You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by vi...@apache.org on 2021/08/10 05:01:18 UTC

[superset] 08/25: chore: simplify chart permissions (#16078)

This is an automated email from the ASF dual-hosted git repository.

villebro pushed a commit to branch 1.3
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 8506e4f555a703d7fa4893a6e66660dffa3bfeea
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Thu Aug 5 08:18:29 2021 -0700

    chore: simplify chart permissions (#16078)
    
    (cherry picked from commit 1dbd1e9f026265347e25223479157c9589e4fac7)
---
 superset/constants.py                              |  3 +-
 .../f6196627326f_update_chart_permissions.py       | 71 ++++++++++++++++++++++
 tests/integration_tests/charts/api_tests.py        |  2 -
 3 files changed, 73 insertions(+), 3 deletions(-)

diff --git a/superset/constants.py b/superset/constants.py
index e639866..c4b81ee 100644
--- a/superset/constants.py
+++ b/superset/constants.py
@@ -119,12 +119,13 @@ MODEL_API_RW_METHOD_PERMISSION_MAP = {
     "refresh": "write",
     "cache_screenshot": "read",
     "screenshot": "read",
-    "data": "read",
     "data_from_cache": "read",
     "get_charts": "read",
     "get_datasets": "read",
     "function_names": "read",
     "available": "read",
+    "post_data": "read",  # used to fetch chart data, so "read"
+    "get_data": "read",
 }
 
 EXTRA_FORM_DATA_APPEND_KEYS = {
diff --git a/superset/migrations/versions/f6196627326f_update_chart_permissions.py b/superset/migrations/versions/f6196627326f_update_chart_permissions.py
new file mode 100644
index 0000000..f9a0904
--- /dev/null
+++ b/superset/migrations/versions/f6196627326f_update_chart_permissions.py
@@ -0,0 +1,71 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""update chart permissions
+
+Revision ID: f6196627326f
+Revises: 143b6f2815da
+Create Date: 2021-08-04 17:16:47.714866
+
+"""
+
+from alembic import op
+from sqlalchemy.exc import SQLAlchemyError
+from sqlalchemy.orm import Session
+
+from superset.migrations.shared.security_converge import (
+    add_pvms,
+    get_reversed_new_pvms,
+    get_reversed_pvm_map,
+    migrate_roles,
+    Pvm,
+)
+
+# revision identifiers, used by Alembic.
+revision = "f6196627326f"
+down_revision = "143b6f2815da"
+
+PVM_MAP = {
+    Pvm("Chart", "can_get_data"): (Pvm("Chart", "can_read"),),
+    Pvm("Chart", "can_post_data"): (Pvm("Chart", "can_read"),),
+}
+
+
+def upgrade():
+    bind = op.get_bind()
+    session = Session(bind=bind)
+
+    # Add the new permissions on the migration itself
+    migrate_roles(session, PVM_MAP)
+    try:
+        session.commit()
+    except SQLAlchemyError as ex:
+        print(f"An error occurred while upgrading permissions: {ex}")
+        session.rollback()
+
+
+def downgrade():
+    bind = op.get_bind()
+    session = Session(bind=bind)
+
+    # Add the old permissions on the migration itself
+    add_pvms(session, get_reversed_new_pvms(PVM_MAP))
+    migrate_roles(session, get_reversed_pvm_map(PVM_MAP))
+    try:
+        session.commit()
+    except SQLAlchemyError as ex:
+        print(f"An error occurred while downgrading permissions: {ex}")
+        session.rollback()
diff --git a/tests/integration_tests/charts/api_tests.py b/tests/integration_tests/charts/api_tests.py
index 803d81f..cbb8094 100644
--- a/tests/integration_tests/charts/api_tests.py
+++ b/tests/integration_tests/charts/api_tests.py
@@ -187,9 +187,7 @@ class TestChartApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixin):
         data = json.loads(rv.data.decode("utf-8"))
         assert rv.status_code == 200
         assert set(data["permissions"]) == {
-            "can_get_data",
             "can_read",
-            "can_post_data",
             "can_write",
         }