You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/09/23 15:29:38 UTC
[GitHub] [incubator-superset] dpgaspar opened a new pull request #11019: fix(api): unable to delete virtual dataset because of wrong permissio…
dpgaspar opened a new pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019
…n name
### SUMMARY
<!--- Describe the change below, including rationale and design decisions -->
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
<!--- Skip this if not applicable -->
### TEST PLAN
<!--- What steps should be taken to verify the changes -->
### ADDITIONAL INFORMATION
<!--- Check any relevant boxes with "x" -->
<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
- [ ] Has associated issue:
- [ ] Changes UI
- [ ] Requires DB Migration.
- [ ] Confirm DB Migration upgrade and downgrade tested.
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r494247542
##########
File path: superset/datasets/commands/delete.py
##########
@@ -46,27 +46,29 @@ def __init__(self, user: User, model_id: int):
def run(self) -> Model:
self.validate()
try:
+ dataset = DatasetDAO.delete(self._model, commit=False)
+
view_menu = (
security_manager.find_view_menu(self._model.get_perm())
if self._model
else None
)
- if not view_menu:
- logger.error(
- "Could not find the data access permission for the dataset"
+ if view_menu:
+ permission_views = (
+ db.session.query(security_manager.permissionview_model)
+ .filter_by(view_menu=view_menu)
+ .all()
)
- raise DatasetDeleteFailedError()
- permission_views = (
- db.session.query(security_manager.permissionview_model)
- .filter_by(view_menu=view_menu)
- .all()
- )
- dataset = DatasetDAO.delete(self._model, commit=False)
- for permission_view in permission_views:
- db.session.delete(permission_view)
- if view_menu:
- db.session.delete(view_menu)
+ for permission_view in permission_views:
+ db.session.delete(permission_view)
+ if view_menu:
+ db.session.delete(view_menu)
+ else:
+ if not view_menu:
+ logger.error(
+ "Could not find the data access permission for the dataset"
+ )
Review comment:
If dataset a permission does not exist, log the error and delete anyway
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] codecov-commenter commented on pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#issuecomment-698421151
# [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=h1) Report
> Merging [#11019](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=desc) into [master](https://codecov.io/gh/apache/incubator-superset/commit/ba009b7c09d49f2932fd10269882c901bc020c1d?el=desc) will **decrease** coverage by `0.08%`.
> The diff coverage is `22.05%`.
[](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #11019 +/- ##
==========================================
- Coverage 65.76% 65.67% -0.09%
==========================================
Files 816 817 +1
Lines 38381 38440 +59
Branches 3606 3606
==========================================
+ Hits 25240 25245 +5
- Misses 13033 13087 +54
Partials 108 108
```
| Flag | Coverage Δ | |
|---|---|---|
| #cypress | `56.96% <ø> (-0.04%)` | :arrow_down: |
| #javascript | `61.68% <ø> (-0.04%)` | :arrow_down: |
| #python | `61.27% <22.05%> (-0.12%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree) | Coverage Δ | |
|---|---|---|
| [...e8d654\_fix\_data\_access\_permissions\_for\_virtual\_.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvbWlncmF0aW9ucy92ZXJzaW9ucy8zZmJiYzZlOGQ2NTRfZml4X2RhdGFfYWNjZXNzX3Blcm1pc3Npb25zX2Zvcl92aXJ0dWFsXy5weQ==) | `0.00% <0.00%> (ø)` | |
| [superset/datasets/commands/delete.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGF0YXNldHMvY29tbWFuZHMvZGVsZXRlLnB5) | `93.47% <75.00%> (ø)` | |
| [superset/views/core.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvdmlld3MvY29yZS5weQ==) | `74.20% <88.88%> (+0.04%)` | :arrow_up: |
| [superset/connectors/sqla/models.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvY29ubmVjdG9ycy9zcWxhL21vZGVscy5weQ==) | `89.83% <100.00%> (ø)` | |
| [...et-frontend/src/dashboard/components/Dashboard.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2Rhc2hib2FyZC9jb21wb25lbnRzL0Rhc2hib2FyZC5qc3g=) | `84.70% <0.00%> (-4.71%)` | :arrow_down: |
| [superset-frontend/src/components/Timer.tsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2NvbXBvbmVudHMvVGltZXIudHN4) | `95.83% <0.00%> (-0.60%)` | :arrow_down: |
| [superset/charts/dao.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvY2hhcnRzL2Rhby5weQ==) | `87.17% <0.00%> (ø)` | |
| [superset/db\_engine\_specs/pinot.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL3Bpbm90LnB5) | `68.42% <0.00%> (ø)` | |
