You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/08/18 13:33:01 UTC
[superset] branch 3.0 updated (f63cb47f35 -> 9ff1a63c3b)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a change to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
from f63cb47f35 fix: Date column in Heatmap is displayed as unix timestamp (#25009)
new 696917905e fix: Downgrades Prophet to 1.1.1 and Holidays to 0.23 (#25017)
new 9ff1a63c3b fix: Don't let users see dashboards only because it's favorited (#24991)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
requirements/base.txt | 10 ++++-
requirements/testing.txt | 8 ++--
setup.py | 4 +-
superset/dashboards/filters.py | 13 ++-----
tests/integration_tests/dashboard_tests.py | 39 --------------------
.../dashboards/security/security_dataset_tests.py | 43 ----------------------
6 files changed, 17 insertions(+), 100 deletions(-)
[superset] 02/02: fix: Don't let users see dashboards only because it's favorited (#24991)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 9ff1a63c3b9101d93b97309cee220069aa79dcae
Author: Jack Fragassi <jf...@gmail.com>
AuthorDate: Thu Aug 17 17:35:37 2023 -0700
fix: Don't let users see dashboards only because it's favorited (#24991)
(cherry picked from commit 258e56285ae13f55ef9c3704c79dcc4714ed3533)
---
superset/dashboards/filters.py | 13 ++-----
tests/integration_tests/dashboard_tests.py | 39 --------------------
.../dashboards/security/security_dataset_tests.py | 43 ----------------------
3 files changed, 3 insertions(+), 92 deletions(-)
diff --git a/superset/dashboards/filters.py b/superset/dashboards/filters.py
index 596e97de31..0c7878d508 100644
--- a/superset/dashboards/filters.py
+++ b/superset/dashboards/filters.py
@@ -24,7 +24,7 @@ from sqlalchemy.orm.query import Query
from superset import db, is_feature_enabled, security_manager
from superset.connectors.sqla.models import SqlaTable
-from superset.models.core import Database, FavStar
+from superset.models.core import Database
from superset.models.dashboard import Dashboard, is_uuid
from superset.models.embedded_dashboard import EmbeddedDashboard
from superset.models.slice import Slice
@@ -92,8 +92,8 @@ class DashboardAccessFilter(BaseFilter): # pylint: disable=too-few-public-metho
"""
List dashboards with the following criteria:
1. Those which the user owns
- 2. Those which the user has favorited
- 3. Those which have been published (if they have access to at least one slice)
+ 2. Those which have been published (if they have access to at least one slice)
+ 3. Those that they have access to via a role (if `DASHBOARD_RBAC` is enabled)
If the user is an admin then show all dashboards.
This means they do not get curation but can still sort by "published"
@@ -126,12 +126,6 @@ class DashboardAccessFilter(BaseFilter): # pylint: disable=too-few-public-metho
)
)
- users_favorite_dash_query = db.session.query(FavStar.obj_id).filter(
- and_(
- FavStar.user_id == get_user_id(),
- FavStar.class_name == "Dashboard",
- )
- )
owner_ids_query = (
db.session.query(Dashboard.id)
.join(Dashboard.owners)
@@ -179,7 +173,6 @@ class DashboardAccessFilter(BaseFilter): # pylint: disable=too-few-public-metho
or_(
Dashboard.id.in_(owner_ids_query),
Dashboard.id.in_(datasource_perm_query),
- Dashboard.id.in_(users_favorite_dash_query),
*feature_flagged_filters,
)
)
diff --git a/tests/integration_tests/dashboard_tests.py b/tests/integration_tests/dashboard_tests.py
index fef4edd6cc..0df9b22267 100644
