test: add multi-user data isolation tests

- ServerGroupIsolationTestCase: verify non-admin cannot fetch
  another user's server group properties
- ServerDataIsolationGetTestCase: verify non-admin cannot access
  another user's private server
- SharedServerAccessTestCase: verify shared servers remain
  accessible cross-user (positive regression test)

Tests use create_user_wise_test_client pattern and only run in
SERVER_MODE with pgAdmin4_test_non_admin_credentials configured.

Author: asheshv

web/migrations/versions/add_user_id_to_debugger_func_args_.py

@@ -96,26 +96,29 @@ def upgrade():
             )
 
     # --- Indexes for data isolation query performance ---
-    # CREATE INDEX IF NOT EXISTS is supported by both SQLite and PostgreSQL.
-    # Some tables (e.g. sharedserver) may not exist in older schemas that
-    # haven't run all prior migrations, so wrap each in try/except.
+    # Only create indexes on tables that exist (sharedserver may be
+    # absent in older schemas that haven't run all prior migrations).
+    inspector = sa.inspect(conn)
     index_stmts = [
-        'CREATE INDEX IF NOT EXISTS ix_server_user_id '
-        'ON server (user_id)',
-        'CREATE INDEX IF NOT EXISTS ix_server_servergroup_id '
-        'ON server (servergroup_id)',
-        'CREATE INDEX IF NOT EXISTS ix_sharedserver_user_id '
-        'ON sharedserver (user_id)',
-        'CREATE INDEX IF NOT EXISTS ix_sharedserver_osid '
-        'ON sharedserver (osid)',
-        'CREATE INDEX IF NOT EXISTS ix_servergroup_user_id '
-        'ON servergroup (user_id)',
+        ('server',
+         'CREATE INDEX IF NOT EXISTS ix_server_user_id '
+         'ON server (user_id)'),
+        ('server',
+         'CREATE INDEX IF NOT EXISTS ix_server_servergroup_id '
+         'ON server (servergroup_id)'),
+        ('sharedserver',
+         'CREATE INDEX IF NOT EXISTS ix_sharedserver_user_id '
+         'ON sharedserver (user_id)'),
+        ('sharedserver',
+         'CREATE INDEX IF NOT EXISTS ix_sharedserver_osid '
+         'ON sharedserver (osid)'),
+        ('servergroup',
+         'CREATE INDEX IF NOT EXISTS ix_servergroup_user_id '
+         'ON servergroup (user_id)'),
     ]
-    for stmt in index_stmts:
-        try:
+    for table_name, stmt in index_stmts:
+        if inspector.has_table(table_name):
             op.execute(stmt)
-        except Exception:
-            pass
 
 
 def downgrade():

web/pgadmin/browser/server_groups/__init__.py

@@ -25,7 +25,7 @@
 from pgadmin.model import db, ServerGroup, Server
 import config
 from pgadmin.utils.preferences import Preferences
-from pgadmin.utils.server_access import get_accessible_server_group, \
+from pgadmin.utils.server_access import get_server_group, \
     get_server_groups_for_user
 
 
@@ -288,7 +288,7 @@ def update(self, gid):
     def properties(self, gid):
         """Update the server-group properties"""
 
-        sg = get_accessible_server_group(gid)
+        sg = get_server_group(gid)
 
         if sg is None:
             return make_json_response(
@@ -426,7 +426,7 @@ def nodes(self, gid=None):
                     )
                 )
         else:
-            group = get_accessible_server_group(gid)
+            group = get_server_group(gid)
 
             if not group:
                 return gone(

web/pgadmin/browser/server_groups/servers/__init__.py

@@ -45,8 +45,8 @@
 from .... import socketio as sio
 from pgadmin.utils import get_complete_file_path
 from pgadmin.settings.utils import with_object_filters
-from pgadmin.utils.server_access import get_accessible_server, \
-    get_user_server_query, get_accessible_server_group
+from pgadmin.utils.server_access import get_server, \
+    get_user_server_query, get_server_group
 
 
 def has_any(data, keys):
@@ -626,7 +626,7 @@ def nodes(self, gid):
     @pga_login_required
     def node(self, gid, sid):
         """Return a JSON document listing the server groups for the user"""
-        server = get_accessible_server(sid)
+        server = get_server(sid)
 
         if server is None:
             return make_json_response(
@@ -751,7 +751,7 @@ def delete(self, gid, sid):
     @pga_login_required
     def update(self, gid, sid):
         """Update the server settings"""
-        server = get_accessible_server(sid)
+        server = get_server(sid)
         sharedserver = None
 
         if server is None:
@@ -956,7 +956,7 @@ def list(self, gid, object_filters):
         servers = get_user_server_query().filter(
             Server.servergroup_id == gid,
             Server.is_adhoc == 0).order_by(Server.name)
-        sg = get_accessible_server_group(gid)
+        sg = get_server_group(gid)
         res = []
 
         driver = get_driver(PG_DEFAULT_DRIVER)
@@ -996,7 +996,7 @@ def list(self, gid, object_filters):
     def properties(self, gid, sid):
         """Return list of attributes of a server"""
 
