You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ma...@apache.org on 2019/06/05 05:37:36 UTC

[incubator-superset] branch master updated: Add Filter on DatabaseView that filters DBs Based on Role Access (#7618)

This is an automated email from the ASF dual-hosted git repository.

maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 5470d10  Add Filter on DatabaseView that filters DBs Based on Role Access (#7618)
5470d10 is described below

commit 5470d10155e28c96b54615a36464c6c4afc0a38b
Author: Derek Flionis <df...@gmail.com>
AuthorDate: Wed Jun 5 01:37:22 2019 -0400

    Add Filter on DatabaseView that filters DBs Based on Role Access (#7618)
    
    * Add Filter on DatabaseView that filters DBs Based on Role Access
    
    * Update with mistercrunch's feedback
---
 superset/security.py   | 11 ++++++-----
 superset/views/core.py |  9 +++++++++
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/superset/security.py b/superset/security.py
index 3a92a7c..5129e36 100644
--- a/superset/security.py
+++ b/superset/security.py
@@ -127,12 +127,13 @@ class SupersetSecurityManager(SecurityManager):
         return self.can_access(
             'all_datasource_access', 'all_datasource_access')
 
+    def all_database_access(self):
+        return self.can_access('all_database_access', 'all_database_access')
+
     def database_access(self, database):
-        return (
-            self.can_access(
-                'all_database_access', 'all_database_access') or
-            self.can_access('database_access', database.perm)
-        )
+        return (self.all_database_access() or
+                self.can_access('database_access', database.perm) or
+                self.all_datasource_access)
 
     def schema_access(self, datasource):
         return (
diff --git a/superset/views/core.py b/superset/views/core.py
index d8a3692..7c73116 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -152,6 +152,14 @@ class SliceFilter(SupersetFilter):
         return query.filter(self.model.perm.in_(perms))
 
 
+class DatabaseFilter(SupersetFilter):
+    def apply(self, query, func): # noqa
+        if security_manager.all_database_access():
+            return query
+        perms = self.get_view_menus('database_access')
+        return query.filter(self.model.perm.in_(perms))
+
+
 class DashboardFilter(SupersetFilter):
 
     """List dashboards for which users have access to at least one slice or are owners"""
@@ -287,6 +295,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin):  # noqa
         'allow_csv_upload': _(
             'If selected, please set the schemas allowed for csv upload in Extra.'),
     }
+    base_filters = [['id', DatabaseFilter, lambda: []]]
     label_columns = {
         'expose_in_sqllab': _('Expose in SQL Lab'),
         'allow_ctas': _('Allow CREATE TABLE AS'),