You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ma...@apache.org on 2019/03/18 05:49:51 UTC
[incubator-superset] branch master updated: Fix issues around
Database permissions (#7009)
This is an automated email from the ASF dual-hosted git repository.
maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new f5274a9 Fix issues around Database permissions (#7009)
f5274a9 is described below
commit f5274a9c7f437dcf9359f8dc5fdd056c23bf03b8
Author: Maxime Beauchemin <ma...@gmail.com>
AuthorDate: Sun Mar 17 22:49:40 2019 -0700
Fix issues around Database permissions (#7009)
---
superset/security.py | 12 +++++++++---
superset/views/core.py | 12 +++++++++++-
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/superset/security.py b/superset/security.py
index 3bfddc9..3c2ce32 100644
--- a/superset/security.py
+++ b/superset/security.py
@@ -107,8 +107,10 @@ class SupersetSecurityManager(SecurityManager):
return self._has_view_access(user, permission_name, view_name)
def all_datasource_access(self):
- return self.can_access(
- 'all_datasource_access', 'all_datasource_access')
+ return self.can_access('all_datasource_access', 'all_datasource_access')
+
+ def all_database_access(self):
+ return self.can_access('all_database_access', 'all_database_access')
def database_access(self, database):
return (
@@ -410,8 +412,12 @@ class SupersetSecurityManager(SecurityManager):
.values(perm=target.get_perm()),
)
- # add to view menu if not already exists
permission_name = 'datasource_access'
+ from superset.models.core import Database
+ if mapper.class_ == Database:
+ permission_name = 'database_access'
+
+ # add to view menu if not already exists
view_menu_name = target.get_perm()
permission = self.find_permission(permission_name)
view_menu = self.find_view_menu(view_menu_name)
diff --git a/superset/views/core.py b/superset/views/core.py
index d3cfb88..2bee09d 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -109,6 +109,14 @@ SQLTable = Table(
extend_existing=True)
+class DatabaseFilter(SupersetFilter):
+ def apply(self, query, func): # noqa
+ if security_manager.all_database_access():
+ return query
+ database_perms = self.get_view_menus('database_access')
+ return query.filter(self.model.perm.in_(database_perms))
+
+
class SliceFilter(SupersetFilter):
def apply(self, query, func): # noqa
if security_manager.all_datasource_access():
@@ -116,11 +124,12 @@ class SliceFilter(SupersetFilter):
# TODO(bogdan): add `schema_access` support here
datasource_perms = self.get_view_menus('datasource_access')
+ database_perms = self.get_view_menus('database_access')
query = (
query.outerjoin(SQLTable, self.model.datasource_id == SQLTable.c.id)
.outerjoin(models.Database, models.Database.id == SQLTable.c.database_id)
.filter(or_(
- models.Database.perm.in_(datasource_perms),
+ models.Database.perm.in_(database_perms),
self.model.perm.in_(datasource_perms),
))
)
@@ -285,6 +294,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin): # noqa
'allow_multi_schema_metadata_fetch': _('Allow Multi Schema Metadata Fetch'),
'backend': _('Backend'),
}
+ base_filters = [['id', DatabaseFilter, lambda: []]]
def pre_add(self, db):
self.check_extra(db)