| [superset/db\_engine\_specs/postgres.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL3Bvc3RncmVzLnB5) | `100.00% <0.00%> (ø)` | |
| [superset/connectors/connector\_registry.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvY29ubmVjdG9ycy9jb25uZWN0b3JfcmVnaXN0cnkucHk=) | `84.44% <0.00%> (ø)` | |
| ... and [6 more](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree-more) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=footer). Last update [ba009b7...7a4a450](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r496523642
##########
File path: superset/migrations/versions/3fbbc6e8d654_fix_data_access_permissions_for_virtual_.py
##########
@@ -0,0 +1,227 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""fix data access permissions for virtual datasets
+
+Revision ID: 3fbbc6e8d654
+Revises: e5ef6828ac4e
+Create Date: 2020-09-24 12:04:33.827436
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "3fbbc6e8d654"
+down_revision = "e5ef6828ac4e"
+
+import re
+
+from alembic import op
+from sqlalchemy import (
+ Column,
+ ForeignKey,
+ Integer,
+ orm,
+ Sequence,
+ String,
+ Table,
+ UniqueConstraint,
+)
+from sqlalchemy.exc import SQLAlchemyError
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import backref, relationship
+
+Base = declarative_base()
+
+# Partial freeze of the current metadata db schema
+
+
+class Permission(Base):
+ __tablename__ = "ab_permission"
+ id = Column(Integer, Sequence("ab_permission_id_seq"), primary_key=True)
+ name = Column(String(100), unique=True, nullable=False)
+
+
+class ViewMenu(Base):
+ __tablename__ = "ab_view_menu"
+ id = Column(Integer, Sequence("ab_view_menu_id_seq"), primary_key=True)
+ name = Column(String(250), unique=True, nullable=False)
+
+ def __eq__(self, other):
+ return (isinstance(other, self.__class__)) and (self.name == other.name)
+
+ def __neq__(self, other):
+ return self.name != other.name
+
+
+assoc_permissionview_role = Table(
+ "ab_permission_view_role",
+ Base.metadata,
+ Column("id", Integer, Sequence("ab_permission_view_role_id_seq"), primary_key=True),
+ Column("permission_view_id", Integer, ForeignKey("ab_permission_view.id")),
+ Column("role_id", Integer, ForeignKey("ab_role.id")),
+ UniqueConstraint("permission_view_id", "role_id"),
+)
+
+
+class Role(Base):
+ __tablename__ = "ab_role"
+
+ id = Column(Integer, Sequence("ab_role_id_seq"), primary_key=True)
+ name = Column(String(64), unique=True, nullable=False)
+ permissions = relationship(
+ "PermissionView", secondary=assoc_permissionview_role, backref="role"
+ )
+
+
+class PermissionView(Base):
+ __tablename__ = "ab_permission_view"
+ __table_args__ = (UniqueConstraint("permission_id", "view_menu_id"),)
+ id = Column(Integer, Sequence("ab_permission_view_id_seq"), primary_key=True)
+ permission_id = Column(Integer, ForeignKey("ab_permission.id"))
+ permission = relationship("Permission")
+ view_menu_id = Column(Integer, ForeignKey("ab_view_menu.id"))
+ view_menu = relationship("ViewMenu")
+
+
+sqlatable_user = Table(
+ "sqlatable_user",
+ Base.metadata,
+ Column("id", Integer, primary_key=True),
+ Column("user_id", Integer, ForeignKey("ab_user.id")),
+ Column("table_id", Integer, ForeignKey("tables.id")),
+)
+
+
+class Database(Base): # pylint: disable=too-many-public-methods
+
+ """An ORM object that stores Database related information"""
+
+ __tablename__ = "dbs"
+ __table_args__ = (UniqueConstraint("database_name"),)
+
+ id = Column(Integer, primary_key=True)
+ verbose_name = Column(String(250), unique=True)
+ # short unique name, used in permissions
+ database_name = Column(String(250), unique=True, nullable=False)
+
+ def __repr__(self) -> str:
+ return self.name
+
+ @property
+ def name(self) -> str:
+ return self.verbose_name if self.verbose_name else self.database_name
+
+
+class SqlaTable(Base):
+ __tablename__ = "tables"
+ __table_args__ = (UniqueConstraint("database_id", "table_name"),)
+
+ # Base columns from Basedatasource
+ id = Column(Integer, primary_key=True)
+ table_name = Column(String(250), nullable=False)
+ database_id = Column(Integer, ForeignKey("dbs.id"), nullable=False)
+ database = relationship(
+ "Database",
+ backref=backref("tables", cascade="all, delete-orphan"),
+ foreign_keys=[database_id],
+ )
+
+ def get_perm(self) -> str:
+ return f"[{self.database}].[{self.table_name}](id:{self.id})"
+
+
+def upgrade():
+ """
+ Previous sqla_viz behaviour when creating a virtual dataset was faulty
+ by creating an associated data access permission with [None] on the database name.
