test: add multi-user data isolation tests

asheshv · asheshv · commit b5b16d832309 · 2026-04-08T16:05:38.000+05:30
- ServerGroupIsolationTestCase: verify non-admin cannot fetch
  another user's server group properties
- ServerDataIsolationGetTestCase: verify non-admin cannot access
  another user's private server
- SharedServerAccessTestCase: verify shared servers remain
  accessible cross-user (positive regression test)

Tests use create_user_wise_test_client pattern and only run in
SERVER_MODE with pgAdmin4_test_non_admin_credentials configured.
diff --git a/web/migrations/versions/add_user_id_to_debugger_func_args_.py b/web/migrations/versions/add_user_id_to_debugger_func_args_.py
@@ -96,26 +96,29 @@ def upgrade():
             )
 
     # --- Indexes for data isolation query performance ---
-    # CREATE INDEX IF NOT EXISTS is supported by both SQLite and PostgreSQL.
-    # Some tables (e.g. sharedserver) may not exist in older schemas that
-    # haven't run all prior migrations, so wrap each in try/except.
+    # Only create indexes on tables that exist (sharedserver may be
+    # absent in older schemas that haven't run all prior migrations).
+    inspector = sa.inspect(conn)
     index_stmts = [
-        'CREATE INDEX IF NOT EXISTS ix_server_user_id '
-        'ON server (user_id)',
-        'CREATE INDEX IF NOT EXISTS ix_server_servergroup_id '
-        'ON server (servergroup_id)',
-        'CREATE INDEX IF NOT EXISTS ix_sharedserver_user_id '
-        'ON sharedserver (user_id)',
-        'CREATE INDEX IF NOT EXISTS ix_sharedserver_osid '
-        'ON sharedserver (osid)',
-        'CREATE INDEX IF NOT EXISTS ix_servergroup_user_id '
-        'ON servergroup (user_id)',
+        ('server',
+         'CREATE INDEX IF NOT EXISTS ix_server_user_id '
+         'ON server (user_id)'),
+        ('server',
+         'CREATE INDEX IF NOT EXISTS ix_server_servergroup_id '
+         'ON server (servergroup_id)'),
+        ('sharedserver',
+         'CREATE INDEX IF NOT EXISTS ix_sharedserver_user_id '
+         'ON sharedserver (user_id)'),
+        ('sharedserver',
+         'CREATE INDEX IF NOT EXISTS ix_sharedserver_osid '
+         'ON sharedserver (osid)'),
+        ('servergroup',
+         'CREATE INDEX IF NOT EXISTS ix_servergroup_user_id '
+         'ON servergroup (user_id)'),
     ]
-    for stmt in index_stmts:
-        try:
+    for table_name, stmt in index_stmts:
+        if inspector.has_table(table_name):
             op.execute(stmt)
-        except Exception:
-            pass
 
 
 def downgrade():
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/__init__.py b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/__init__.py
@@ -2436,9 +2436,7 @@ def check_utility_exists(self, gid, sid, did, scid, vid):
         Returns:
             None
         """
-        server = Server.query.filter_by(
-            id=sid, user_id=current_user.id
-        ).first()
+        server = get_accessible_server(sid)
 
