superset-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maximebeauche...@apache.org
Subject [incubator-superset] branch master updated: Allow Gamma and Alpha to access '/users/userinfo/' (#6936)
Date Mon, 22 Apr 2019 18:24:00 GMT
This is an automated email from the ASF dual-hosted git repository.

maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 36a219d  Allow Gamma and Alpha to access '/users/userinfo/' (#6936)
36a219d is described below

commit 36a219da7f81c0e65a259049896bb77fd66edbe2
Author: Maxime Beauchemin <maximebeauchemin@gmail.com>
AuthorDate: Mon Apr 22 11:23:54 2019 -0700

    Allow Gamma and Alpha to access '/users/userinfo/' (#6936)
    
    * Allow Gamma and Alpha to access '/users/userinfo/'
    
    closes https://github.com/apache/incubator-superset/issues/4919
    
    * Fix unit test
    
    * Fix test
---
 superset/security.py    | 22 ++++++++++++++++------
 tests/core_tests.py     |  1 -
 tests/security_tests.py |  2 ++
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/superset/security.py b/superset/security.py
index df835b0..b30b2e5 100644
--- a/superset/security.py
+++ b/superset/security.py
@@ -81,19 +81,23 @@ class SupersetSecurityManager(SecurityManager):
         'can_list',
     }
 
-    ALPHA_ONLY_PERMISSIONS = set([
+    ALPHA_ONLY_PERMISSIONS = {
         'muldelete',
         'all_database_access',
         'all_datasource_access',
-    ])
+    }
 
-    OBJECT_SPEC_PERMISSIONS = set([
+    OBJECT_SPEC_PERMISSIONS = {
         'database_access',
         'schema_access',
         'datasource_access',
         'metric_access',
         'can_only_access_owned_queries',
-    ])
+    }
+
+    ACCESSIBLE_PERMS = {
+        'can_userinfo',
+    }
 
     def get_schema_perm(self, database, schema):
         if schema:
@@ -386,15 +390,21 @@ class SupersetSecurityManager(SecurityManager):
             pvm.permission.name in self.ALPHA_ONLY_PERMISSIONS
         )
 
+    def is_accessible_to_all(self, pvm):
+        return pvm.permission.name in self.ACCESSIBLE_PERMS
+
     def is_admin_pvm(self, pvm):
         return not self.is_user_defined_permission(pvm)
 
     def is_alpha_pvm(self, pvm):
-        return not (self.is_user_defined_permission(pvm) or self.is_admin_only(pvm))
+        return (
+            not (self.is_user_defined_permission(pvm) or self.is_admin_only(pvm)) or
+            self.is_accessible_to_all(pvm)
+        )
 
     def is_gamma_pvm(self, pvm):
         return not (self.is_user_defined_permission(pvm) or self.is_admin_only(pvm) or
-                    self.is_alpha_only(pvm))
+                    self.is_alpha_only(pvm)) or self.is_accessible_to_all(pvm)
 
     def is_sql_lab_pvm(self, pvm):
         return (
diff --git a/tests/core_tests.py b/tests/core_tests.py
index 00e83ac..f021e92 100644
--- a/tests/core_tests.py
+++ b/tests/core_tests.py
@@ -189,7 +189,6 @@ class CoreTests(SupersetTestCase):
             assert_func('ResetPasswordView', view_menus)
             assert_func('RoleModelView', view_menus)
             assert_func('Security', view_menus)
-            assert_func('UserDBModelView', view_menus)
             assert_func('SQL Lab',
                         view_menus)
 
diff --git a/tests/security_tests.py b/tests/security_tests.py
index 063f1e8..57b790c 100644
--- a/tests/security_tests.py
+++ b/tests/security_tests.py
@@ -76,6 +76,7 @@ class RolePermissionTests(SupersetTestCase):
         self.assertIn(('can_slice', 'Superset'), perm_set)
         self.assertIn(('can_explore', 'Superset'), perm_set)
         self.assertIn(('can_explore_json', 'Superset'), perm_set)
+        self.assertIn(('can_userinfo', 'UserDBModelView'), perm_set)
 
     def assert_can_alpha(self, perm_set):
         self.assert_can_all('SqlMetricInlineView', perm_set)
@@ -231,6 +232,7 @@ class RolePermissionTests(SupersetTestCase):
         self.assertIn(('can_fave_slices', 'Superset'), gamma_perm_set)
         self.assertIn(('can_save_dash', 'Superset'), gamma_perm_set)
         self.assertIn(('can_slice', 'Superset'), gamma_perm_set)
+        self.assertIn(('can_userinfo', 'UserDBModelView'), gamma_perm_set)
 
     def test_views_are_secured(self):
         """Preventing the addition of unsecured views without has_access decorator"""


Mime
View raw message