You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by el...@apache.org on 2023/06/14 15:51:58 UTC
[superset] 08/18: fix: db validate parameters permission (#24185)
This is an automated email from the ASF dual-hosted git repository.
elizabeth pushed a commit to tag 2.1.1rc1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit e804489a89b928e387af279b09033e5fc4f2458d
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Mon Jun 5 13:06:00 2023 +0100
fix: db validate parameters permission (#24185)
---
UPDATING.md | 1 +
superset/constants.py | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/UPDATING.md b/UPDATING.md
index 1810a22306..f71d884091 100644
--- a/UPDATING.md
+++ b/UPDATING.md
@@ -23,6 +23,7 @@ This file documents any backwards-incompatible changes in Superset and
assists people when migrating to a new version.
## 2.1.1
+- [24185](https://github.com/apache/superset/pull/24185): `/api/v1/database/test_connection` and `api/v1/database/validate_parameters` permissions changed from `can_read` to `can_write`. Only Admin user's have access.
### Other
diff --git a/superset/constants.py b/superset/constants.py
index cdbce050d3..c3190ce1bf 100644
--- a/superset/constants.py
+++ b/superset/constants.py
@@ -125,8 +125,8 @@ MODEL_API_RW_METHOD_PERMISSION_MAP = {
"select_star": "read",
"table_metadata": "read",
"table_extra_metadata": "read",
- "test_connection": "read",
- "validate_parameters": "read",
+ "test_connection": "write",
+ "validate_parameters": "write",
"favorite_status": "read",
"thumbnail": "read",
"import_": "write",