You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/10/19 17:37:47 UTC

[GitHub] [superset] craig-rueda commented on a change in pull request #16991: fix(QueryContext): validation does not validate query_context metrics

craig-rueda commented on a change in pull request #16991:
URL: https://github.com/apache/superset/pull/16991#discussion_r732100371



##########
File path: superset/charts/commands/query_context_validator.py
##########
@@ -0,0 +1,168 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# pylint: disable=invalid-name, no-self-use, too-few-public-methods
+from __future__ import annotations
+
+from typing import List, Optional, Set, TYPE_CHECKING
+
+from superset.charts.commands.data import QueryContextValidator
+from superset.errors import ErrorLevel, SupersetError, SupersetErrorType
+from superset.exceptions import SupersetSecurityException
+from superset.sql_parse import ParsedQuery, Table
+
+if TYPE_CHECKING:
+    from superset import SupersetSecurityManager
+    from superset.connectors.sqla.models import SqlaTable
+    from superset.datasets.dao import DatasetDAO
+    from superset.models.core import Database
+    from superset.common.query_object import QueryObject
+    from superset.connectors.base.models import BaseDatasource
+    from superset.common.query_context import QueryContext
+    from superset.typing import Metric
+
+
+class QueryContextValidatorImpl(QueryContextValidator):
+    _dataset_dao: DatasetDAO
+    _security_manager: SupersetSecurityManager
+
+    def __init__(
+        self, dataset_dao: DatasetDAO, security_manager: SupersetSecurityManager
+    ):
+        self._dataset_dao = dataset_dao
+        self._security_manager = security_manager
+
+    def validate(self, query_context: QueryContext) -> None:
+        self._validate_actor_can_access(query_context)
+        self._validate_queries_context(query_context)
+
+    def _validate_actor_can_access(self, query_context: QueryContext) -> None:
+        sql_database: Optional[Database] = query_context.get_database()
+        if sql_database is not None:
+            self._validate_when_context_based_on_sql_database(
+                query_context, sql_database
+            )
+        else:

Review comment:
       Shouldn't we just always call `raise_for_access()`? I see this thing as needing an extra check when the sql_db is not None.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org