--- a/tests/integration_tests/dashboard_tests.py
+++ b/tests/integration_tests/dashboard_tests.py
@@ -27,7 +27,6 @@ from sqlalchemy import func
from tests.integration_tests.test_app import app
from superset import db, security_manager
from superset.connectors.sqla.models import SqlaTable
-from superset.models import core as models
from superset.models.dashboard import Dashboard
from superset.models.slice import Slice
from tests.integration_tests.fixtures.birth_names_dashboard import (
@@ -227,44 +226,6 @@ class TestDashboard(SupersetTestCase):
self.assertIn(f"/superset/dashboard/{my_dash_slug}/", resp)
self.assertNotIn(f"/superset/dashboard/{not_my_dash_slug}/", resp)
- def test_users_can_view_favorited_dashboards(self):
- user = security_manager.find_user("gamma")
- fav_dash_slug = f"my_favorite_dash_{random()}"
- regular_dash_slug = f"regular_dash_{random()}"
-
- favorite_dash = Dashboard()
- favorite_dash.dashboard_title = "My Favorite Dashboard"
- favorite_dash.slug = fav_dash_slug
-
- regular_dash = Dashboard()
- regular_dash.dashboard_title = "A Plain Ol Dashboard"
- regular_dash.slug = regular_dash_slug
-
- db.session.add(favorite_dash)
- db.session.add(regular_dash)
- db.session.commit()
-
- dash = db.session.query(Dashboard).filter_by(slug=fav_dash_slug).first()
-
- favorites = models.FavStar()
- favorites.obj_id = dash.id
- favorites.class_name = "Dashboard"
- favorites.user_id = user.id
-
- db.session.add(favorites)
- db.session.commit()
-
- self.login(user.username)
-
- resp = self.get_resp("/api/v1/dashboard/")
-
- db.session.delete(favorites)
- db.session.delete(regular_dash)
- db.session.delete(favorite_dash)
- db.session.commit()
-
- self.assertIn(f"/superset/dashboard/{fav_dash_slug}/", resp)
-
def test_user_can_not_view_unpublished_dash(self):
admin_user = security_manager.find_user("admin")
gamma_user = security_manager.find_user("gamma")
diff --git a/tests/integration_tests/dashboards/security/security_dataset_tests.py b/tests/integration_tests/dashboards/security/security_dataset_tests.py
index dffab61a7a..54e8b81442 100644
--- a/tests/integration_tests/dashboards/security/security_dataset_tests.py
+++ b/tests/integration_tests/dashboards/security/security_dataset_tests.py
@@ -23,7 +23,6 @@ from flask import escape
from superset import app
from superset.daos.dashboard import DashboardDAO
-from superset.models import core as models
from tests.integration_tests.dashboards.base_case import DashboardTestCase
from tests.integration_tests.dashboards.consts import *
from tests.integration_tests.dashboards.dashboard_test_utils import *
@@ -124,48 +123,6 @@ class TestDashboardDatasetSecurity(DashboardTestCase):
# assert
self.assertNotIn(dashboard_url, get_dashboards_response)
- def test_get_dashboards__users_can_view_favorites_dashboards(self):
- # arrange
- user = security_manager.find_user("gamma")
- fav_dash_slug = f"my_favorite_dash_{random_slug()}"
- regular_dash_slug = f"regular_dash_{random_slug()}"
-
- favorite_dash = Dashboard()
- favorite_dash.dashboard_title = "My Favorite Dashboard"
- favorite_dash.slug = fav_dash_slug
-
- regular_dash = Dashboard()
- regular_dash.dashboard_title = "A Plain Ol Dashboard"
- regular_dash.slug = regular_dash_slug
-
- db.session.add(favorite_dash)
- db.session.add(regular_dash)
- db.session.commit()
-
- dash = db.session.query(Dashboard).filter_by(slug=fav_dash_slug).first()
-
- favorites = models.FavStar()
- favorites.obj_id = dash.id
- favorites.class_name = "Dashboard"