+
+ This migration revision, fixes all faulty permissions that may exist on the db
+ Only fixes permissions that still have an associated dataset (fetch by id)
+ and replaces them with the current (correct) permission name
+ """
+
+ bind = op.get_bind()
+ session = orm.Session(bind=bind)
+
+ faulty_view_menus = (
+ session.query(ViewMenu)
+ .join(PermissionView)
+ .join(Permission)
+ .filter(ViewMenu.name.ilike("[None].[%](id:%)"))
+ .filter(Permission.name == "datasource_access")
+ .all()
+ )
+ orphaned_faulty_view_menus = []
+ for faulty_view_menu in faulty_view_menus:
+ # Get the dataset id from the view_menu name
+ match_ds_id = re.match("\[None\]\.\[.*\]\(id:(.*)\)", faulty_view_menu.name)
+ if match_ds_id:
+ try:
+ dataset_id = int(match_ds_id.group(1))
+ except ValueError:
+ continue
+ dataset = session.query(SqlaTable).get(dataset_id)
Review comment:
No reason, just being extra cautious, I don't know what could get picked up on everyones metadata. So if a regex match succeeds, I'm not assuming the id is actually an `int` and if it is not don't crash, discard and continue
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r494488760
##########
File path: superset/migrations/versions/3fbbc6e8d654_fix_data_access_permissions_for_virtual_.py
##########
@@ -0,0 +1,124 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""fix data access permissions for virtual datasets
+
+Revision ID: 3fbbc6e8d654
+Revises: e5ef6828ac4e
+Create Date: 2020-09-24 12:04:33.827436
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "3fbbc6e8d654"
+down_revision = "e5ef6828ac4e"
+
+import re
+
+from alembic import op
+from sqlalchemy import orm
+from sqlalchemy.exc import SQLAlchemyError
+
+
+def upgrade():
+ """
+ Previous sqla_viz behaviour when creating a virtual dataset was faulty
+ by creating an associated data access permission with [None] on the database name.
+
+ This migration revision, fixes all faulty permissions that may exist on the db
+ Only fixes permissions that still have an associated dataset (fetch by id)
+ and replaces them with the current (correct) permission name
+ """
+ from flask_appbuilder.security.sqla.models import (
+ ViewMenu,
Review comment:
Good point, I'll probably go for the model copy
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r494247542
##########
File path: superset/datasets/commands/delete.py
##########
@@ -46,27 +46,29 @@ def __init__(self, user: User, model_id: int):
def run(self) -> Model:
self.validate()
try:
+ dataset = DatasetDAO.delete(self._model, commit=False)
+
view_menu = (
security_manager.find_view_menu(self._model.get_perm())
if self._model
else None
)
- if not view_menu:
- logger.error(
- "Could not find the data access permission for the dataset"
+ if view_menu:
+ permission_views = (
+ db.session.query(security_manager.permissionview_model)
+ .filter_by(view_menu=view_menu)
+ .all()
)
- raise DatasetDeleteFailedError()
- permission_views = (
- db.session.query(security_manager.permissionview_model)
- .filter_by(view_menu=view_menu)
- .all()
- )
- dataset = DatasetDAO.delete(self._model, commit=False)
- for permission_view in permission_views:
- db.session.delete(permission_view)
- if view_menu:
- db.session.delete(view_menu)
+ for permission_view in permission_views:
+ db.session.delete(permission_view)
+ if view_menu:
+ db.session.delete(view_menu)
+ else:
+ if not view_menu:
+ logger.error(
+ "Could not find the data access permission for the dataset"
+ )
Review comment:
If a dataset permission does not exist, log the error and delete anyway
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r496544018
##########
File path: superset/migrations/versions/3fbbc6e8d654_fix_data_access_permissions_for_virtual_.py
##########
@@ -0,0 +1,227 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""fix data access permissions for virtual datasets
+
+Revision ID: 3fbbc6e8d654
+Revises: e5ef6828ac4e
+Create Date: 2020-09-24 12:04:33.827436
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "3fbbc6e8d654"
+down_revision = "e5ef6828ac4e"
+
+import re
+
+from alembic import op
+from sqlalchemy import (
+ Column,
+ ForeignKey,
+ Integer,
+ orm,
+ Sequence,
+ String,
+ Table,
+ UniqueConstraint,
+)
+from sqlalchemy.exc import SQLAlchemyError
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import backref, relationship
+
+Base = declarative_base()
+
+# Partial freeze of the current metadata db schema
+
+
+class Permission(Base):
+ __tablename__ = "ab_permission"
+ id = Column(Integer, Sequence("ab_permission_id_seq"), primary_key=True)
