You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ma...@apache.org on 2019/06/05 05:37:36 UTC
[incubator-superset] branch master updated: Add Filter on
DatabaseView that filters DBs Based on Role Access (#7618)
This is an automated email from the ASF dual-hosted git repository.
maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new 5470d10 Add Filter on DatabaseView that filters DBs Based on Role Access (#7618)
5470d10 is described below
commit 5470d10155e28c96b54615a36464c6c4afc0a38b
Author: Derek Flionis <df...@gmail.com>
AuthorDate: Wed Jun 5 01:37:22 2019 -0400
Add Filter on DatabaseView that filters DBs Based on Role Access (#7618)
* Add Filter on DatabaseView that filters DBs Based on Role Access
* Update with mistercrunch's feedback
---
superset/security.py | 11 ++++++-----
superset/views/core.py | 9 +++++++++
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/superset/security.py b/superset/security.py
index 3a92a7c..5129e36 100644
--- a/superset/security.py
+++ b/superset/security.py
@@ -127,12 +127,13 @@ class SupersetSecurityManager(SecurityManager):
return self.can_access(
'all_datasource_access', 'all_datasource_access')
+ def all_database_access(self):
+ return self.can_access('all_database_access', 'all_database_access')
+
def database_access(self, database):
- return (
- self.can_access(
- 'all_database_access', 'all_database_access') or
- self.can_access('database_access', database.perm)
- )
+ return (self.all_database_access() or
+ self.can_access('database_access', database.perm) or
+ self.all_datasource_access)
def schema_access(self, datasource):
return (
diff --git a/superset/views/core.py b/superset/views/core.py
index d8a3692..7c73116 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -152,6 +152,14 @@ class SliceFilter(SupersetFilter):
return query.filter(self.model.perm.in_(perms))
+class DatabaseFilter(SupersetFilter):
+ def apply(self, query, func): # noqa
+ if security_manager.all_database_access():
+ return query
+ perms = self.get_view_menus('database_access')
+ return query.filter(self.model.perm.in_(perms))
+
+
class DashboardFilter(SupersetFilter):
"""List dashboards for which users have access to at least one slice or are owners"""
@@ -287,6 +295,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin): # noqa
'allow_csv_upload': _(
'If selected, please set the schemas allowed for csv upload in Extra.'),
}
+ base_filters = [['id', DatabaseFilter, lambda: []]]
label_columns = {
'expose_in_sqllab': _('Expose in SQL Lab'),
'allow_ctas': _('Allow CREATE TABLE AS'),