You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by vi...@apache.org on 2021/08/10 05:01:18 UTC
[superset] 08/25: chore: simplify chart permissions (#16078)
This is an automated email from the ASF dual-hosted git repository.
villebro pushed a commit to branch 1.3
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 8506e4f555a703d7fa4893a6e66660dffa3bfeea
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Thu Aug 5 08:18:29 2021 -0700
chore: simplify chart permissions (#16078)
(cherry picked from commit 1dbd1e9f026265347e25223479157c9589e4fac7)
---
superset/constants.py | 3 +-
.../f6196627326f_update_chart_permissions.py | 71 ++++++++++++++++++++++
tests/integration_tests/charts/api_tests.py | 2 -
3 files changed, 73 insertions(+), 3 deletions(-)
diff --git a/superset/constants.py b/superset/constants.py
index e639866..c4b81ee 100644
--- a/superset/constants.py
+++ b/superset/constants.py
@@ -119,12 +119,13 @@ MODEL_API_RW_METHOD_PERMISSION_MAP = {
"refresh": "write",
"cache_screenshot": "read",
"screenshot": "read",
- "data": "read",
"data_from_cache": "read",
"get_charts": "read",
"get_datasets": "read",
"function_names": "read",
"available": "read",
+ "post_data": "read", # used to fetch chart data, so "read"
+ "get_data": "read",
}
EXTRA_FORM_DATA_APPEND_KEYS = {
diff --git a/superset/migrations/versions/f6196627326f_update_chart_permissions.py b/superset/migrations/versions/f6196627326f_update_chart_permissions.py
new file mode 100644
index 0000000..f9a0904
--- /dev/null
+++ b/superset/migrations/versions/f6196627326f_update_chart_permissions.py
@@ -0,0 +1,71 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""update chart permissions
+
+Revision ID: f6196627326f
+Revises: 143b6f2815da
+Create Date: 2021-08-04 17:16:47.714866
+
+"""
+
+from alembic import op
+from sqlalchemy.exc import SQLAlchemyError
+from sqlalchemy.orm import Session
+
+from superset.migrations.shared.security_converge import (
+ add_pvms,
+ get_reversed_new_pvms,
+ get_reversed_pvm_map,
+ migrate_roles,
+ Pvm,
+)
+
+# revision identifiers, used by Alembic.
+revision = "f6196627326f"
+down_revision = "143b6f2815da"
+
+PVM_MAP = {
+ Pvm("Chart", "can_get_data"): (Pvm("Chart", "can_read"),),
+ Pvm("Chart", "can_post_data"): (Pvm("Chart", "can_read"),),
+}
+
+
+def upgrade():
+ bind = op.get_bind()
+ session = Session(bind=bind)
+
+ # Add the new permissions on the migration itself
+ migrate_roles(session, PVM_MAP)
+ try:
+ session.commit()
+ except SQLAlchemyError as ex:
+ print(f"An error occurred while upgrading permissions: {ex}")
+ session.rollback()
+
+
+def downgrade():
+ bind = op.get_bind()
+ session = Session(bind=bind)
+
+ # Add the old permissions on the migration itself
+ add_pvms(session, get_reversed_new_pvms(PVM_MAP))
+ migrate_roles(session, get_reversed_pvm_map(PVM_MAP))
+ try:
+ session.commit()
+ except SQLAlchemyError as ex:
+ print(f"An error occurred while downgrading permissions: {ex}")
+ session.rollback()
diff --git a/tests/integration_tests/charts/api_tests.py b/tests/integration_tests/charts/api_tests.py
index 803d81f..cbb8094 100644
--- a/tests/integration_tests/charts/api_tests.py
+++ b/tests/integration_tests/charts/api_tests.py
@@ -187,9 +187,7 @@ class TestChartApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixin):
data = json.loads(rv.data.decode("utf-8"))
assert rv.status_code == 200
assert set(data["permissions"]) == {
- "can_get_data",
"can_read",
- "can_post_data",
"can_write",
}