You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2018/11/09 19:09:10 UTC

[GitHub] timifasubaa closed pull request #5434: [security] add datasource sources

timifasubaa closed pull request #5434: [security] add datasource sources
URL: https://github.com/apache/incubator-superset/pull/5434
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/superset/connectors/base/models.py b/superset/connectors/base/models.py
index 213f89597e..be4d447951 100644
--- a/superset/connectors/base/models.py
+++ b/superset/connectors/base/models.py
@@ -156,6 +156,10 @@ def short_data(self):
     def select_star(self):
         pass
 
+    @property
+    def datasource_sources(self):
+        pass
+
     @property
     def data(self):
         """Data representation of the datasource sent to the frontend"""
diff --git a/superset/connectors/druid/models.py b/superset/connectors/druid/models.py
index 0977c0c6b2..3ec6df1a79 100644
--- a/superset/connectors/druid/models.py
+++ b/superset/connectors/druid/models.py
@@ -525,6 +525,10 @@ def link(self):
         name = escape(self.datasource_name)
         return Markup('<a href="{self.url}">{name}</a>').format(**locals())
 
+    @property
+    def datasource_sources(self):
+        return '{}.{}'.format(self.cluster_name, self.datasource_name)
+
     @property
     def full_name(self):
         return utils.get_datasource_full_name(
diff --git a/superset/connectors/sqla/models.py b/superset/connectors/sqla/models.py
index c86d4eadda..90e3df9c61 100644
--- a/superset/connectors/sqla/models.py
+++ b/superset/connectors/sqla/models.py
@@ -23,7 +23,7 @@
 from sqlalchemy.sql.expression import TextAsFrom
 import sqlparse
 
-from superset import db, import_util, security_manager, utils
+from superset import db, import_util, security_manager, sql_parse, utils
 from superset.connectors.base.models import BaseColumn, BaseDatasource, BaseMetric
 from superset.jinja_context import get_template_processor
 from superset.models.annotations import Annotation
@@ -324,6 +324,10 @@ def name(self):
             return self.table_name
         return '{}.{}'.format(self.schema, self.table_name)
 
+    @property
+    def datasource_sources(self):
+        return sql_parse.SupersetQuery(self.sql).tables
+
     @property
     def full_name(self):
         return utils.get_datasource_full_name(
diff --git a/superset/views/core.py b/superset/views/core.py
index 07a4079aa2..a107ab910a 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -1093,8 +1093,10 @@ def generate_json(self, datasource_type, datasource_id, form_data,
                 stacktrace=traceback.format_exc())
 
         if not security_manager.datasource_access(viz_obj.datasource, g.user):
+            print("this is where the good error message happens")
+            ERR_MSG = 'You don\'t have access to the following tables \n' + ', \n'.join([i[0] for i in security_manager.get_gandalf_denied_tables(g.user, viz_obj.datasource)])
             return json_error_response(
-                DATASOURCE_ACCESS_ERR, status=404, link=config.get(
+                ERR_MSG, status=404, link=config.get(
                     'PERMISSION_INSTRUCTIONS_LINK'))
 
         if csv:
@@ -1262,13 +1264,21 @@ def explore(self, datasource_type=None, datasource_id=None):
 
         if not security_manager.datasource_access(datasource):
             flash(
-                __(get_datasource_access_error_msg(datasource.name)),
+                __('You do not have access to the following tables: {}'.format(
+                    security_manager.get_gandalf_denied_tables(g.user, datasource))),
                 'danger')
-            return redirect(
-                'superset/request_access/?'
-                'datasource_type={datasource_type}&'
-                'datasource_id={datasource_id}&'
-                ''.format(**locals()))
+            print("~~~~~~!!!~~~~~~~~")
+            if config.get("ENABLE_ACCESS_REQUEST"):
+                #err=json_error_response(
+                #DATASOURCE_ACCESS_ERR, status=404, link=config.get(
+                #    'PERMISSION_INSTRUCTIONS_LINK'))
+                #print(err)
+                #flash(__(err))
+                return redirect(
+                    'superset/request_access/?'
+                    'datasource_type={datasource_type}&'
+                    'datasource_id={datasource_id}&'
+                    ''.format(**locals()))
 
         viz_type = form_data.get('viz_type')
         if not viz_type and datasource.default_endpoint:


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org