You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ma...@apache.org on 2020/02/07 22:01:09 UTC
[incubator-superset] branch master updated: [datasources] Fix,
Prevent gamma user's from accessing save datasources (#9091)
This is an automated email from the ASF dual-hosted git repository.
maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new 4f06236 [datasources] Fix, Prevent gamma user's from accessing save datasources (#9091)
4f06236 is described below
commit 4f06236bc4220de771465c10372b421e870ed3e8
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Fri Feb 7 22:00:47 2020 +0000
[datasources] Fix, Prevent gamma user's from accessing save datasources (#9091)
---
superset/security/manager.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/superset/security/manager.py b/superset/security/manager.py
index 12cf776..2d3f5e9 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -105,6 +105,7 @@ class SupersetSecurityManager(SecurityManager):
"DruidColumnInlineView",
"DruidDatasourceModelView",
"DruidMetricInlineView",
+ "Datasource",
} | READ_ONLY_MODEL_VIEWS
ADMIN_ONLY_VIEW_MENUS = {
@@ -131,7 +132,7 @@ class SupersetSecurityManager(SecurityManager):
"all_query_access",
}
- READ_ONLY_PERMISSION = {"can_show", "can_list"}
+ READ_ONLY_PERMISSION = {"can_show", "can_list", "can_get", "can_external_metadata"}
ALPHA_ONLY_PERMISSIONS = {
"muldelete",