+ name = Column(String(100), unique=True, nullable=False)
+
+
+class ViewMenu(Base):
+ __tablename__ = "ab_view_menu"
+ id = Column(Integer, Sequence("ab_view_menu_id_seq"), primary_key=True)
+ name = Column(String(250), unique=True, nullable=False)
+
+ def __eq__(self, other):
+ return (isinstance(other, self.__class__)) and (self.name == other.name)
+
+ def __neq__(self, other):
+ return self.name != other.name
+
+
+assoc_permissionview_role = Table(
+ "ab_permission_view_role",
+ Base.metadata,
+ Column("id", Integer, Sequence("ab_permission_view_role_id_seq"), primary_key=True),
+ Column("permission_view_id", Integer, ForeignKey("ab_permission_view.id")),
+ Column("role_id", Integer, ForeignKey("ab_role.id")),
+ UniqueConstraint("permission_view_id", "role_id"),
+)
+
+
+class Role(Base):
+ __tablename__ = "ab_role"
+
+ id = Column(Integer, Sequence("ab_role_id_seq"), primary_key=True)
+ name = Column(String(64), unique=True, nullable=False)
+ permissions = relationship(
+ "PermissionView", secondary=assoc_permissionview_role, backref="role"
+ )
+
+
+class PermissionView(Base):
+ __tablename__ = "ab_permission_view"
+ __table_args__ = (UniqueConstraint("permission_id", "view_menu_id"),)
+ id = Column(Integer, Sequence("ab_permission_view_id_seq"), primary_key=True)
+ permission_id = Column(Integer, ForeignKey("ab_permission.id"))
+ permission = relationship("Permission")
+ view_menu_id = Column(Integer, ForeignKey("ab_view_menu.id"))
+ view_menu = relationship("ViewMenu")
+
+
+sqlatable_user = Table(
+ "sqlatable_user",
+ Base.metadata,
+ Column("id", Integer, primary_key=True),
+ Column("user_id", Integer, ForeignKey("ab_user.id")),
+ Column("table_id", Integer, ForeignKey("tables.id")),
+)
+
+
+class Database(Base): # pylint: disable=too-many-public-methods
+
+ """An ORM object that stores Database related information"""
+
+ __tablename__ = "dbs"
+ __table_args__ = (UniqueConstraint("database_name"),)
+
+ id = Column(Integer, primary_key=True)
+ verbose_name = Column(String(250), unique=True)
+ # short unique name, used in permissions
+ database_name = Column(String(250), unique=True, nullable=False)
+
+ def __repr__(self) -> str:
+ return self.name
+
+ @property
+ def name(self) -> str:
+ return self.verbose_name if self.verbose_name else self.database_name
+
+
+class SqlaTable(Base):
+ __tablename__ = "tables"
+ __table_args__ = (UniqueConstraint("database_id", "table_name"),)
+
+ # Base columns from Basedatasource
+ id = Column(Integer, primary_key=True)
+ table_name = Column(String(250), nullable=False)
+ database_id = Column(Integer, ForeignKey("dbs.id"), nullable=False)
+ database = relationship(
+ "Database",
+ backref=backref("tables", cascade="all, delete-orphan"),
+ foreign_keys=[database_id],
+ )
+
+ def get_perm(self) -> str:
+ return f"[{self.database}].[{self.table_name}](id:{self.id})"
+
+
+def upgrade():
+ """
+ Previous sqla_viz behaviour when creating a virtual dataset was faulty
+ by creating an associated data access permission with [None] on the database name.
+
+ This migration revision, fixes all faulty permissions that may exist on the db
+ Only fixes permissions that still have an associated dataset (fetch by id)
+ and replaces them with the current (correct) permission name
+ """
+
+ bind = op.get_bind()
+ session = orm.Session(bind=bind)
+
+ faulty_view_menus = (
+ session.query(ViewMenu)
+ .join(PermissionView)
+ .join(Permission)
+ .filter(ViewMenu.name.ilike("[None].[%](id:%)"))
+ .filter(Permission.name == "datasource_access")
+ .all()
+ )
+ orphaned_faulty_view_menus = []
+ for faulty_view_menu in faulty_view_menus:
+ # Get the dataset id from the view_menu name
+ match_ds_id = re.match("\[None\]\.\[.*\]\(id:(.*)\)", faulty_view_menu.name)
+ if match_ds_id:
+ try:
+ dataset_id = int(match_ds_id.group(1))
+ except ValueError:
+ continue
+ dataset = session.query(SqlaTable).get(dataset_id)
Review comment:
Sorry just noticed the `(\d+)` now, yes your suggestion makes total sense
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] codecov-commenter edited a comment on pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
codecov-commenter edited a comment on pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#issuecomment-698421151
# [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=h1) Report
> Merging [#11019](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=desc) into [master](https://codecov.io/gh/apache/incubator-superset/commit/ba009b7c09d49f2932fd10269882c901bc020c1d?el=desc) will **decrease** coverage by `4.40%`.
> The diff coverage is `12.17%`.
