test: add multi-user data isolation tests

asheshv · asheshv · commit b91359560587 · 2026-04-08T15:26:29.000+05:30
- ServerGroupIsolationTestCase: verify non-admin cannot fetch
  another user's server group properties
- ServerDataIsolationGetTestCase: verify non-admin cannot access
  another user's private server
- SharedServerAccessTestCase: verify shared servers remain
  accessible cross-user (positive regression test)

Tests use create_user_wise_test_client pattern and only run in
SERVER_MODE with pgAdmin4_test_non_admin_credentials configured.
diff --git a/web/pgadmin/browser/server_groups/servers/__init__.py b/web/pgadmin/browser/server_groups/servers/__init__.py
@@ -46,7 +46,7 @@
 from pgadmin.utils import get_complete_file_path
 from pgadmin.settings.utils import with_object_filters
 from pgadmin.utils.server_access import get_accessible_server, \
-    get_user_server_query
+    get_user_server_query, get_accessible_server_group
 
 
 def has_any(data, keys):
@@ -956,8 +956,6 @@ def list(self, gid, object_filters):
         servers = get_user_server_query().filter(
             Server.servergroup_id == gid,
             Server.is_adhoc == 0).order_by(Server.name)
-        from pgadmin.utils.server_access import \
-            get_accessible_server_group
         sg = get_accessible_server_group(gid)
         res = []
 
diff --git a/web/pgadmin/browser/server_groups/servers/tests/test_server_data_isolation.py b/web/pgadmin/browser/server_groups/servers/tests/test_server_data_isolation.py
@@ -0,0 +1,121 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+"""Tests for server data isolation between users in server mode."""
+
+import json
+import config
+from pgadmin.utils.route import BaseTestGenerator
+from regression.python_test_utils import test_utils as utils
+from regression.test_setup import config_data
+from regression.python_test_utils.test_utils import \
+    create_user_wise_test_client
+from . import utils as servers_utils
+
+test_user_details = None
+if config.SERVER_MODE:
+    test_user_details = \
+        config_data['pgAdmin4_test_non_admin_credentials']
+
+
+class ServerDataIsolationGetTestCase(BaseTestGenerator):
+    """Verify that a non-admin user cannot access another user's
+    private (non-shared) server by ID."""
+
+    scenarios = [
+        ('User B gets 410 for User A private server',
+         dict(is_positive_test=False)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a private (non-shared) server as the admin user
+        self.server['shared'] = False
+        url = "/browser/server/obj/{0}/".format(utils.SERVER_GROUP)
+        response = self.tester.post(
+            url,
+            data=json.dumps(self.server),
+            content_type='html/json'
+        )
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.server_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user should NOT be able to GET another user's
+        private server."""
+        if not self.server_id:
+            raise Exception("Server not found to test isolation")
+
+        url = '/browser/server/obj/{0}/{1}'.format(
+            utils.SERVER_GROUP, self.server_id)
+        response = self.tester.get(url, follow_redirects=True)
+        # Expect 410 Gone (server not accessible to this user)
+        self.assertIn(
+            response.status_code, [404, 410],
+            'Non-admin user should not access another user\'s '
+            'private server. Got status {0}'.format(
+                response.status_code)
+        )
+
+    def tearDown(self):
+        # Clean up with the admin tester (which owns the server)
+        utils.delete_server_with_api(
+            self.__class__.tester, self.server_id)
+
+
+class SharedServerAccessTestCase(BaseTestGenerator):
+    """Verify that a shared server IS accessible by a non-admin
+    user (positive test — shared servers should work after the
+    isolation fixes)."""
+
+    scenarios = [
+        ('User B can access shared server from User A',
+         dict(is_positive_test=True)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a shared server as the admin user
+        self.server['shared'] = True
+        url = "/browser/server/obj/{0}/".format(utils.SERVER_GROUP)
+        response = self.tester.post(
+            url,
+            data=json.dumps(self.server),
+            content_type='html/json'
+        )
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.server_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user SHOULD be able to GET a shared server."""
+        if not self.server_id:
+            raise Exception("Server not found to test shared access")
+
+        url = '/browser/server/obj/{0}/{1}'.format(
+            utils.SERVER_GROUP, self.server_id)
+        response = self.tester.get(url, follow_redirects=True)
+        self.assertEqual(
+            response.status_code, 200,
+            'Non-admin user should be able to access shared server.'
+            ' Got status {0}'.format(response.status_code)
+        )
+
+    def tearDown(self):
+        utils.delete_server_with_api(
+            self.__class__.tester, self.server_id)
diff --git a/web/pgadmin/browser/server_groups/servers/utils.py b/web/pgadmin/browser/server_groups/servers/utils.py
@@ -657,19 +657,29 @@ def disconnect_from_all_servers():
     """
     all_servers = get_user_server_query().all()
     for server in all_servers:
-        manager = get_driver(config.PG_DEFAULT_DRIVER).connection_manager(
-            server.id)
-        if manager is None:
-            continue
-        # Check if any psql terminal is running for the current disconnecting
-        # server. If any terminate the psql tool connection.
-        if 'sid_soid_mapping' in current_app.config and str(server.id) in \
-            current_app.config['sid_soid_mapping'] and \
-                str(server.id) in current_app.config['sid_soid_mapping']:
-            for i in current_app.config['sid_soid_mapping'][str(server.id)]:
-                sio.emit('disconnect-psql', namespace='/pty', to=i)
-
-        manager.release()
+        try:
+            manager = get_driver(
+                config.PG_DEFAULT_DRIVER
+            ).connection_manager(server.id)
+            if manager is None:
+                continue
+            # Check if any psql terminal is running for the
+            # current disconnecting server.
+            if 'sid_soid_mapping' in current_app.config \
+                    and str(server.id) in \
+                    current_app.config['sid_soid_mapping']:
+                for i in current_app.config[
+                        'sid_soid_mapping'][str(server.id)]:
+                    sio.emit(
+                        'disconnect-psql',
+                        namespace='/pty', to=i
+                    )
+            manager.release()
+        except Exception:
+            current_app.logger.warning(
+                'Failed to disconnect server %s',
+                server.id
+            )
 
