Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix test_get_dashboard_unauthorized (#1736)
### Feature or Bugfix - Bugfix ### Detail Before #1729 an unauthorized getDashboard query meant a global failure, after #1729 it returns partial data and only raises an error for `environment` and `restricted` fields. ```json {'data': {'getDashboard': {'SamlGroupName': 'testGroup1', 'created': '2024-12-06 15:27:15.811303', 'dashboardUri': 'obfuscated_uri', 'description': 'No description provided', 'environment': None, 'label': '2024-12-06T14:57:28.249142', 'name': '2024-12-06t14-57-28-249142', 'owner': '[email protected]', 'restricted': None, 'tags': ['2024-12-06T14:57:28.249142'], 'terms': {'count': 0, 'nodes': []}, 'userRoleForDashboard': 'Shared'}}, 'errors': [{'locations': [{'column': 17, 'line': 13}], 'message': '\n' ' An error occurred (UnauthorizedOperation) ' 'when calling GET_DASHBOARD operation:\n' ' User: [email protected] is not ' 'authorized to perform: GET_DASHBOARD on resource: ' 'obfuscated_uri\n' ' ', 'path': ['getDashboard', 'restricted']}, {'locations': [{'column': 17, 'line': 17}], 'message': '\n' ' An error occurred (UnauthorizedOperation) ' 'when calling GET_ENVIRONMENT operation:\n' ' User: [email protected] is not ' 'authorized to perform: GET_ENVIRONMENT on resource: ' 'obfuscated_uri\n' ' ', 'path': ['getDashboard', 'environment']}]} ``` ### Relates Issue introduced at #1729 ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? - Is the input sanitized? - What precautions are you taking before deserializing the data you consume? - Is injection prevented by parametrizing queries? - Have you ensured no `eval` or similar functions are used? - Does this PR introduce any functionality or component that requires authorization? - How have you ensured it respects the existing AuthN/AuthZ mechanisms? - Are you logging failed auth attempts? - Are you using or adding any cryptographic features? - Do you use a standard proven implementations? - Are the used keys controlled by the customer? Where are they stored? - Are you introducing any new policies/roles/users? - Have you used the least-privilege principle? How? By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
- Loading branch information
