request('post', '/api/dashboards/{0}'.format(d.id),
                               data={'name': new_name, 'layout': '[]', 'version': d.version}, user=user)
--- a/tests/handlers/test_queries.py
+++ b/tests/handlers/test_queries.py
@ -3,6 +3,7 @@ from redash import models

 from redash.permissions import ACCESS_TYPE_MODIFY

+
 class TestQueryResourceGet(BaseTestCase):
    def test_get_query(self):
        query = self.factory.create_query()
@ -10,7 +11,9 @@ class TestQueryResourceGet(BaseTestCase):
        rv = self.make_request('get', '/api/queries/{0}'.format(query.id))

        self.assertEquals(rv.status_code, 200)
-        self.assertResponseEqual(rv.json, query.to_dict(with_visualizations=True))
+        expected = query.to_dict(with_visualizations=True)
+        expected['can_edit'] = True
+        self.assertResponseEqual(expected, rv.json)

    def test_get_all_queries(self):
        queries = [self.factory.create_query() for _ in range(10)]
@ -79,9 +82,7 @@ class TestQueryResourcePost(BaseTestCase):
        rv = self.make_request('post', '/api/queries/{0}'.format(query.id), data={'name': 'Testing'}, user=user)
        self.assertEqual(rv.status_code, 403)

-        models.AccessPermission.grant_permission(object_type='Query',
-                                          object_id=query.id, access_type=ACCESS_TYPE_MODIFY,
-                                          grantee=user, grantor=query.user)
+        models.AccessPermission.grant(obj=query, access_type=ACCESS_TYPE_MODIFY, grantee=user, grantor=query.user)

        rv = self.make_request('post', '/api/queries/{0}'.format(query.id), data={'name': 'Testing'}, user=user)
        self.assertEqual(rv.status_code, 200)
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@ -96,7 +96,7 @@ class TestHMACAuthentication(BaseTestCase):

    def test_no_query_id(self):
        with app.test_client() as c:
-            rv = c.get('/api/queries', query_string={'api_key': self.api_key})
+            rv = c.get('/{}/api/queries'.format(self.query.org.slug), query_string={'api_key': self.api_key})
            self.assertIsNone(hmac_load_user_from_request(request))

    def test_user_api_key(self):