[](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #11019 +/- ##
==========================================
- Coverage 65.76% 61.35% -4.41%
==========================================
Files 816 817 +1
Lines 38381 38523 +142
Branches 3606 3621 +15
==========================================
- Hits 25240 23637 -1603
- Misses 13033 14700 +1667
- Partials 108 186 +78
```
| Flag | Coverage Δ | |
|---|---|---|
| #cypress | `?` | |
| #javascript | `61.77% <ø> (+0.05%)` | :arrow_up: |
| #python | `61.11% <12.17%> (-0.27%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree) | Coverage Δ | |
|---|---|---|
| [...e8d654\_fix\_data\_access\_permissions\_for\_virtual\_.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvbWlncmF0aW9ucy92ZXJzaW9ucy8zZmJiYzZlOGQ2NTRfZml4X2RhdGFfYWNjZXNzX3Blcm1pc3Npb25zX2Zvcl92aXJ0dWFsXy5weQ==) | `0.00% <0.00%> (ø)` | |
| [superset/datasets/commands/delete.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGF0YXNldHMvY29tbWFuZHMvZGVsZXRlLnB5) | `93.47% <75.00%> (ø)` | |
| [superset/views/core.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvdmlld3MvY29yZS5weQ==) | `73.96% <88.88%> (-0.20%)` | :arrow_down: |
| [superset-frontend/src/SqlLab/App.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL1NxbExhYi9BcHAuanN4) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/explore/App.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2V4cGxvcmUvQXBwLmpzeA==) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/dashboard/App.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2Rhc2hib2FyZC9BcHAuanN4) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/explore/index.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2V4cGxvcmUvaW5kZXguanN4) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/dashboard/index.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2Rhc2hib2FyZC9pbmRleC5qc3g=) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/setup/setupColors.js](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL3NldHVwL3NldHVwQ29sb3JzLmpz) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/chart/ChartContainer.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2NoYXJ0L0NoYXJ0Q29udGFpbmVyLmpzeA==) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| ... and [195 more](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree-more) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=footer). Last update [ba009b7...61fd2de](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] craig-rueda commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
craig-rueda commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r494429866
##########
File path: superset/migrations/versions/3fbbc6e8d654_fix_data_access_permissions_for_virtual_.py
##########
@@ -0,0 +1,124 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""fix data access permissions for virtual datasets
+
+Revision ID: 3fbbc6e8d654
+Revises: e5ef6828ac4e
+Create Date: 2020-09-24 12:04:33.827436
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "3fbbc6e8d654"
+down_revision = "e5ef6828ac4e"
+
+import re
+
+from alembic import op
+from sqlalchemy import orm
+from sqlalchemy.exc import SQLAlchemyError
+
+
+def upgrade():
+ """
+ Previous sqla_viz behaviour when creating a virtual dataset was faulty
+ by creating an associated data access permission with [None] on the database name.
+
+ This migration revision, fixes all faulty permissions that may exist on the db
+ Only fixes permissions that still have an associated dataset (fetch by id)
+ and replaces them with the current (correct) permission name
+ """
+ from flask_appbuilder.security.sqla.models import (
+ ViewMenu,
Review comment:
Should we be referencing concrete model classes in migrations? This migration will likely fail to run in the future should any of their structure change. Ideally, partial impl's, or copies should be defined directly in the migration in order to avoid such a situation. The other option is to roll all of these migrations up into a subset of what we currently have.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] codecov-commenter commented on pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#issuecomment-698421151
# [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=h1) Report
> Merging [#11019](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=desc) into [master](https://codecov.io/gh/apache/incubator-superset/commit/ba009b7c09d49f2932fd10269882c901bc020c1d?el=desc) will **decrease** coverage by `0.08%`.
> The diff coverage is `22.05%`.
[](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #11019 +/- ##
==========================================
- Coverage 65.76% 65.67% -0.09%
==========================================
Files 816 817 +1
Lines 38381 38440 +59
Branches 3606 3606
==========================================
+ Hits 25240 25245 +5
- Misses 13033 13087 +54
Partials 108 108
```
| Flag | Coverage Δ | |
|---|---|---|
| #cypress | `56.96% <ø> (-0.04%)` | :arrow_down: |
| #javascript | `61.68% <ø> (-0.04%)` | :arrow_down: |
| #python | `61.27% <22.05%> (-0.12%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree) | Coverage Δ | |
|---|---|---|
| [...e8d654\_fix\_data\_access\_permissions\_for\_virtual\_.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvbWlncmF0aW9ucy92ZXJzaW9ucy8zZmJiYzZlOGQ2NTRfZml4X2RhdGFfYWNjZXNzX3Blcm1pc3Npb25zX2Zvcl92aXJ0dWFsXy5weQ==) | `0.00% <0.00%> (ø)` | |
| [superset/datasets/commands/delete.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGF0YXNldHMvY29tbWFuZHMvZGVsZXRlLnB5) | `93.47% <75.00%> (ø)` | |
| [superset/views/core.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvdmlld3MvY29yZS5weQ==) | `74.20% <88.88%> (+0.04%)` | :arrow_up: |
| [superset/connectors/sqla/models.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvY29ubmVjdG9ycy9zcWxhL21vZGVscy5weQ==) | `89.83% <100.00%> (ø)` | |
| [...et-frontend/src/dashboard/components/Dashboard.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2Rhc2hib2FyZC9jb21wb25lbnRzL0Rhc2hib2FyZC5qc3g=) | `84.70% <0.00%> (-4.71%)` | :arrow_down: |
| [superset-frontend/src/components/Timer.tsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2NvbXBvbmVudHMvVGltZXIudHN4) | `95.83% <0.00%> (-0.60%)` | :arrow_down: |
| [superset/charts/dao.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvY2hhcnRzL2Rhby5weQ==) | `87.17% <0.00%> (ø)` | |
| [superset/db\_engine\_specs/pinot.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL3Bpbm90LnB5) | `68.42% <0.00%> (ø)` | |
| [superset/db\_engine\_specs/postgres.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL3Bvc3RncmVzLnB5) | `100.00% <0.00%> (ø)` | |
| [superset/connectors/connector\_registry.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvY29ubmVjdG9ycy9jb25uZWN0b3JfcmVnaXN0cnkucHk=) | `84.44% <0.00%> (ø)` | |
| ... and [6 more](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree-more) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=footer). Last update [ba009b7...7a4a450](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar merged pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
dpgaspar merged pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] codecov-commenter edited a comment on pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
codecov-commenter edited a comment on pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#issuecomment-698421151
# [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=h1) Report
> Merging [#11019](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=desc) into [master](https://codecov.io/gh/apache/incubator-superset/commit/ba009b7c09d49f2932fd10269882c901bc020c1d?el=desc) will **decrease** coverage by `4.40%`.
