superset-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maximebeauche...@apache.org
Subject [incubator-superset] branch master updated: Fix issues around Database permissions (#7009)
Date Mon, 18 Mar 2019 05:49:51 GMT
This is an automated email from the ASF dual-hosted git repository.

maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git


The following commit(s) were added to refs/heads/master by this push:
     new f5274a9  Fix issues around Database permissions (#7009)
f5274a9 is described below

commit f5274a9c7f437dcf9359f8dc5fdd056c23bf03b8
Author: Maxime Beauchemin <maximebeauchemin@gmail.com>
AuthorDate: Sun Mar 17 22:49:40 2019 -0700

    Fix issues around Database permissions (#7009)
---
 superset/security.py   | 12 +++++++++---
 superset/views/core.py | 12 +++++++++++-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/superset/security.py b/superset/security.py
index 3bfddc9..3c2ce32 100644
--- a/superset/security.py
+++ b/superset/security.py
@@ -107,8 +107,10 @@ class SupersetSecurityManager(SecurityManager):
         return self._has_view_access(user, permission_name, view_name)
 
     def all_datasource_access(self):
-        return self.can_access(
-            'all_datasource_access', 'all_datasource_access')
+        return self.can_access('all_datasource_access', 'all_datasource_access')
+
+    def all_database_access(self):
+        return self.can_access('all_database_access', 'all_database_access')
 
     def database_access(self, database):
         return (
@@ -410,8 +412,12 @@ class SupersetSecurityManager(SecurityManager):
                 .values(perm=target.get_perm()),
             )
 
-        # add to view menu if not already exists
         permission_name = 'datasource_access'
+        from superset.models.core import Database
+        if mapper.class_ == Database:
+            permission_name = 'database_access'
+
+        # add to view menu if not already exists
         view_menu_name = target.get_perm()
         permission = self.find_permission(permission_name)
         view_menu = self.find_view_menu(view_menu_name)
diff --git a/superset/views/core.py b/superset/views/core.py
index d3cfb88..2bee09d 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -109,6 +109,14 @@ SQLTable = Table(
     extend_existing=True)
 
 
+class DatabaseFilter(SupersetFilter):
+    def apply(self, query, func):  # noqa
+        if security_manager.all_database_access():
+            return query
+        database_perms = self.get_view_menus('database_access')
+        return query.filter(self.model.perm.in_(database_perms))
+
+
 class SliceFilter(SupersetFilter):
     def apply(self, query, func):  # noqa
         if security_manager.all_datasource_access():
@@ -116,11 +124,12 @@ class SliceFilter(SupersetFilter):
 
         # TODO(bogdan): add `schema_access` support here
         datasource_perms = self.get_view_menus('datasource_access')
+        database_perms = self.get_view_menus('database_access')
         query = (
             query.outerjoin(SQLTable, self.model.datasource_id == SQLTable.c.id)
             .outerjoin(models.Database, models.Database.id == SQLTable.c.database_id)
             .filter(or_(
-                models.Database.perm.in_(datasource_perms),
+                models.Database.perm.in_(database_perms),
                 self.model.perm.in_(datasource_perms),
             ))
         )
@@ -285,6 +294,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin): 
# noqa
         'allow_multi_schema_metadata_fetch': _('Allow Multi Schema Metadata Fetch'),
         'backend': _('Backend'),
     }
+    base_filters = [['id', DatabaseFilter, lambda: []]]
 
     def pre_add(self, db):
         self.check_extra(db)


Mime
View raw message