You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by vi...@apache.org on 2020/04/15 13:42:12 UTC
[incubator-superset] branch master updated: [copy] fix: Row Level
Security get_rls_filters func SELECT statement (#9541)
This is an automated email from the ASF dual-hosted git repository.
villebro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new ef5e11f [copy] fix: Row Level Security get_rls_filters func SELECT statement (#9541)
ef5e11f is described below
commit ef5e11f45b06f8cceb24b6a19f10ff2e31a78832
Author: Aliaksei Kushniarevich <ax...@gmail.com>
AuthorDate: Wed Apr 15 16:41:54 2020 +0300
[copy] fix: Row Level Security get_rls_filters func SELECT statement (#9541)
* fix: Row Level Security get_rls_filters func SELECT statement
* More general RowLevelSecurityTests case to avoid improper ids matching
---
superset/security/manager.py | 2 +-
tests/security_tests.py | 9 +++++----
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/superset/security/manager.py b/superset/security/manager.py
index 2d72096..01c80d6 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -919,7 +919,7 @@ class SupersetSecurityManager(SecurityManager):
.subquery()
)
filter_roles = (
- db.session.query(RLSFilterRoles.c.id)
+ db.session.query(RLSFilterRoles.c.rls_filter_id)
.filter(RLSFilterRoles.c.role_id.in_(user_roles))
.subquery()
)
diff --git a/tests/security_tests.py b/tests/security_tests.py
index 7b8df26..476b670 100644
--- a/tests/security_tests.py
+++ b/tests/security_tests.py
@@ -833,10 +833,11 @@ class RowLevelSecurityTests(SupersetTestCase):
self.rls_entry.table = (
session.query(SqlaTable).filter_by(table_name="birth_names").first()
)
- self.rls_entry.clause = "gender = 'male'"
+ self.rls_entry.clause = "gender = 'boy'"
self.rls_entry.roles.append(
security_manager.find_role("Gamma")
) # db.session.query(Role).filter_by(name="Gamma").first())
+ self.rls_entry.roles.append(security_manager.find_role("Alpha"))
db.session.add(self.rls_entry)
db.session.commit()
@@ -849,7 +850,7 @@ class RowLevelSecurityTests(SupersetTestCase):
# Do another test to make sure it doesn't alter another query
def test_rls_filter_alters_query(self):
g.user = self.get_user(
- username="gamma"
+ username="alpha"
) # self.login() doesn't actually set the user
tbl = self.get_table_by_name("birth_names")
query_obj = dict(
@@ -864,7 +865,7 @@ class RowLevelSecurityTests(SupersetTestCase):
extras={},
)
sql = tbl.get_query_str(query_obj)
- self.assertIn("gender = 'male'", sql)
+ self.assertIn("gender = 'boy'", sql)
def test_rls_filter_doesnt_alter_query(self):
g.user = self.get_user(
@@ -883,4 +884,4 @@ class RowLevelSecurityTests(SupersetTestCase):
extras={},
)
sql = tbl.get_query_str(query_obj)
- self.assertNotIn("gender = 'male'", sql)
+ self.assertNotIn("gender = 'boy'", sql)