> The diff coverage is `12.17%`.
[](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree)
```diff
@@ Coverage Diff @@
## master #11019 +/- ##
==========================================
- Coverage 65.76% 61.35% -4.41%
==========================================
Files 816 817 +1
Lines 38381 38523 +142
Branches 3606 3621 +15
==========================================
- Hits 25240 23637 -1603
- Misses 13033 14700 +1667
- Partials 108 186 +78
```
| Flag | Coverage Δ | |
|---|---|---|
| #cypress | `?` | |
| #javascript | `61.77% <ø> (+0.05%)` | :arrow_up: |
| #python | `61.11% <12.17%> (-0.27%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=tree) | Coverage Δ | |
|---|---|---|
| [...e8d654\_fix\_data\_access\_permissions\_for\_virtual\_.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvbWlncmF0aW9ucy92ZXJzaW9ucy8zZmJiYzZlOGQ2NTRfZml4X2RhdGFfYWNjZXNzX3Blcm1pc3Npb25zX2Zvcl92aXJ0dWFsXy5weQ==) | `0.00% <0.00%> (ø)` | |
| [superset/datasets/commands/delete.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvZGF0YXNldHMvY29tbWFuZHMvZGVsZXRlLnB5) | `93.47% <75.00%> (ø)` | |
| [superset/views/core.py](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQvdmlld3MvY29yZS5weQ==) | `73.96% <88.88%> (-0.20%)` | :arrow_down: |
| [superset-frontend/src/SqlLab/App.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL1NxbExhYi9BcHAuanN4) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/explore/App.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2V4cGxvcmUvQXBwLmpzeA==) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/dashboard/App.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2Rhc2hib2FyZC9BcHAuanN4) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/explore/index.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2V4cGxvcmUvaW5kZXguanN4) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/dashboard/index.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2Rhc2hib2FyZC9pbmRleC5qc3g=) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/setup/setupColors.js](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL3NldHVwL3NldHVwQ29sb3JzLmpz) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [superset-frontend/src/chart/ChartContainer.jsx](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree#diff-c3VwZXJzZXQtZnJvbnRlbmQvc3JjL2NoYXJ0L0NoYXJ0Q29udGFpbmVyLmpzeA==) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| ... and [195 more](https://codecov.io/gh/apache/incubator-superset/pull/11019/diff?src=pr&el=tree-more) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=continue).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=footer). Last update [ba009b7...61fd2de](https://codecov.io/gh/apache/incubator-superset/pull/11019?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] craig-rueda commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
craig-rueda commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r494429866
##########
File path: superset/migrations/versions/3fbbc6e8d654_fix_data_access_permissions_for_virtual_.py
##########
@@ -0,0 +1,124 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""fix data access permissions for virtual datasets
+
+Revision ID: 3fbbc6e8d654
+Revises: e5ef6828ac4e
+Create Date: 2020-09-24 12:04:33.827436
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "3fbbc6e8d654"
+down_revision = "e5ef6828ac4e"
+
+import re
+
+from alembic import op
+from sqlalchemy import orm
+from sqlalchemy.exc import SQLAlchemyError
+
+
+def upgrade():
+ """
+ Previous sqla_viz behaviour when creating a virtual dataset was faulty
+ by creating an associated data access permission with [None] on the database name.
