From aaf3a71227357f45589fa5fab925105107417d4a Mon Sep 17 00:00:00 2001 From: Ville Brofeldt Date: Tue, 3 Jan 2023 10:54:09 +0000 Subject: [PATCH] move redirect to backend --- superset-frontend/src/SqlLab/App.jsx | 29 +++++++------------ .../views/CRUD/data/query/QueryList.test.tsx | 10 +------ .../src/views/CRUD/data/query/QueryList.tsx | 6 ---- .../data/savedquery/SavedQueryList.test.jsx | 14 ++------- .../CRUD/data/savedquery/SavedQueryList.tsx | 6 ---- superset/views/core.py | 14 +++++++++ tests/integration_tests/sqllab_tests.py | 19 ++++++++++++ 7 files changed, 46 insertions(+), 52 deletions(-) diff --git a/superset-frontend/src/SqlLab/App.jsx b/superset-frontend/src/SqlLab/App.jsx index 7a2052aefdf54..812202eec20f8 100644 --- a/superset-frontend/src/SqlLab/App.jsx +++ b/superset-frontend/src/SqlLab/App.jsx @@ -30,7 +30,6 @@ import { FeatureFlag, } from 'src/featureFlags'; import setupExtensions from 'src/setup/setupExtensions'; -import { canUserAccessSqlLab } from 'src/dashboard/util/permissionUtils'; import getInitialState from './reducers/getInitialState'; import rootReducer from './reducers/index'; import { initEnhancer } from '../reduxUtils'; @@ -55,7 +54,6 @@ const bootstrapData = JSON.parse(appContainer.getAttribute('data-bootstrap')); initFeatureFlags(bootstrapData.common.feature_flags); const initialState = getInitialState(bootstrapData); - const sqlLabPersistStateConfig = { paths: ['sqlLab'], config: { @@ -138,22 +136,15 @@ if (sqlLabMenu) { } } -const Application = () => { - if (!canUserAccessSqlLab(bootstrapData.user)) { - window.location.href = '/'; - return <>; - } - - return ( - - - - - - - - - ); -}; +const Application = () => ( + + + + + + + + +); export default hot(Application); diff --git a/superset-frontend/src/views/CRUD/data/query/QueryList.test.tsx b/superset-frontend/src/views/CRUD/data/query/QueryList.test.tsx index 9143719690cc2..be28d7e2dfa85 100644 --- a/superset-frontend/src/views/CRUD/data/query/QueryList.test.tsx +++ b/superset-frontend/src/views/CRUD/data/query/QueryList.test.tsx @@ -89,15 +89,7 @@ fetchMock.get('glob:*/api/v1/query/disting/status*', { }); describe('QueryList', () => { - const mockedProps = { - user: { - username: 'user', - permissions: [], - roles: { - Admin: [], - }, - }, - }; + const mockedProps = {}; const wrapper = mount( diff --git a/superset-frontend/src/views/CRUD/data/query/QueryList.tsx b/superset-frontend/src/views/CRUD/data/query/QueryList.tsx index 612030f4cc8ce..5f69ec80599d3 100644 --- a/superset-frontend/src/views/CRUD/data/query/QueryList.tsx +++ b/superset-frontend/src/views/CRUD/data/query/QueryList.tsx @@ -49,7 +49,6 @@ import { DATETIME_WITH_TIME_ZONE, TIME_WITH_MS } from 'src/constants'; import { QueryObject, QueryObjectColumns } from 'src/views/CRUD/types'; import Icons from 'src/components/Icons'; -import { canUserAccessSqlLab } from 'src/dashboard/util/permissionUtils'; import { BootstrapUser } from 'src/types/bootstrapTypes'; import QueryPreviewModal from './QueryPreviewModal'; @@ -420,11 +419,6 @@ function QueryList({ addDangerToast, user }: QueryListProps) { [addDangerToast], ); - if (!canUserAccessSqlLab(user)) { - window.location.href = '/'; - return <>; - } - return ( <> diff --git a/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.test.jsx b/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.test.jsx index 89f0d99277287..3acf44faadeff 100644 --- a/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.test.jsx +++ b/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.test.jsx @@ -134,20 +134,10 @@ fetchMock.get(queriesDistinctEndpoint, { // Mock utils module jest.mock('src/views/CRUD/utils'); -const mockedProps = { - user: { - username: 'user', - permissions: [], - roles: { - Admin: [], - }, - }, -}; - describe('SavedQueryList', () => { const wrapper = mount( - + , ); @@ -256,7 +246,7 @@ describe('RTL', () => { const mounted = act(async () => { render( - + , { useRedux: true }, ); diff --git a/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.tsx b/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.tsx index be6a5749c85fb..0e6e3b59170e7 100644 --- a/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.tsx +++ b/superset-frontend/src/views/CRUD/data/savedquery/SavedQueryList.tsx @@ -50,7 +50,6 @@ import copyTextToClipboard from 'src/utils/copy'; import { isFeatureEnabled, FeatureFlag } from 'src/featureFlags'; import ImportModelsModal from 'src/components/ImportModal/index'; import Icons from 'src/components/Icons'; -import { canUserAccessSqlLab } from 'src/dashboard/util/permissionUtils'; import { BootstrapUser } from 'src/types/bootstrapTypes'; import SavedQueryPreviewModal from './SavedQueryPreviewModal'; @@ -473,11 +472,6 @@ function SavedQueryList({ [addDangerToast], ); - if (!canUserAccessSqlLab(user)) { - window.location.href = '/'; - return <>; - } - return ( <> diff --git a/superset/views/core.py b/superset/views/core.py index 534f8f667d707..1fe42fada5ebb 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -2777,6 +2777,13 @@ def _get_sqllab_tabs(user_id: Optional[int]) -> Dict[str, Any]: @expose("/sqllab/", methods=["GET", "POST"]) def sqllab(self) -> FlaskResponse: """SQL Editor""" + if not ( + security_manager.is_admin() + or "sql_lab" in (role.name for role in security_manager.get_user_roles()) + ): + flash(__("You do not have access to SQL Lab"), "danger") + return redirect("/") + payload = { "defaultDbId": config["SQLLAB_DEFAULT_DBID"], "common": common_bootstrap_payload(g.user), @@ -2804,6 +2811,13 @@ def sqllab(self) -> FlaskResponse: @expose("/sqllab/history/", methods=["GET"]) @event_logger.log_this def sqllab_history(self) -> FlaskResponse: + if not ( + security_manager.is_admin() + or "sql_lab" in (role.name for role in security_manager.get_user_roles()) + ): + flash(__("You do not have access to SQL Lab"), "danger") + return redirect("/") + return super().render_app_template() @api diff --git a/tests/integration_tests/sqllab_tests.py b/tests/integration_tests/sqllab_tests.py index b1b0480d56638..ee568d0e0f04d 100644 --- a/tests/integration_tests/sqllab_tests.py +++ b/tests/integration_tests/sqllab_tests.py @@ -257,6 +257,25 @@ def test_sql_json_has_access(self): db.session.commit() self.assertLess(0, len(data["data"])) + def test_sqllab_has_access(self): + self.create_user_with_roles("sqluser", ["Gamma", "sql_lab"]) + + self.login("sqluser") + for endpoint in ("/superset/sqllab/", "/superset/sqllab/history/"): + resp = self.client.get(endpoint) + self.assertEqual(200, resp.status_code) + + user = self.get_user("sqluser") + db.session.delete(user) + db.session.commit() + + def test_sqllab_no_access(self): + self.login("gamma") + for endpoint in ("/superset/sqllab/", "/superset/sqllab/history/"): + resp = self.client.get(endpoint) + # Redirects to the main page + self.assertEqual(302, resp.status_code) + def test_sql_json_schema_access(self): examples_db = get_example_database() db_backend = examples_db.backend