jprdonnelly/redash
1
0
Fork 0
mirror of https://github.com/getredash/redash.git synced 2025-12-19 17:37:19 -05:00
Code Issues Projects Releases Wiki Activity

Fix #1109: mixed group permissions resulting in wrong permission

Browse Source
This commit is contained in:
Arik Fraimovich
2016-06-09 19:59:26 +03:00
parent 7159f0beb0
commit 0c7f0c25a8
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
redash/permissions.py
View File

@@ -17,7 +17,8 @@ def has_access(object_groups, user, need_view_only):
return False
required_level = 1 if need_view_only else 2
group_level = 1 if any(flatten([object_groups[group] for group in matching_groups])) else 2
group_level = 1 if all(flatten([object_groups[group] for group in matching_groups])) else 2
return required_level <= group_level

8
tests/test_permissions.py
View File

@@ -24,6 +24,14 @@ class TestHasAccess(TestCase):
self.assertTrue(has_access({1: not view_only}, user, not view_only))
def test_allows_if_user_member_in_multiple_groups(self):
user = MockUser([], [1, 2, 3])
self.assertTrue(has_access({1: not view_only, 2: view_only}, user, not view_only))
self.assertFalse(has_access({1: view_only, 2: view_only}, user, not view_only))
self.assertTrue(has_access({1: view_only, 2: view_only}, user, view_only))
self.assertTrue(has_access({1: not view_only, 2: not view_only}, user, view_only))
def test_not_allows_if_not_enough_permission(self):
user = MockUser([], [1])