+
+ This migration revision, fixes all faulty permissions that may exist on the db
+ Only fixes permissions that still have an associated dataset (fetch by id)
+ and replaces them with the current (correct) permission name
+ """
+ from flask_appbuilder.security.sqla.models import (
+ ViewMenu,
Review comment:
Should we be referencing concrete model classes in migrations? This migration will likely fail to run in the future should any of their structure change. Ideally, partial impl's, or copies should be defined directly in the migration in order to avoid such a situation. The other option is to roll all of these migrations up into a subset of what we currently have.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] villebro commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
villebro commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r496504173
##########
File path: superset/migrations/versions/3fbbc6e8d654_fix_data_access_permissions_for_virtual_.py
##########
@@ -0,0 +1,227 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""fix data access permissions for virtual datasets
+
+Revision ID: 3fbbc6e8d654
+Revises: e5ef6828ac4e
+Create Date: 2020-09-24 12:04:33.827436
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "3fbbc6e8d654"
+down_revision = "e5ef6828ac4e"
+
+import re
+
+from alembic import op
+from sqlalchemy import (
+ Column,
+ ForeignKey,
+ Integer,
+ orm,
+ Sequence,
+ String,
+ Table,
+ UniqueConstraint,
+)
+from sqlalchemy.exc import SQLAlchemyError
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import backref, relationship
+
+Base = declarative_base()
+
+# Partial freeze of the current metadata db schema
+
+
+class Permission(Base):
+ __tablename__ = "ab_permission"
+ id = Column(Integer, Sequence("ab_permission_id_seq"), primary_key=True)
+ name = Column(String(100), unique=True, nullable=False)
+
+
+class ViewMenu(Base):
+ __tablename__ = "ab_view_menu"
+ id = Column(Integer, Sequence("ab_view_menu_id_seq"), primary_key=True)
+ name = Column(String(250), unique=True, nullable=False)
+
+ def __eq__(self, other):
+ return (isinstance(other, self.__class__)) and (self.name == other.name)
+
+ def __neq__(self, other):
+ return self.name != other.name
+
+
+assoc_permissionview_role = Table(
+ "ab_permission_view_role",
+ Base.metadata,
+ Column("id", Integer, Sequence("ab_permission_view_role_id_seq"), primary_key=True),
+ Column("permission_view_id", Integer, ForeignKey("ab_permission_view.id")),
+ Column("role_id", Integer, ForeignKey("ab_role.id")),
+ UniqueConstraint("permission_view_id", "role_id"),
+)
+
+
+class Role(Base):
+ __tablename__ = "ab_role"
+
+ id = Column(Integer, Sequence("ab_role_id_seq"), primary_key=True)
+ name = Column(String(64), unique=True, nullable=False)
+ permissions = relationship(
+ "PermissionView", secondary=assoc_permissionview_role, backref="role"
+ )
+
+
+class PermissionView(Base):
+ __tablename__ = "ab_permission_view"
+ __table_args__ = (UniqueConstraint("permission_id", "view_menu_id"),)
+ id = Column(Integer, Sequence("ab_permission_view_id_seq"), primary_key=True)
+ permission_id = Column(Integer, ForeignKey("ab_permission.id"))
+ permission = relationship("Permission")
+ view_menu_id = Column(Integer, ForeignKey("ab_view_menu.id"))
+ view_menu = relationship("ViewMenu")
+
+
+sqlatable_user = Table(
+ "sqlatable_user",
+ Base.metadata,
+ Column("id", Integer, primary_key=True),
+ Column("user_id", Integer, ForeignKey("ab_user.id")),
+ Column("table_id", Integer, ForeignKey("tables.id")),
+)
+
+
+class Database(Base): # pylint: disable=too-many-public-methods
+
+ """An ORM object that stores Database related information"""
+
+ __tablename__ = "dbs"
+ __table_args__ = (UniqueConstraint("database_name"),)
+
+ id = Column(Integer, primary_key=True)
+ verbose_name = Column(String(250), unique=True)
+ # short unique name, used in permissions
+ database_name = Column(String(250), unique=True, nullable=False)
+
+ def __repr__(self) -> str:
+ return self.name
+
+ @property
+ def name(self) -> str:
+ return self.verbose_name if self.verbose_name else self.database_name
+
+
+class SqlaTable(Base):
+ __tablename__ = "tables"
+ __table_args__ = (UniqueConstraint("database_id", "table_name"),)
+
+ # Base columns from Basedatasource
+ id = Column(Integer, primary_key=True)
+ table_name = Column(String(250), nullable=False)
+ database_id = Column(Integer, ForeignKey("dbs.id"), nullable=False)
+ database = relationship(
+ "Database",
+ backref=backref("tables", cascade="all, delete-orphan"),
+ foreign_keys=[database_id],
+ )
+
+ def get_perm(self) -> str:
+ return f"[{self.database}].[{self.table_name}](id:{self.id})"
+
+
+def upgrade():
+ """
+ Previous sqla_viz behaviour when creating a virtual dataset was faulty
+ by creating an associated data access permission with [None] on the database name.
