You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2023/01/02 13:15:09 UTC
[GitHub] [superset] villebro opened a new pull request, #22566: fix(sqllab): remove link to sqllab if missing perms
villebro opened a new pull request, #22566:
URL: https://github.com/apache/superset/pull/22566
### SUMMARY
Currently the View
### AFTER
Now when a user that doesn't have the `sql_lab` role will no longer see the "View in SQL Lab" menu item:
For admin and users with `sql_lab` role the menu is unchanged:
### TESTING INSTRUCTIONS
<!--- Required! What steps can be taken to manually verify the changes? -->
### ADDITIONAL INFORMATION
<!--- Check any relevant boxes with "x" -->
<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] codecov[bot] commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
codecov[bot] commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1369506707
# [Codecov](https://codecov.io/gh/apache/superset/pull/22566?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#22566](https://codecov.io/gh/apache/superset/pull/22566?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (f742039) into [master](https://codecov.io/gh/apache/superset/commit/38d02a10b5abbe325dfac4ecc227d6a2b5db5aaa?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (38d02a1) will **decrease** coverage by `0.00%`.
> The diff coverage is `36.84%`.
```diff
@@ Coverage Diff @@
## master #22566 +/- ##
==========================================
- Coverage 66.91% 66.90% -0.01%
==========================================
Files 1851 1851
Lines 70709 70725 +16
Branches 7766 7772 +6
==========================================
+ Hits 47316 47322 +6
- Misses 21371 21378 +7
- Partials 2022 2025 +3
```
| Flag | Coverage Δ | |
|---|---|---|
| javascript | `53.85% <36.84%> (-0.01%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/superset/pull/22566?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [superset-frontend/src/SqlLab/App.jsx](https://codecov.io/gh/apache/superset/pull/22566/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL1NxbExhYi9BcHAuanN4) | `0.00% <0.00%> (ø)` | |
| [...t-frontend/src/views/CRUD/data/query/QueryList.tsx](https://codecov.io/gh/apache/superset/pull/22566/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL3ZpZXdzL0NSVUQvZGF0YS9xdWVyeS9RdWVyeUxpc3QudHN4) | `49.27% <0.00%> (-2.24%)` | :arrow_down: |
| [.../src/views/CRUD/data/savedquery/SavedQueryList.tsx](https://codecov.io/gh/apache/superset/pull/22566/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL3ZpZXdzL0NSVUQvZGF0YS9zYXZlZHF1ZXJ5L1NhdmVkUXVlcnlMaXN0LnRzeA==) | `61.60% <0.00%> (-1.70%)` | :arrow_down: |
| [...set-frontend/src/dashboard/util/permissionUtils.ts](https://codecov.io/gh/apache/superset/pull/22566/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2Rhc2hib2FyZC91dGlsL3Blcm1pc3Npb25VdGlscy50cw==) | `86.66% <80.00%> (-3.34%)` | :arrow_down: |
| [...re/components/controls/DatasourceControl/index.jsx](https://codecov.io/gh/apache/superset/pull/22566/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2V4cGxvcmUvY29tcG9uZW50cy9jb250cm9scy9EYXRhc291cmNlQ29udHJvbC9pbmRleC5qc3g=) | `84.90% <100.00%> (+0.29%)` | :arrow_up: |
| [superset/examples/birth\_names.py](https://codecov.io/gh/apache/superset/pull/22566/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZXhhbXBsZXMvYmlydGhfbmFtZXMucHk=) | `70.00% <0.00%> (ø)` | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1369680168
/testenv up
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] github-actions[bot] commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1369684060
@villebro Ephemeral environment spinning up at http://34.219.163.111:8080. Credentials are `admin`/`admin`. Please allow several minutes for bootstrapping and startup.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on a diff in pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on code in PR #22566:
URL: https://github.com/apache/superset/pull/22566#discussion_r1060704671
##########
superset/views/core.py:
##########
@@ -2777,6 +2777,13 @@ def _get_sqllab_tabs(user_id: Optional[int]) -> Dict[str, Any]:
@expose("/sqllab/", methods=["GET", "POST"])
def sqllab(self) -> FlaskResponse:
"""SQL Editor"""
+ if not (
+ security_manager.is_admin()
+ or "sql_lab" in (role.name for role in security_manager.get_user_roles())
+ ):
+ flash(__("You do not have access to SQL Lab"), "danger")
+ return redirect("/")
Review Comment:
Good idea, I'll move it over 👍
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] github-actions[bot] commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1370587920
@villebro Ephemeral environment spinning up at http://54.187.147.88:8080. Credentials are `admin`/`admin`. Please allow several minutes for bootstrapping and startup.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] dpgaspar commented on a diff in pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on code in PR #22566:
URL: https://github.com/apache/superset/pull/22566#discussion_r1064397316
##########
tests/integration_tests/queries/saved_queries/api_tests.py:
##########