-        server = get_accessible_server(sid)
+        server = get_server(sid)
 
         if server is None:
             return make_json_response(
@@ -1388,7 +1388,7 @@ def supported_servers(self, **kwargs):
 
     def connect_status(self, gid, sid):
         """Check and return the connection status."""
-        server = get_accessible_server(sid)
+        server = get_server(sid)
         if server is None:
             return make_json_response(
                 status=410, success=0,
@@ -1462,7 +1462,7 @@ def connect(self, gid, sid, is_qt=False, server=None):
         # function in that case no need to fetch the server detail based on
         # sid.
         if server is None:
-            server = get_accessible_server(sid)
+            server = get_server(sid)
 
         if server is None:
             return bad_request(self.not_found_error_msg())
@@ -1692,7 +1692,7 @@ def connect(self, gid, sid, is_qt=False, server=None):
     def disconnect(self, gid, sid):
         """Disconnect the Server."""
 
-        server = get_accessible_server(sid)
+        server = get_server(sid)
         if server is None:
             return bad_request(self.not_found_error_msg())
 
@@ -1817,7 +1817,9 @@ def change_password(self, gid, sid):
                 raise CryptKeyMissing
 
             # Fetch Server Details
-            server = get_accessible_server(sid)
+            # Owner-only: password changes must not modify another
+            # user's server record via shared access.
+            server = get_server(sid, only_owned=True)
             if server is None:
                 return bad_request(self.not_found_error_msg())
 
@@ -2107,7 +2109,9 @@ def clear_saved_password(self, gid, sid):
         :return:
         """
         try:
-            server = get_accessible_server(sid)
+            # Owner-only: clearing saved password must not modify
+            # another user's server record via shared access.
+            server = get_server(sid, only_owned=True)
             shared_server = None
             if server is None:
                 return make_json_response(
@@ -2164,7 +2168,9 @@ def clear_sshtunnel_password(self, gid, sid):
         :return:
         """
         try:
-            server = get_accessible_server(sid)
+            # Owner-only: tunnel password changes must not modify
+            # another user's server record via shared access.
+            server = get_server(sid, only_owned=True)
             if server is None:
                 return make_json_response(
                     success=0,

web/pgadmin/browser/server_groups/servers/databases/__init__.py

@@ -34,7 +34,7 @@
 
 from pgadmin.tools.schema_diff.node_registry import SchemaDiffRegistry
 from pgadmin.model import db, Server, Database
-from pgadmin.utils.server_access import get_accessible_server
+from pgadmin.utils.server_access import get_server
 from pgadmin.browser.utils import underscore_escape
 from pgadmin.utils.constants import TWO_PARAM_STRING
 
@@ -581,7 +581,7 @@ def connect(self, gid, sid, did):
                 'connected': True,
                 'info_prefix': TWO_PARAM_STRING.
                 format(getattr(
-                        get_accessible_server(sid), 'name', ''), conn.db)
+                        get_server(sid), 'name', ''), conn.db)
             }
         )
 
@@ -605,7 +605,7 @@ def disconnect(self, gid, sid, did):
                     'connected': False,
                     'info_prefix': TWO_PARAM_STRING.
                     format(getattr(
-                        get_accessible_server(sid), 'name', ''), conn.db)
+                        get_server(sid), 'name', ''), conn.db)
                 }
             )
 

web/pgadmin/browser/server_groups/servers/databases/schemas/views/__init__.py

@@ -31,7 +31,7 @@
 from .schema_diff_view_utils import SchemaDiffViewCompare
 from pgadmin.utils import does_utility_exist, get_server
 from pgadmin.model import Server
-from pgadmin.utils.server_access import get_accessible_server
+from pgadmin.utils.server_access import get_server
 from pgadmin.misc.bgprocess.processes import BatchProcess, IProcessDesc
 from pgadmin.utils.constants import SERVER_NOT_FOUND
 
@@ -2318,7 +2318,7 @@ def refresh_data(self, gid, sid, did, scid, vid):
                                               res['rows'][0]['name'])
 
