valitydev/redash
14
0
Fork 0
mirror of https://github.com/valitydev/redash.git synced 2024-11-07 09:28:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
09ccec59f5
redash/tests/test_permissions.py
Arik Fraimovich f7b57fa580 Feature: new permissions system 
This is one huge change for the permissions system and related:

* (Backward incompatible:) Remove the table based permissions in favour of the new model.
* Manage permission to view or query datasources based on groups.
* Add the concept of Organization. It's irrelevant for most deployments, but allows for
  multi-tenant support in re:dash.
* Replace ActivityLog with Event based rows (old data in activity_log table is retained).
* Enforce permissions on the server-side. There were some permissions that were only enforced
  on the client side. This is no more. All permissions are enforced by the server.
* Added new permission: 'super-admin' to access the status and Flask-Admin interface.
* Make sure that html is never cached by the browser - this is to make sure that the browser
  will always ask for the new Javascript/CSS resources (if such are available).
2015-12-31 10:43:33 +02:00

34 lines
1.2 KiB
Python
Raw Blame History

from collections import namedtuple
from unittest import TestCase
from redash.permissions import has_access
MockUser = namedtuple('MockUser', ['permissions', 'groups'])
view_only = True
class TestHasAccess(TestCase):
def test_allows_admin_regardless_of_groups(self):
user = MockUser(['admin'], [])
self.assertTrue(has_access({}, user, view_only))
self.assertTrue(has_access({}, user, not view_only))
def test_allows_if_user_member_in_group_with_view_access(self):
user = MockUser([], [1])
self.assertTrue(has_access({1: view_only}, user, view_only))
def test_allows_if_user_member_in_group_with_full_access(self):
user = MockUser([], [1])
self.assertTrue(has_access({1: not view_only}, user, not view_only))
def test_not_allows_if_not_enough_permission(self):
user = MockUser([], [1])
self.assertFalse(has_access({1: view_only}, user, not view_only))
self.assertFalse(has_access({2: view_only}, user, not view_only))
self.assertFalse(has_access({2: view_only}, user, view_only))
self.assertFalse(has_access({2: not view_only, 1: view_only}, user, not view_only))
Reference in New Issue View Git Blame Copy Permalink