You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/07/31 04:43:57 UTC

[GitHub] [incubator-superset] john-bodley opened a new pull request #7952: [security] Adding docstrings and type hints

john-bodley opened a new pull request #7952: [security] Adding docstrings and type hints
URL: https://github.com/apache/incubator-superset/pull/7952
 
 
   ### CATEGORY
   
   Choose one
   
   - [ ] Bug Fix
   - [ ] Enhancement (new features, refinement)
   - [x] Refactor
   - [ ] Add tests
   - [ ] Build / Development Environment
   - [x] Documentation
   
   ### SUMMARY
   
   This PR adds doc-strings and type hints to the security manager to help to provide more context and consistency. Note I've tried to ensure that the code remains unchanged however: 
   
   1. I renamed a couple of methods/variables for accuracy. Note further polish could be applied. 
   2. Given the vast number of methods in the `SupersetSecurityManager` (it's becoming almost intractable) I renamed private methods with a leading `_` (underscore). 
   3. The Mypy type hints surfaced a couple of small issues during linting. 
   
   A few notes/observations: 
   
   1. I've tried to be as descriptive as possible but it took me quite some time to decipher what the various objects were. There may be merit in the future of being more explicit between Druid datasources and SQL tables. 
   2. I think some of the private methods could probably be refactored. 
   3. The SQL table names seem to be a mess, currently these can be defined as:
   
   - `str`: `[[cluster.]schema.]table`
   - `Tuple[str, str]`: `(schema, table)`
   - `DatasourceName`
   
   I believe there would be merit in aligning on one mechanism for defining SQL tables throughout Superset to help mitigate bugs/inaccuracies (note we've addresses issues related to this in the past). This is especially vital as it relates to security and a hardened security model should be one of Superset's core tenets.  A `dataclass` class may be a viable route. 
   
   4. I'm not certain whether the `get_schema_perm` logic is correct as I believe that the `database` parameter can be `Union[Database, str]`. I'm not sure if that was intentional 
   
   ### TEST PLAN
   
   CI.
   
   ### ADDITIONAL INFORMATION
   <!--- Check any relevant boxes with "x" -->
   <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
   - [ ] Has associated issue:
   - [ ] Changes UI
   - [ ] Requires DB Migration.
   - [ ] Confirm DB Migration upgrade and downgrade tested.
   - [ ] Introduces new feature or API
   - [ ] Removes existing feature or API
   
   ### REVIEWERS
   
   to: @DiggidyDave @etr2460 @michellethomas @mistercrunch @villebro 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org