From 14045a1116d03465d4d4cd0bf5c92d84e613af06 Mon Sep 17 00:00:00 2001 From: Evan Rusackas Date: Wed, 15 Dec 2021 10:04:13 -0700 Subject: [PATCH 1/3] fix: change 401 to 403 for Security Exceptions --- superset/exceptions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset/exceptions.py b/superset/exceptions.py index 2a902608a6a97..6ed3a0e8661e3 100644 --- a/superset/exceptions.py +++ b/superset/exceptions.py @@ -149,7 +149,7 @@ def __init__( class SupersetSecurityException(SupersetErrorException): - status = 401 + status = 403 def __init__( self, error: SupersetError, payload: Optional[Dict[str, Any]] = None From 79a6cc5147b0272aa38673a6168a624e94c4ad8d Mon Sep 17 00:00:00 2001 From: Evan Rusackas Date: Wed, 15 Dec 2021 10:38:48 -0700 Subject: [PATCH 2/3] updating tests to reflect new (proper) status code --- tests/integration_tests/charts/data/api_tests.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration_tests/charts/data/api_tests.py b/tests/integration_tests/charts/data/api_tests.py index cf6d0b537f145..2831c291c7097 100644 --- a/tests/integration_tests/charts/data/api_tests.py +++ b/tests/integration_tests/charts/data/api_tests.py @@ -464,7 +464,7 @@ def test_with_invalid_time_range_endpoints_enum_value__400(self): assert rv.status_code == 400 - def test_with_not_permitted_actor__401(self): + def test_with_not_permitted_actor__403(self): """ Chart data API: Test chart data query not allowed """ @@ -472,7 +472,7 @@ def test_with_not_permitted_actor__401(self): self.login(username="gamma") rv = self.post_assert_metric(CHART_DATA_URI, self.query_context_payload, "data") - assert rv.status_code == 401 + assert rv.status_code == 403 assert ( rv.json["errors"][0]["error_type"] == SupersetErrorType.DATASOURCE_SECURITY_ACCESS_ERROR From 525ebf4ff0d17465ca79e3fbb6f2ec30982a3d77 Mon Sep 17 00:00:00 2001 From: Evan Rusackas Date: Wed, 15 Dec 2021 11:25:28 -0700 Subject: [PATCH 3/3] another test update --- .../dashboards/security/security_rbac_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration_tests/dashboards/security/security_rbac_tests.py b/tests/integration_tests/dashboards/security/security_rbac_tests.py index c1be5a911ae32..bb97a35129fe8 100644 --- a/tests/integration_tests/dashboards/security/security_rbac_tests.py +++ b/tests/integration_tests/dashboards/security/security_rbac_tests.py @@ -91,7 +91,7 @@ def test_get_dashboard_view__user_can_not_access_without_permission(self): request_payload = get_query_context("birth_names") rv = self.post_assert_metric(CHART_DATA_URI, request_payload, "data") - self.assertEqual(rv.status_code, 401) + self.assertEqual(rv.status_code, 403) # assert self.assert403(response)