         if server is None:
             return make_json_response(
diff --git a/web/pgadmin/browser/server_groups/servers/tests/test_server_data_isolation.py b/web/pgadmin/browser/server_groups/servers/tests/test_server_data_isolation.py
@@ -0,0 +1,121 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+"""Tests for server data isolation between users in server mode."""
+
+import json
+import config
+from pgadmin.utils.route import BaseTestGenerator
+from regression.python_test_utils import test_utils as utils
+from regression.test_setup import config_data
+from regression.python_test_utils.test_utils import \
+    create_user_wise_test_client
+from . import utils as servers_utils
+
+test_user_details = None
+if config.SERVER_MODE:
+    test_user_details = \
+        config_data['pgAdmin4_test_non_admin_credentials']
+
+
+class ServerDataIsolationGetTestCase(BaseTestGenerator):
+    """Verify that a non-admin user cannot access another user's
+    private (non-shared) server by ID."""
+
+    scenarios = [
+        ('User B gets 410 for User A private server',
+         dict(is_positive_test=False)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a private (non-shared) server as the admin user
+        self.server['shared'] = False
+        url = "/browser/server/obj/{0}/".format(utils.SERVER_GROUP)
+        response = self.tester.post(
+            url,
+            data=json.dumps(self.server),
+            content_type='html/json'
+        )
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.server_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user should NOT be able to GET another user's
+        private server."""
+        if not self.server_id:
+            raise Exception("Server not found to test isolation")
+
+        url = '/browser/server/obj/{0}/{1}'.format(
+            utils.SERVER_GROUP, self.server_id)
+        response = self.tester.get(url, follow_redirects=True)
+        # Expect 410 Gone (server not accessible to this user)
+        self.assertIn(
+            response.status_code, [404, 410],
+            'Non-admin user should not access another user\'s '
+            'private server. Got status {0}'.format(
+                response.status_code)
+        )
+
+    def tearDown(self):
+        # Clean up with the admin tester (which owns the server)
+        utils.delete_server_with_api(
+            self.__class__.tester, self.server_id)
+
+
+class SharedServerAccessTestCase(BaseTestGenerator):
+    """Verify that a shared server IS accessible by a non-admin
+    user (positive test — shared servers should work after the
+    isolation fixes)."""
+
+    scenarios = [
+        ('User B can access shared server from User A',
+         dict(is_positive_test=True)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a shared server as the admin user
+        self.server['shared'] = True
+        url = "/browser/server/obj/{0}/".format(utils.SERVER_GROUP)
+        response = self.tester.post(
+            url,
+            data=json.dumps(self.server),
+            content_type='html/json'
+        )
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.server_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user SHOULD be able to GET a shared server."""
+        if not self.server_id:
+            raise Exception("Server not found to test shared access")
+
+        url = '/browser/server/obj/{0}/{1}'.format(
+            utils.SERVER_GROUP, self.server_id)
+        response = self.tester.get(url, follow_redirects=True)
+        self.assertEqual(
+            response.status_code, 200,
+            'Non-admin user should be able to access shared server.'
+            ' Got status {0}'.format(response.status_code)
+        )
+
+    def tearDown(self):
+        utils.delete_server_with_api(
+            self.__class__.tester, self.server_id)
diff --git a/web/pgadmin/browser/server_groups/servers/utils.py b/web/pgadmin/browser/server_groups/servers/utils.py
@@ -692,7 +692,8 @@ def delete_adhoc_servers(sid=None):
         has_user = (has_request_context() and
                     current_user and current_user.is_authenticated)
         if sid is not None:
-            q = db.session.query(Server).filter(Server.id == sid)
+            q = db.session.query(Server).filter(
+                Server.id == sid, Server.is_adhoc == 1)
             if has_user:
                 q = q.filter(Server.user_id == current_user.id)
             q.delete()
diff --git a/web/pgadmin/browser/server_groups/tests/test_sg_data_isolation.py b/web/pgadmin/browser/server_groups/tests/test_sg_data_isolation.py
@@ -0,0 +1,73 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+"""Tests for ServerGroup data isolation between users in server mode."""
+
+import json
+import config
+from pgadmin.utils.route import BaseTestGenerator
+from regression.python_test_utils import test_utils as utils
+from regression.test_setup import config_data
+from regression.python_test_utils.test_utils import \
+    create_user_wise_test_client
+from pgadmin.model import db, ServerGroup
+
+test_user_details = None
+if config.SERVER_MODE:
+    test_user_details = \
+        config_data['pgAdmin4_test_non_admin_credentials']
+
+
+class ServerGroupIsolationTestCase(BaseTestGenerator):
+    """Verify that a non-admin user cannot fetch another user's
+    server group properties by ID."""
+
+    scenarios = [
+        ('User B cannot fetch User A server group properties',
+         dict(is_positive_test=False)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a server group as the admin user
+        url = '/browser/server_group/obj/'
+        response = self.tester.post(
+            url,
+            data=json.dumps({'name': 'isolation_test_group'}),
+            content_type='html/json'
+        )
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.sg_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user should NOT see another user's server
+        group properties."""
+        if not self.sg_id:
+            raise Exception("Server group not created")
+
+        url = '/browser/server_group/obj/{0}'.format(self.sg_id)
+        response = self.tester.get(url, content_type='html/json')
+        self.assertIn(
+            response.status_code, [404, 410],
+            'Non-admin user should not access another user\'s '
+            'server group. Got status {0}'.format(
+                response.status_code)
+        )
+
+    def tearDown(self):
+        # Clean up with admin
+        sg = ServerGroup.query.filter_by(id=self.sg_id).first()
+        if sg:
+            db.session.delete(sg)
+            db.session.commit()
diff --git a/web/pgadmin/tools/import_export/__init__.py b/web/pgadmin/tools/import_export/__init__.py
@@ -98,9 +98,7 @@ def cmd_arg(x):
 
     def get_server_name(self):
         # Fetch the server details like hostname, port, roles etc
-        s = Server.query.filter_by(
-            id=self.sid, user_id=current_user.id
-        ).first()
+        s = get_accessible_server(self.sid)
 
         if s is None:
             return _("Not available")
diff --git a/web/pgadmin/tools/sqleditor/__init__.py b/web/pgadmin/tools/sqleditor/__init__.py
@@ -521,9 +521,10 @@ def _init_sqleditor(trans_id, connect, sgid, sid, did, dbname=None, **kwargs):
     conn_id_ac = str(secrets.choice(range(1, 9999999)))
     server = get_accessible_server(sid)
     if server is None:
-        return internal_server_error(
-            errormsg=gettext("Could not find the required server.")
-        )
+        return True, internal_server_error(
+            errormsg=gettext(
+                "Could not find the required server.")
+        ), '', ''
     if server.shared and server.user_id != current_user.id:
         # Import here to avoid circular dependency
         from pgadmin.browser.server_groups.servers import ServerModule
