Programatically sync the role with user list. (#1619)

apache · Nov 21, 2016 · c90dd49 · c90dd49
1 parent 868e5c4
commit c90dd49
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 0 deletions.
diff --git a/superset/security.py b/superset/security.py
@@ -36,6 +36,7 @@
     'can_sync_druid_source',
     'can_override_role_permissions',
     'can_approve',
+    'can_update_role',
 }
 READ_ONLY_PERMISSION = {
     'can_show',

diff --git a/superset/views.py b/superset/views.py
@@ -1108,6 +1108,22 @@ def msg(self):
 
 class Superset(BaseSupersetView):
     """The base views for Superset!"""
+    @has_access_api
+    @expose("/update_role/", methods=['POST'])
+    def update_role(self):
+        """Assigns a list of found users to the given role."""
+        data = request.get_json(force=True)
+        user_emails = data['user_emails']
+        role_name = data['role_name']
+        role = sm.find_role(role_name)
+        role.user = []
+        for user_email in user_emails:
+            user = sm.find_user(email=user_email)
+            if user:
+                role.user.append(user)
+        db.session.commit()
+        return Response(status=201)
+
     @has_access_api
     @expose("/override_role_permissions/", methods=['POST'])
     def override_role_permissions(self):

diff --git a/tests/access_tests.py b/tests/access_tests.py
@@ -348,6 +348,54 @@ def test_request_access(self):
         gamma_user.roles.remove(sm.find_role('dummy_role'))
         session.commit()
 
+    def test_update_role_do_not_exist(self):
+        update_role_str = 'update_me'
+        update_role = sm.find_role(update_role_str)
+        if update_role:
+            db.session.delete(update_role)
+        db.session.commit()
+        with self.assertRaises(AttributeError):
+            self.get_resp(
+                '/superset/update_role/',
+                data=json.dumps({
+                    'user_emails': ['gamma@fab.org'],
+                    'role_name': update_role_str,
+                })
+            )
+
+    def test_update_role(self):
+        update_role_str = 'update_me'
+        sm.add_role(update_role_str)
+        db.session.commit()
+        resp = self.client.post(
+            '/superset/update_role/',
+            data=json.dumps({
+                'user_emails': ['gamma@fab.org'],
+                'role_name': update_role_str
+            }),
+            follow_redirects=True
+        )
+        update_role = sm.find_role(update_role_str)
+        self.assertEquals(
+            update_role.user, [sm.find_user(email='gamma@fab.org')])
+        self.assertEquals(resp.status_code, 201)
+
+        resp = self.client.post(
+            '/superset/update_role/',
+            data=json.dumps({
+                'user_emails': ['alpha@fab.org', 'unknown@fab.org'],
+                'role_name': update_role_str
+            }),
+            follow_redirects=True
+        )
+        self.assertEquals(resp.status_code, 201)
+        update_role = sm.find_role(update_role_str)
+        self.assertEquals(
+            update_role.user, [sm.find_user(email='alpha@fab.org')])
+
+        db.session.delete(update_role)
+        db.session.commit()
+
 
 if __name__ == '__main__':
     unittest.main()