You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by jo...@apache.org on 2018/08/22 18:15:26 UTC
[incubator-superset] branch master updated: [security] Moving
set/merge perm to security manager (#5684)
This is an automated email from the ASF dual-hosted git repository.
johnbodley pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new 8992755 [security] Moving set/merge perm to security manager (#5684)
8992755 is described below
commit 89927558e85cd121b46818cb2f38d3a2e61e25d6
Author: John Bodley <45...@users.noreply.github.com>
AuthorDate: Wed Aug 22 11:15:22 2018 -0700
[security] Moving set/merge perm to security manager (#5684)
---
superset/connectors/druid/models.py | 6 ++---
superset/connectors/sqla/models.py | 5 ++--
superset/models/core.py | 6 ++---
superset/models/helpers.py | 51 -------------------------------------
superset/security.py | 44 ++++++++++++++++++++++++++++++++
5 files changed, 52 insertions(+), 60 deletions(-)
diff --git a/superset/connectors/druid/models.py b/superset/connectors/druid/models.py
index 824d7c9..7bb6a5e 100644
--- a/superset/connectors/druid/models.py
+++ b/superset/connectors/druid/models.py
@@ -41,7 +41,7 @@ from superset import conf, db, import_util, security_manager, utils
from superset.connectors.base.models import BaseColumn, BaseDatasource, BaseMetric
from superset.exceptions import MetricPermException, SupersetException
from superset.models.helpers import (
- AuditMixinNullable, ImportMixin, QueryResult, set_perm,
+ AuditMixinNullable, ImportMixin, QueryResult,
)
from superset.utils import (
DimSelector, DTTM_ALIAS, flasher,
@@ -1601,5 +1601,5 @@ class DruidDatasource(Model, BaseDatasource):
]
-sa.event.listen(DruidDatasource, 'after_insert', set_perm)
-sa.event.listen(DruidDatasource, 'after_update', set_perm)
+sa.event.listen(DruidDatasource, 'after_insert', security_manager.set_perm)
+sa.event.listen(DruidDatasource, 'after_update', security_manager.set_perm)
diff --git a/superset/connectors/sqla/models.py b/superset/connectors/sqla/models.py
index 648bff4..44a2cfb 100644
--- a/superset/connectors/sqla/models.py
+++ b/superset/connectors/sqla/models.py
@@ -29,7 +29,6 @@ from superset.jinja_context import get_template_processor
from superset.models.annotations import Annotation
from superset.models.core import Database
from superset.models.helpers import QueryResult
-from superset.models.helpers import set_perm
from superset.utils import DTTM_ALIAS, QueryStatus
config = app.config
@@ -892,5 +891,5 @@ class SqlaTable(Model, BaseDatasource):
return qry.filter_by(is_sqllab_view=False)
-sa.event.listen(SqlaTable, 'after_insert', set_perm)
-sa.event.listen(SqlaTable, 'after_update', set_perm)
+sa.event.listen(SqlaTable, 'after_insert', security_manager.set_perm)
+sa.event.listen(SqlaTable, 'after_update', security_manager.set_perm)
diff --git a/superset/models/core.py b/superset/models/core.py
index 50f657c..9d9674c 100644
--- a/superset/models/core.py
+++ b/superset/models/core.py
@@ -39,7 +39,7 @@ import sqlparse
from superset import app, db, db_engine_specs, security_manager, utils
from superset.connectors.connector_registry import ConnectorRegistry
from superset.legacy import update_time_range
-from superset.models.helpers import AuditMixinNullable, ImportMixin, set_perm
+from superset.models.helpers import AuditMixinNullable, ImportMixin
from superset.models.user_attributes import UserAttribute
from superset.utils import MediumText
from superset.viz import viz_types
@@ -959,8 +959,8 @@ class Database(Model, AuditMixinNullable, ImportMixin):
return sqla_url.get_dialect()()
-sqla.event.listen(Database, 'after_insert', set_perm)
-sqla.event.listen(Database, 'after_update', set_perm)
