You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/04/06 00:15:01 UTC

[GitHub] [incubator-superset] michellethomas opened a new pull request #7234: Adding permission for can_only_access_owned_queries

michellethomas opened a new pull request #7234: Adding permission for can_only_access_owned_queries
URL: https://github.com/apache/incubator-superset/pull/7234
 
 
   <!--
   Licensed to the Apache Software Foundation (ASF) under one
   or more contributor license agreements.  See the NOTICE file
   distributed with this work for additional information
   regarding copyright ownership.  The ASF licenses this file
   to you under the Apache License, Version 2.0 (the
   "License"); you may not use this file except in compliance
   with the License.  You may obtain a copy of the License at
   
     http://www.apache.org/licenses/LICENSE-2.0
   
   Unless required by applicable law or agreed to in writing,
   software distributed under the License is distributed on an
   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   KIND, either express or implied.  See the License for the
   specific language governing permissions and limitations
   under the License.
   -->
   ##### SUMMARY
   Adding an optional restriction on query search to only allow users to access their own queries. Right now query search lets anyone access any queries. That would be the default for all roles, but if a deployment wanted to change to restrict users to only search their queries they could do that with the can_only_access_owned_queries permission.
   
   With can_only_access_owned_queries in OBJECT_SPEC_PERMISSIONS, this permission is not added to any role by default. 
   
   ##### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   N/A
   
   ##### TEST PLAN
   Run superset init with new can_only_access_owned_queries default off in OBJECT_SPEC_PERMISSIONS
   Logged in as user1 and ran query
   Logged in as user2 and confirmed that I could see all queries queries in `/superset/sqllab#search` and `/queryview/list/`
   Moved perm can_only_access_owned_queries to ADMIN_ONLY_PERMISSIONS 
   Run superset init
   Confirmed that as user2 I could see only my queries queries in `/superset/sqllab#search` and `/queryview/list/`
   
   ##### ADDITIONAL INFORMATION
   <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> 
   <!--- Check any relevant boxes with "x" -->
       [ ] Has associated issue:
       [ ] Changes UI
       [ ] Requires DB Migration. Confirm DB Migration upgrade and downgrade tested.
       [ ] Introduces new feature or API
       [ ] Removes existing feature or API
       [ ] Fixes bug
       [ ] Refactors code
       [x] Adds test(s)
   
   ##### REVIEWERS
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org