             # Fetch the server details like hostname, port, roles etc
-            server = get_accessible_server(sid)
+            server = get_server(sid)
 
             if server is None:
                 return make_json_response(
@@ -2436,9 +2436,7 @@ def check_utility_exists(self, gid, sid, did, scid, vid):
         Returns:
             None
         """
-        server = Server.query.filter_by(
-            id=sid, user_id=current_user.id
-        ).first()
+        server = get_server(sid)
 
         if server is None:
             return make_json_response(

web/pgadmin/browser/server_groups/servers/tests/test_server_data_isolation.py

@@ -0,0 +1,123 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2026, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+"""Tests for server data isolation between users in server mode."""
+
+import json
+import config
+from pgadmin.utils.route import BaseTestGenerator
+from regression.python_test_utils import test_utils as utils
+from regression.test_setup import config_data
+from regression.python_test_utils.test_utils import \
+    create_user_wise_test_client
+from . import utils as servers_utils
+
+test_user_details = None
+if config.SERVER_MODE:
+    test_user_details = \
+        config_data['pgAdmin4_test_non_admin_credentials']
+
+
+class ServerDataIsolationGetTestCase(BaseTestGenerator):
+    """Verify that a non-admin user cannot access another user's
+    private (non-shared) server by ID."""
+
+    scenarios = [
+        ('User B gets 410 for User A private server',
+         dict(is_positive_test=False)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a private (non-shared) server as the admin user
+        self.server['shared'] = False
+        url = "/browser/server/obj/{0}/".format(utils.SERVER_GROUP)
+        response = self.tester.post(
+            url,
+            data=json.dumps(self.server),
+            content_type='html/json'
+        )
+        self.assertEqual(response.status_code, 200)
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.assertIn('node', response_data)
+        self.server_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user should NOT be able to GET another user's
+        private server."""
+        if not self.server_id:
+            raise Exception("Server not found to test isolation")
+
+        url = '/browser/server/obj/{0}/{1}'.format(
+            utils.SERVER_GROUP, self.server_id)
+        response = self.tester.get(url, follow_redirects=True)
+        # Expect 410 Gone (server not accessible to this user)
+        self.assertIn(
+            response.status_code, [404, 410],
+            'Non-admin user should not access another user\'s '
+            'private server. Got status {0}'.format(
+                response.status_code)
+        )
+
+    def tearDown(self):
+        # Clean up with the admin tester (which owns the server)
+        utils.delete_server_with_api(
+            self.__class__.tester, self.server_id)
+
+
+class SharedServerAccessTestCase(BaseTestGenerator):
+    """Verify that a shared server IS accessible by a non-admin
+    user (positive test — shared servers should work after the
+    isolation fixes)."""
+
+    scenarios = [
+        ('User B can access shared server from User A',
+         dict(is_positive_test=True)),
+    ]
+
+    def setUp(self):
+        if not config.SERVER_MODE:
+            self.skipTest(
+                'Data isolation tests only apply to server mode.'
+            )
+
+        # Create a shared server as the admin user
+        self.server['shared'] = True
+        url = "/browser/server/obj/{0}/".format(utils.SERVER_GROUP)
+        response = self.tester.post(
+            url,
+            data=json.dumps(self.server),
+            content_type='html/json'
+        )
+        response_data = json.loads(response.data.decode('utf-8'))
+        self.server_id = response_data['node']['_id']
+
+    @create_user_wise_test_client(test_user_details)
+    def runTest(self):
+        """Non-admin user SHOULD be able to GET a shared server."""
+        if not self.server_id:
+            raise Exception("Server not found to test shared access")
+
+        url = '/browser/server/obj/{0}/{1}'.format(
+            utils.SERVER_GROUP, self.server_id)
+        response = self.tester.get(url, follow_redirects=True)
+        self.assertEqual(
+            response.status_code, 200,
+            'Non-admin user should be able to access shared server.'
+            ' Got status {0}'.format(response.status_code)
+        )
+
+    def tearDown(self):
+        utils.delete_server_with_api(
+            self.__class__.tester, self.server_id)

web/pgadmin/browser/server_groups/servers/utils.py

@@ -692,7 +692,8 @@ def delete_adhoc_servers(sid=None):
         has_user = (has_request_context() and
                     current_user and current_user.is_authenticated)
         if sid is not None:
-            q = db.session.query(Server).filter(Server.id == sid)
+            q = db.session.query(Server).filter(
+                Server.id == sid, Server.is_adhoc == 1)
             if has_user:
                 q = q.filter(Server.user_id == current_user.id)
             q.delete()