+sqla.event.listen(Database, 'after_insert', security_manager.set_perm)
+sqla.event.listen(Database, 'after_update', security_manager.set_perm)
class Log(Model):
diff --git a/superset/models/helpers.py b/superset/models/helpers.py
index 113ec39..417a447 100644
--- a/superset/models/helpers.py
+++ b/superset/models/helpers.py
@@ -21,7 +21,6 @@ from sqlalchemy.ext.declarative import declared_attr
from sqlalchemy.orm.exc import MultipleResultsFound
import yaml
-from superset import security_manager
from superset.utils import QueryStatus
@@ -312,53 +311,3 @@ class QueryResult(object):
self.duration = duration
self.status = status
self.error_message = error_message
-
-
-def merge_perm(sm, permission_name, view_menu_name, connection):
-
- permission = sm.find_permission(permission_name)
- view_menu = sm.find_view_menu(view_menu_name)
- pv = None
-
- if not permission:
- permission_table = sm.permission_model.__table__
- connection.execute(
- permission_table.insert()
- .values(name=permission_name),
- )
- if not view_menu:
- view_menu_table = sm.viewmenu_model.__table__
- connection.execute(
- view_menu_table.insert()
- .values(name=view_menu_name),
- )
-
- permission = sm.find_permission(permission_name)
- view_menu = sm.find_view_menu(view_menu_name)
-
- if permission and view_menu:
- pv = sm.get_session.query(sm.permissionview_model).filter_by(
- permission=permission, view_menu=view_menu).first()
- if not pv and permission and view_menu:
- permission_view_table = sm.permissionview_model.__table__
- connection.execute(
- permission_view_table.insert()
- .values(
- permission_id=permission.id,
- view_menu_id=view_menu.id,
- ),
- )
-
-
-def set_perm(mapper, connection, target): # noqa
-
- if target.perm != target.get_perm():
- link_table = target.__table__
- connection.execute(
- link_table.update()
- .where(link_table.c.id == target.id)
- .values(perm=target.get_perm()),
- )
-
- # add to view menu if not already exists
- merge_perm(security_manager, 'datasource_access', target.get_perm(), connection)
diff --git a/superset/security.py b/superset/security.py
index 0bfca36..8ea8c04 100644
--- a/superset/security.py
+++ b/superset/security.py
@@ -383,3 +383,47 @@ class SupersetSecurityManager(SecurityManager):
return pvm.permission.name in {
'can_override_role_permissions', 'can_approve',
}
+
+ def set_perm(self, mapper, connection, target): # noqa
+ if target.perm != target.get_perm():
+ link_table = target.__table__
+ connection.execute(
+ link_table.update()
+ .where(link_table.c.id == target.id)
+ .values(perm=target.get_perm()),
+ )
+
+ # add to view menu if not already exists
+ permission_name = 'datasource_access'
+ view_menu_name = target.get_perm()
+ permission = self.find_permission(permission_name)
+ view_menu = self.find_view_menu(view_menu_name)
+ pv = None
+
+ if not permission:
+ permission_table = self.permission_model.__table__ # noqa: E501 pylint: disable=no-member
+ connection.execute(
+ permission_table.insert()
+ .values(name=permission_name),
+ )
+ permission = self.find_permission(permission_name)
+ if not view_menu:
+ view_menu_table = self.viewmenu_model.__table__ # pylint: disable=no-member
+ connection.execute(
+ view_menu_table.insert()
+ .values(name=view_menu_name),
+ )
+ view_menu = self.find_view_menu(view_menu_name)
+
+ if permission and view_menu:
+ pv = self.get_session.query(self.permissionview_model).filter_by(
+ permission=permission, view_menu=view_menu).first()
+ if not pv and permission and view_menu:
+ permission_view_table = self.permissionview_model.__table__ # noqa: E501 pylint: disable=no-member
+ connection.execute(
+ permission_view_table.insert()
+ .values(
+ permission_id=permission.id,
+ view_menu_id=view_menu.id,
+ ),
+ )