fix: database alpha permissions (#12136)
* fix: database alpha permissions
* add test
(cherry picked from commit 2f0add3aec8f168fb8c37c648f0e29e507f39294)
diff --git a/superset/security/manager.py b/superset/security/manager.py
index 46ccbb1..43461f1 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -109,7 +109,7 @@
SecurityManager
):
userstatschartview = None
- READ_ONLY_MODEL_VIEWS = {"DatabaseAsync", "DatabaseView", "DruidClusterModelView"}
+ READ_ONLY_MODEL_VIEWS = {"Database", "DruidClusterModelView", "DynamicPlugin"}
USER_MODEL_VIEWS = {
"UserDBModelView",
diff --git a/tests/security_tests.py b/tests/security_tests.py
index 5f3b2a6..388770e 100644
--- a/tests/security_tests.py
+++ b/tests/security_tests.py
@@ -685,6 +685,7 @@
self.assert_can_all("CssTemplate", perm_set)
self.assert_can_all("Dataset", perm_set)
self.assert_can_read("Query", perm_set)
+ self.assert_can_read("Database", perm_set)
self.assertIn(("can_import_dashboards", "Superset"), perm_set)
self.assertIn(("can_this_form_post", "CsvToDatabaseView"), perm_set)
self.assertIn(("can_this_form_get", "CsvToDatabaseView"), perm_set)
@@ -701,6 +702,7 @@
self.assert_cannot_write("Queries", perm_set)
self.assert_cannot_write("RoleModelView", perm_set)
self.assert_cannot_write("UserDBModelView", perm_set)
+ self.assert_cannot_write("Database", perm_set)
def assert_can_admin(self, perm_set):
self.assert_can_all("Database", perm_set)