+
+ This migration revision, fixes all faulty permissions that may exist on the db
+ Only fixes permissions that still have an associated dataset (fetch by id)
+ and replaces them with the current (correct) permission name
+ """
+
+ bind = op.get_bind()
+ session = orm.Session(bind=bind)
+
+ faulty_view_menus = (
+ session.query(ViewMenu)
+ .join(PermissionView)
+ .join(Permission)
+ .filter(ViewMenu.name.ilike("[None].[%](id:%)"))
+ .filter(Permission.name == "datasource_access")
+ .all()
+ )
+ orphaned_faulty_view_menus = []
+ for faulty_view_menu in faulty_view_menus:
+ # Get the dataset id from the view_menu name
+ match_ds_id = re.match("\[None\]\.\[.*\]\(id:(.*)\)", faulty_view_menu.name)
+ if match_ds_id:
+ try:
+ dataset_id = int(match_ds_id.group(1))
+ except ValueError:
+ continue
+ dataset = session.query(SqlaTable).get(dataset_id)
Review comment:
Is there some reason we want to pick up `dataset_id`s that are potentially `None` or non-numeric? Would this work?
```suggestion
match_ds_id = re.match("\[None\]\.\[.*\]\(id:(\d+)\)", faulty_view_menu.name)
if match_ds_id:
dataset_id = int(match_ds_id.group(1))
dataset = session.query(SqlaTable).get(dataset_id)
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar commented on a change in pull request #11019: fix(api): unable to delete virtual dataset, wrong permission name
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on a change in pull request #11019:
URL: https://github.com/apache/incubator-superset/pull/11019#discussion_r494247542
##########
File path: superset/datasets/commands/delete.py
##########
@@ -46,27 +46,29 @@ def __init__(self, user: User, model_id: int):
def run(self) -> Model:
self.validate()
try:
+ dataset = DatasetDAO.delete(self._model, commit=False)
+
view_menu = (
security_manager.find_view_menu(self._model.get_perm())
if self._model
else None
)
- if not view_menu:
- logger.error(
- "Could not find the data access permission for the dataset"
+ if view_menu:
+ permission_views = (
+ db.session.query(security_manager.permissionview_model)
+ .filter_by(view_menu=view_menu)
+ .all()
)
- raise DatasetDeleteFailedError()
- permission_views = (
- db.session.query(security_manager.permissionview_model)
- .filter_by(view_menu=view_menu)
- .all()
- )
- dataset = DatasetDAO.delete(self._model, commit=False)
- for permission_view in permission_views:
- db.session.delete(permission_view)
- if view_menu:
- db.session.delete(view_menu)
+ for permission_view in permission_views:
+ db.session.delete(permission_view)
+ if view_menu:
+ db.session.delete(view_menu)
+ else:
+ if not view_menu:
+ logger.error(
+ "Could not find the data access permission for the dataset"
+ )
Review comment:
If dataset a permission does not exist, log the error and delete anyway
##########
File path: superset/datasets/commands/delete.py
##########
@@ -46,27 +46,29 @@ def __init__(self, user: User, model_id: int):
def run(self) -> Model:
self.validate()
try:
+ dataset = DatasetDAO.delete(self._model, commit=False)
+
view_menu = (
security_manager.find_view_menu(self._model.get_perm())
if self._model
else None
)
- if not view_menu:
- logger.error(
- "Could not find the data access permission for the dataset"
+ if view_menu:
+ permission_views = (
+ db.session.query(security_manager.permissionview_model)
+ .filter_by(view_menu=view_menu)
+ .all()
)
- raise DatasetDeleteFailedError()
- permission_views = (
- db.session.query(security_manager.permissionview_model)
- .filter_by(view_menu=view_menu)
- .all()
- )
- dataset = DatasetDAO.delete(self._model, commit=False)
- for permission_view in permission_views:
- db.session.delete(permission_view)
- if view_menu:
- db.session.delete(view_menu)
+ for permission_view in permission_views:
+ db.session.delete(permission_view)
+ if view_menu:
+ db.session.delete(view_menu)
+ else:
+ if not view_menu:
+ logger.error(
+ "Could not find the data access permission for the dataset"
+ )
Review comment:
If a dataset permission does not exist, log the error and delete anyway
##########
File path: superset/migrations/versions/3fbbc6e8d654_fix_data_access_permissions_for_virtual_.py
##########
@@ -0,0 +1,124 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""fix data access permissions for virtual datasets
+
+Revision ID: 3fbbc6e8d654
+Revises: e5ef6828ac4e
+Create Date: 2020-09-24 12:04:33.827436
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "3fbbc6e8d654"
+down_revision = "e5ef6828ac4e"
+
+import re
+
+from alembic import op
+from sqlalchemy import orm
+from sqlalchemy.exc import SQLAlchemyError
+
+
+def upgrade():
+ """
+ Previous sqla_viz behaviour when creating a virtual dataset was faulty
+ by creating an associated data access permission with [None] on the database name.
+
+ This migration revision, fixes all faulty permissions that may exist on the db
+ Only fixes permissions that still have an associated dataset (fetch by id)
+ and replaces them with the current (correct) permission name
+ """
+ from flask_appbuilder.security.sqla.models import (
+ ViewMenu,
Review comment:
Good point, I'll probably go for the model copy
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org