You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by vi...@apache.org on 2020/04/29 20:57:26 UTC
[incubator-superset] branch master updated: Fix
ENABLE_ROW_LEVEL_SECURITY flag usage (#9689)
This is an automated email from the ASF dual-hosted git repository.
villebro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new 2835044 Fix ENABLE_ROW_LEVEL_SECURITY flag usage (#9689)
2835044 is described below
commit 283504479e74e7fed1830944b70c0da7b44af6c6
Author: Bogdan <b....@gmail.com>
AuthorDate: Wed Apr 29 13:57:06 2020 -0700
Fix ENABLE_ROW_LEVEL_SECURITY flag usage (#9689)
Co-authored-by: bogdan kyryliuk <bo...@dropbox.com>
---
superset/common/query_context.py | 5 ++++-
superset/connectors/sqla/models.py | 4 ++--
superset/viz.py | 3 ++-
superset/viz_sip38.py | 6 +++++-
tests/superset_test_config.py | 1 +
5 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/superset/common/query_context.py b/superset/common/query_context.py
index 6569885..3a84ec0 100644
--- a/superset/common/query_context.py
+++ b/superset/common/query_context.py
@@ -160,11 +160,14 @@ class QueryContext:
def cache_key(self, query_obj: QueryObject, **kwargs: Any) -> Optional[str]:
extra_cache_keys = self.datasource.get_extra_cache_keys(query_obj.to_dict())
+
cache_key = (
query_obj.cache_key(
datasource=self.datasource.uid,
extra_cache_keys=extra_cache_keys,
- rls=security_manager.get_rls_ids(self.datasource),
+ rls=security_manager.get_rls_ids(self.datasource)
+ if config["ENABLE_ROW_LEVEL_SECURITY"]
+ else [],
changed_on=self.datasource.changed_on,
**kwargs
)
diff --git a/superset/connectors/sqla/models.py b/superset/connectors/sqla/models.py
index 0500fb1..705cb31 100644
--- a/superset/connectors/sqla/models.py
+++ b/superset/connectors/sqla/models.py
@@ -891,8 +891,8 @@ class SqlaTable(Model, BaseDatasource):
raise Exception(
_("Invalid filter operation type: %(op)s", op=op)
)
-
- where_clause_and += self._get_sqla_row_level_filters(template_processor)
+ if config["ENABLE_ROW_LEVEL_SECURITY"]:
+ where_clause_and += self._get_sqla_row_level_filters(template_processor)
if extras:
where = extras.get("where")
if where:
diff --git a/superset/viz.py b/superset/viz.py
index b605071..85d1d9d 100644
--- a/superset/viz.py
+++ b/superset/viz.py
@@ -399,7 +399,8 @@ class BaseViz:
cache_dict["time_range"] = self.form_data.get("time_range")
cache_dict["datasource"] = self.datasource.uid
cache_dict["extra_cache_keys"] = self.datasource.get_extra_cache_keys(query_obj)
- cache_dict["rls"] = security_manager.get_rls_ids(self.datasource)
+ if config["ENABLE_ROW_LEVEL_SECURITY"]:
+ cache_dict["rls"] = security_manager.get_rls_ids(self.datasource)
cache_dict["changed_on"] = self.datasource.changed_on
json_data = self.json_dumps(cache_dict, sort_keys=True)
return hashlib.md5(json_data.encode("utf-8")).hexdigest()
diff --git a/superset/viz_sip38.py b/superset/viz_sip38.py
index 3f3a258..bffd344 100644
--- a/superset/viz_sip38.py
+++ b/superset/viz_sip38.py
@@ -440,7 +440,11 @@ class BaseViz:
cache_dict["time_range"] = self.form_data.get("time_range")
cache_dict["datasource"] = self.datasource.uid
cache_dict["extra_cache_keys"] = self.datasource.get_extra_cache_keys(query_obj)
- cache_dict["rls"] = security_manager.get_rls_ids(self.datasource)
+ cache_dict["rls"] = (
+ security_manager.get_rls_ids(self.datasource)
+ if config["ENABLE_ROW_LEVEL_SECURITY"]
+ else []
+ )
cache_dict["changed_on"] = self.datasource.changed_on
json_data = self.json_dumps(cache_dict, sort_keys=True)
return hashlib.md5(json_data.encode("utf-8")).hexdigest()
diff --git a/tests/superset_test_config.py b/tests/superset_test_config.py
index 888f27b..3e9e21f 100644
--- a/tests/superset_test_config.py
+++ b/tests/superset_test_config.py
@@ -52,6 +52,7 @@ WTF_CSRF_ENABLED = False
PUBLIC_ROLE_LIKE_GAMMA = True
AUTH_ROLE_PUBLIC = "Public"
EMAIL_NOTIFICATIONS = False
+ENABLE_ROW_LEVEL_SECURITY = True
CACHE_CONFIG = {"CACHE_TYPE": "simple"}