 
 def delete_adhoc_servers(sid=None):
diff --git a/web/pgadmin/browser/server_groups/tests/test_sg_data_isolation.py b/web/pgadmin/browser/server_groups/tests/test_sg_data_isolation.py
@@ -0,0 +1,73 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+"""Tests for ServerGroup data isolation between users in server mode."""
+
+import json
+import config
+from pgadmin.utils.route import BaseTestGenerator
+from regression.python_test_utils import test_utils as utils
+from regression.test_setup import config_data
+from regression.python_test_utils.test_utils import \
+    create_user_wise_test_client
+from pgadmin.model import db, ServerGroup
+
+test_user_details = None
+if config.SERVER_MODE:
+    test_user_details = \
+        config_data['pgAdmin4_test_non_admin_credentials']
+
+
+class ServerGroupIsolationTestCase(BaseTestGenerator):
+    """Verify that a non-admin user cannot fetch another user's
+    server group properties by ID."""
+
+    scenarios = [
+        ('User B cannot fetch User A server group properties',
+         dict(is_positive_test=False)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a server group as the admin user
+        url = '/browser/server_group/obj/'
+        response = self.tester.post(
+            url,
+            data=json.dumps({'name': 'isolation_test_group'}),
+            content_type='html/json'
+        )
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.sg_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user should NOT see another user's server
+        group properties."""
+        if not self.sg_id:
+            raise Exception("Server group not created")
+
+        url = '/browser/server_group/obj/{0}'.format(self.sg_id)
+        response = self.tester.get(url, content_type='html/json')
+        self.assertIn(
+            response.status_code, [404, 410],
+            'Non-admin user should not access another user\'s '
+            'server group. Got status {0}'.format(
+                response.status_code)
+        )
+
+    def tearDown(self):
+        # Clean up with admin
+        sg = ServerGroup.query.filter_by(id=self.sg_id).first()
+        if sg:
+            db.session.delete(sg)
+            db.session.commit()
diff --git a/web/pgadmin/misc/workspaces/__init__.py b/web/pgadmin/misc/workspaces/__init__.py
@@ -145,16 +145,16 @@ def adhoc_connect_server():
                     server = existing_server
                     break
         else:
-            server = Server.query.filter_by(host=new_host,
-                                            port=new_port,
-                                            maintenance_db=new_db,
-                                            username=new_username,
-                                            name=new_server_name,
-                                            role=new_role,
-                                            service=new_service,
-                                            connection_params=connection_params,
-                                            user_id=current_user.id
-                                            ).first()
+            server = Server.query.filter_by(
+                host=new_host, port=new_port,
+                maintenance_db=new_db,
+                username=new_username,
+                name=new_server_name,
+                role=new_role,
+                service=new_service,
+                connection_params=connection_params,
+                user_id=current_user.id
+            ).first()
 
         # If server is none then no server with the above combination is found.
         if server is None:
diff --git a/web/pgadmin/tools/debugger/__init__.py b/web/pgadmin/tools/debugger/__init__.py
@@ -35,7 +35,9 @@
     import get_extension_details
 from pgadmin.utils.constants import PREF_LABEL_KEYBOARD_SHORTCUTS, \
     SERVER_CONNECTION_CLOSED
-from pgadmin.tools.user_management.PgAdminPermissions import AllPermissionTypes
+from pgadmin.tools.user_management.PgAdminPermissions \
+    import AllPermissionTypes
+from pgadmin.utils.server_access import get_accessible_server
 from pgadmin.preferences import preferences
 
 MODULE_NAME = 'debugger'
@@ -1803,6 +1805,12 @@ def get_arguments_sqlite(sid, did, scid, func_id):
         - Function Id
     """
 
+    if get_accessible_server(sid) is None:
+        return make_json_response(
+            status=410, success=0,
+            errormsg=gettext("Could not find the required server.")
+        )
+
     """Get the count of the existing data available in sqlite database"""
     dbg_func_args_count = int(DebuggerFunctionArguments.query.filter_by(
         server_id=sid,
@@ -1890,6 +1898,12 @@ def set_arguments_sqlite(sid, did, scid, func_id):
         - Function Id
     """
 
+    if get_accessible_server(sid) is None:
+        return make_json_response(
+            status=410, success=0,
+            errormsg=gettext("Could not find the required server.")
+        )
+
     if request.data:
         data = json.loads(request.data)
 
@@ -1982,6 +1996,12 @@ def clear_arguments_sqlite(sid, did, scid, func_id):
         - Function Id
     """
 
+    if get_accessible_server(sid) is None:
+        return make_json_response(
+            status=410, success=0,
+            errormsg=gettext("Could not find the required server.")
+        )
+
     try:
         db.session.query(DebuggerFunctionArguments) \
             .filter(DebuggerFunctionArguments.server_id == sid,