- favorites.user_id = user.id
-
- db.session.add(favorites)
- db.session.commit()
-
- self.login(user.username)
-
- # act
- get_dashboards_response = self.get_resp(DASHBOARDS_API_URL)
-
- # cleanup
- db.session.delete(favorites)
- db.session.delete(favorite_dash)
- db.session.delete(regular_dash)
- db.session.commit()
-
- # assert
- self.assertIn(f"/superset/dashboard/{fav_dash_slug}/", get_dashboards_response)
-
def test_get_dashboards__user_can_not_view_unpublished_dash(self):
# arrange
admin_user = security_manager.find_user(ADMIN_USERNAME)
[superset] 01/02: fix: Downgrades Prophet to 1.1.1 and Holidays to 0.23 (#25017)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 696917905e3f82bfc3f768982dfdc04ce6f9f9ea
Author: Michael S. Molina <70...@users.noreply.github.com>
AuthorDate: Thu Aug 17 17:31:40 2023 -0300
fix: Downgrades Prophet to 1.1.1 and Holidays to 0.23 (#25017)
---
requirements/base.txt | 10 +++++++++-
requirements/testing.txt | 8 +++-----
setup.py | 4 ++--
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/requirements/base.txt b/requirements/base.txt
index dc042a7747..6a321708d9 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -57,6 +57,8 @@ colorama==0.4.6
# via
# apache-superset
# flask-appbuilder
+convertdate==2.4.0
+ # via holidays
cron-descriptor==1.2.24
# via apache-superset
croniter==1.0.15
@@ -124,7 +126,9 @@ gunicorn==20.1.0
# via apache-superset
hashids==1.3.1
# via apache-superset
-holidays==0.28
+hijri-converter==2.3.1
+ # via holidays
+holidays==0.23
# via apache-superset
humanize==3.11.0
# via apache-superset
@@ -148,6 +152,8 @@ jsonschema==4.17.3
# via flask-appbuilder
kombu==5.2.4
# via celery
+korean-lunar-calendar==0.3.1
+ # via holidays
limits==3.4.0
# via flask-limiter
mako==1.2.4
@@ -215,6 +221,8 @@ pyjwt==2.4.0
# apache-superset
# flask-appbuilder
# flask-jwt-extended
+pymeeus==0.5.12
+ # via convertdate
pynacl==1.5.0
# via paramiko
pyparsing==3.0.6
diff --git a/requirements/testing.txt b/requirements/testing.txt
index 5605167228..95278b3ee8 100644
--- a/requirements/testing.txt
+++ b/requirements/testing.txt
@@ -16,8 +16,6 @@ cmdstanpy==1.1.0
# via prophet
contourpy==1.0.7
# via matplotlib
-convertdate==2.4.0
- # via prophet
coverage[toml]==7.2.5
# via pytest-cov
cycler==0.11.0
@@ -103,7 +101,7 @@ parameterized==0.9.0
# via -r requirements/testing.in
pathable==0.4.3
# via jsonschema-spec
-prophet==1.1.3
+prophet==1.1.1
# via apache-superset
proto-plus==1.22.2
# via
@@ -123,8 +121,6 @@ pyfakefs==5.2.2
# via -r requirements/testing.in
pyhive[presto]==0.6.5
# via apache-superset
-pymeeus==0.5.12
- # via convertdate
pytest==7.3.1
# via
# -r requirements/testing.in
@@ -142,6 +138,8 @@ rfc3339-validator==0.1.4
# via openapi-schema-validator
rsa==4.9
# via google-auth
+setuptools-git==1.2
+ # via prophet
sqlalchemy-bigquery==1.6.1
# via apache-superset
statsd==4.0.1
diff --git a/setup.py b/setup.py
index 54cf7754dd..b494f324b3 100644
--- a/setup.py
+++ b/setup.py
@@ -92,7 +92,7 @@ setup(
"geopy",
"gunicorn>=20.1.0; sys_platform != 'win32'",
"hashids>=1.3.1, <2",
- "holidays>=0.28, <1.0",
+ "holidays>=0.23, <0.24",
"humanize",
"importlib_metadata",
"isodate",
@@ -176,7 +176,7 @@ setup(
"postgres": ["psycopg2-binary==2.9.6"],
"presto": ["pyhive[presto]>=0.6.5"],
"trino": ["trino>=0.324.0"],
- "prophet": ["prophet>=1.1.0, <2.0.0"],
+ "prophet": ["prophet==1.1.1"],
"redshift": ["sqlalchemy-redshift>=0.8.1, < 0.9"],
"rockset": ["rockset>=0.8.10, <0.9"],
"shillelagh": [