fix: Change dataset name affect data access role set to this dataset (#…

…20574)
apache · Aug 2, 2022 · 9291ad5 · 9291ad5
1 parent bfd2a3d
commit 9291ad5
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/superset/security/manager.py b/superset/security/manager.py
@@ -1220,13 +1220,25 @@ def set_perm(
         except DatasetInvalidPermissionEvaluationException:
             logger.warning("Dataset has no database refusing to set permission")
             return
+        permission_table = self.permission_model.__table__  # pylint: disable=no-member
+        view_menu_table = self.viewmenu_model.__table__  # pylint: disable=no-member
         link_table = target.__table__
         if target.perm != target_get_perm:
             connection.execute(
                 link_table.update()
                 .where(link_table.c.id == target.id)
                 .values(perm=target_get_perm)
             )
+            connection.execute(
+                permission_table.update()
+                .where(permission_table.c.name == target.perm)
+                .values(name=target_get_perm)
+            )
+            connection.execute(
+                view_menu_table.update()
+                .where(view_menu_table.c.name == target.perm)
+                .values(name=target_get_perm)
+            )
             target.perm = target_get_perm
 
         # check schema perm for datasets
@@ -1256,18 +1268,12 @@ def set_perm(
             pv = None
 
             if not permission:
-                permission_table = (
-                    self.permission_model.__table__  # pylint: disable=no-member
-                )
                 connection.execute(
                     permission_table.insert().values(name=permission_name)
                 )
                 permission = self.find_permission(permission_name)
                 self.on_permission_after_insert(mapper, connection, permission)
             if not view_menu:
-                view_menu_table = (
-                    self.viewmenu_model.__table__  # pylint: disable=no-member
-                )
                 connection.execute(view_menu_table.insert().values(name=view_menu_name))
                 view_menu = self.find_view_menu(view_menu_name)
                 self.on_view_menu_after_insert(mapper, connection, view_menu)

diff --git a/tests/integration_tests/security_tests.py b/tests/integration_tests/security_tests.py
@@ -206,6 +206,7 @@ def test_set_perm_sqla_table(self):
         )
 
         # table name change
+        orig_table_perm = stored_table.perm
         stored_table.table_name = "tmp_perm_table_v2"
         session.commit()
         stored_table = (
@@ -214,6 +215,11 @@ def test_set_perm_sqla_table(self):
         self.assertEqual(
             stored_table.perm, f"[examples].[tmp_perm_table_v2](id:{stored_table.id})"
         )
+        self.assertIsNone(
+            security_manager.find_permission_view_menu(
+                "datasource_access", orig_table_perm
+            )
+        )
         self.assertIsNotNone(
             security_manager.find_permission_view_menu(
                 "datasource_access", stored_table.perm