|
@@ -375,6 +375,22 @@ class OrganizationDashboardDetailsGetTest(OrganizationDashboardDetailsTestCase):
|
|
|
assert "permissions" in response.data
|
|
|
assert not response.data["permissions"]
|
|
|
|
|
|
+ def test_dashboard_viewable_with_no_edit_permissions(self):
|
|
|
+ dashboard = Dashboard.objects.create(
|
|
|
+ title="Dashboard With Dataset Source",
|
|
|
+ created_by_id=1142,
|
|
|
+ organization=self.organization,
|
|
|
+ )
|
|
|
+ DashboardPermissions.objects.create(is_creator_only_editable=True, dashboard=dashboard)
|
|
|
+
|
|
|
+ user = self.create_user(id=1289)
|
|
|
+ self.create_member(user=user, organization=self.organization)
|
|
|
+ self.login_as(user)
|
|
|
+
|
|
|
+ with self.feature({"organizations:dashboards-edit-access": True}):
|
|
|
+ response = self.do_request("get", self.url(dashboard.id))
|
|
|
+ assert response.status_code == 200, response.content
|
|
|
+
|
|
|
|
|
|
class OrganizationDashboardDetailsDeleteTest(OrganizationDashboardDetailsTestCase):
|
|
|
def test_delete(self):
|
|
@@ -505,6 +521,54 @@ class OrganizationDashboardDetailsDeleteTest(OrganizationDashboardDetailsTestCas
|
|
|
response = self.do_request("delete", self.url("default-overview"))
|
|
|
assert response.status_code == 404
|
|
|
|
|
|
+ def test_delete_dashboard_with_edit_permissions_not_granted(self):
|
|
|
+ dashboard = Dashboard.objects.create(
|
|
|
+ title="Dashboard With Dataset Source",
|
|
|
+ created_by_id=11452,
|
|
|
+ organization=self.organization,
|
|
|
+ )
|
|
|
+ DashboardPermissions.objects.create(is_creator_only_editable=True, dashboard=dashboard)
|
|
|
+
|
|
|
+ user = self.create_user(id=1235)
|
|
|
+ self.create_member(user=user, organization=self.organization)
|
|
|
+ self.login_as(user)
|
|
|
+
|
|
|
+ with self.feature({"organizations:dashboards-edit-access": True}):
|
|
|
+ response = self.do_request("delete", self.url(dashboard.id))
|
|
|
+ assert response.status_code == 403
|
|
|
+
|
|
|
+ def test_delete_dashboard_with_edit_permissions_disabled(self):
|
|
|
+ dashboard = Dashboard.objects.create(
|
|
|
+ title="Dashboard With Dataset Source",
|
|
|
+ created_by_id=11452,
|
|
|
+ organization=self.organization,
|
|
|
+ )
|
|
|
+ DashboardPermissions.objects.create(is_creator_only_editable=False, dashboard=dashboard)
|
|
|
+
|
|
|
+ user = self.create_user(id=1235)
|
|
|
+ self.create_member(user=user, organization=self.organization)
|
|
|
+ self.login_as(user)
|
|
|
+
|
|
|
+ with self.feature({"organizations:dashboards-edit-access": True}):
|
|
|
+ response = self.do_request("delete", self.url(dashboard.id))
|
|
|
+ assert response.status_code == 204
|
|
|
+
|
|
|
+ def test_delete_dashboard_with_edit_permissions_granted(self):
|
|
|
+ dashboard = Dashboard.objects.create(
|
|
|
+ title="Dashboard With Dataset Source",
|
|
|
+ created_by_id=12333,
|
|
|
+ organization=self.organization,
|
|
|
+ )
|
|
|
+ DashboardPermissions.objects.create(is_creator_only_editable=True, dashboard=dashboard)
|
|
|
+
|
|
|
+ user = self.create_user(id=12333)
|
|
|
+ self.create_member(user=user, organization=self.organization)
|
|
|
+ self.login_as(user)
|
|
|
+
|
|
|
+ with self.feature({"organizations:dashboards-edit-access": True}):
|
|
|
+ response = self.do_request("delete", self.url(dashboard.id))
|
|
|
+ assert response.status_code == 204, response.content
|
|
|
+
|
|
|
|
|
|
class OrganizationDashboardDetailsPutTest(OrganizationDashboardDetailsTestCase):
|
|
|
def setUp(self):
|
|
@@ -1809,6 +1873,54 @@ class OrganizationDashboardDetailsPutTest(OrganizationDashboardDetailsTestCase):
|
|
|
)
|
|
|
assert response.status_code == 200, response.data
|
|
|
|
|
|
+ def test_edit_dashboard_with_edit_permissions_not_granted(self):
|
|
|
+ dashboard = Dashboard.objects.create(
|
|
|
+ title="Dashboard With Dataset Source",
|
|
|
+ created_by_id=12333,
|
|
|
+ organization=self.organization,
|
|
|
+ )
|
|
|
+ DashboardPermissions.objects.create(is_creator_only_editable=True, dashboard=dashboard)
|
|
|
+
|
|
|
+ user = self.create_user(id=3456)
|
|
|
+ self.create_member(user=user, organization=self.organization)
|
|
|
+ self.login_as(user)
|
|
|
+
|
|
|
+ with self.feature({"organizations:dashboards-edit-access": True}):
|
|
|
+ response = self.do_request("put", self.url(dashboard.id))
|
|
|
+ assert response.status_code == 403
|
|
|
+
|
|
|
+ def test_edit_dashboard_with_edit_permissions_disabled(self):
|
|
|
+ dashboard = Dashboard.objects.create(
|
|
|
+ title="Dashboard With Dataset Source",
|
|
|
+ created_by_id=12333,
|
|
|
+ organization=self.organization,
|
|
|
+ )
|
|
|
+ DashboardPermissions.objects.create(is_creator_only_editable=False, dashboard=dashboard)
|
|
|
+
|
|
|
+ user = self.create_user(id=3456)
|
|
|
+ self.create_member(user=user, organization=self.organization)
|
|
|
+ self.login_as(user)
|
|
|
+
|
|
|
+ with self.feature({"organizations:dashboards-edit-access": True}):
|
|
|
+ response = self.do_request("put", self.url(dashboard.id))
|
|
|
+ assert response.status_code == 200
|
|
|
+
|
|
|
+ def test_edit_dashboard_with_edit_permissions_granted(self):
|
|
|
+ dashboard = Dashboard.objects.create(
|
|
|
+ title="Dashboard With Dataset Source",
|
|
|
+ created_by_id=12333,
|
|
|
+ organization=self.organization,
|
|
|
+ )
|
|
|
+ DashboardPermissions.objects.create(is_creator_only_editable=True, dashboard=dashboard)
|
|
|
+
|
|
|
+ user = self.create_user(id=12333)
|
|
|
+ self.create_member(user=user, organization=self.organization)
|
|
|
+ self.login_as(user)
|
|
|
+
|
|
|
+ with self.feature({"organizations:dashboards-edit-access": True}):
|
|
|
+ response = self.do_request("put", self.url(self.dashboard.id))
|
|
|
+ assert response.status_code == 200, response.content
|
|
|
+
|
|
|
|
|
|
class OrganizationDashboardDetailsOnDemandTest(OrganizationDashboardDetailsTestCase):
|
|
|
widget_type = DashboardWidgetTypes.DISCOVER
|