@@ -157,12 +157,12 @@ def test_get_list_saved_query_gamma(self):
"""
Saved Query API: Test get list saved query
"""
- gamma = self.get_user("gamma")
+ user = self.get_user("gamma_sqllab")
Review Comment:
did we had to change this user for the tests to pass?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] github-actions[bot] commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1375523027
Ephemeral environment shutdown and build artifacts deleted.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1373338025
FYI, I've recreated the ephemeral environment with the same test users as previously (same UID/PWD):
- **admin**: the regular admin user
- **gamma**: gamma user with access to Examples database
- **sqlgamma**: gamma user with access to Examples database and sql_lab role
The users that have access to SQL Lab also have a saved query which one should be able to see from the Welcome page
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] github-actions[bot] commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1369552504
@zhaoyongjie Ephemeral environment spinning up at http://18.236.102.188:8080. Credentials are `admin`/`admin`. Please allow several minutes for bootstrapping and startup.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] zhaoyongjie commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
zhaoyongjie commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1369550716
/testenv up
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on a diff in pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on code in PR #22566:
URL: https://github.com/apache/superset/pull/22566#discussion_r1061292459
##########
superset-frontend/src/dashboard/util/permissionUtils.test.ts:
##########
@@ -22,7 +22,11 @@ import {
} from 'src/types/bootstrapTypes';
import { Dashboard } from 'src/types/Dashboard';
import Owner from 'src/types/Owner';
-import { canUserEditDashboard, isUserAdmin } from './permissionUtils';
+import {
+ canUserAccessSqlLab,
+ canUserEditDashboard,
+ isUserAdmin,
+} from './permissionUtils';
Review Comment:
TODO: these should probably be moved to a general util outside the dashboard section, but refactoring it seems outside the scope of this PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1370601936
For testing I've created the following users on the eph env:
UID: `gamma`
PWD: `gamma`
Test case: directly accessing `/superset/sqllab` redirects to welcome page with an error toast and "View in SQL Lab" is missing in Explore menu:
<img width="632" alt="image" src="https://user-images.githubusercontent.com/33317356/210511244-313ebcdc-0733-4c00-8a4a-e59d59650a43.png">
UID: `sqlgamma`
PWD: `sqlgamma`
Test case: SQL Lab works and "View in SQL Lab" is present in Explore menu:
<img width="627" alt="image" src="https://user-images.githubusercontent.com/33317356/210511491-cac872b7-e0c2-4856-ae9c-ca1e2ca8dd0a.png">
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] dpgaspar commented on a diff in pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on code in PR #22566:
URL: https://github.com/apache/superset/pull/22566#discussion_r1060530259
##########
superset/views/core.py:
##########
@@ -2777,6 +2777,13 @@ def _get_sqllab_tabs(user_id: Optional[int]) -> Dict[str, Any]:
@expose("/sqllab/", methods=["GET", "POST"])
def sqllab(self) -> FlaskResponse:
"""SQL Editor"""
+ if not (
+ security_manager.is_admin()
+ or "sql_lab" in (role.name for role in security_manager.get_user_roles())
+ ):
+ flash(__("You do not have access to SQL Lab"), "danger")
+ return redirect("/")
Review Comment:
This probably makes more sense to fix on security manager, where all roles are created
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] github-actions[bot] commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1373315109
@villebro Ephemeral environment spinning up at http://35.89.82.98:8080. Credentials are `admin`/`admin`. Please allow several minutes for bootstrapping and startup.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1373306217
/testenv up
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro merged pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro merged PR #22566:
URL: https://github.com/apache/superset/pull/22566
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on PR #22566:
URL: https://github.com/apache/superset/pull/22566#issuecomment-1370585106
/testenv up
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on a diff in pull request #22566: fix(sqllab): remove link to sqllab if missing perms
Posted by GitBox <gi...@apache.org>.
villebro commented on code in PR #22566:
URL: https://github.com/apache/superset/pull/22566#discussion_r1062758763
##########
tests/integration_tests/queries/saved_queries/api_tests.py:
##########
@@ -157,12 +157,12 @@ def test_get_list_saved_query_gamma(self):
"""
Saved Query API: Test get list saved query
"""
- gamma = self.get_user("gamma")
+ user = self.get_user("gamma_sqllab")
Review Comment:
The `gamma_sqllab` test user has both `Gamma` and `sql_lab` roles.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org