rename sm to security_manager

apache · Mar 27, 2018 · c766500 · c766500
1 parent 4124ac0
commit c766500
Show file tree

Hide file tree

Showing 21 changed files with 273 additions and 254 deletions.
diff --git a/UPDATING.MD b/UPDATING.MD
@@ -0,0 +1,8 @@
+# Updating Superset
+
+This file documents any backwards-incompatible changes in Superset and
+assists people when migrating to a new version.
+
+## Superset 0.23.0
+
+* [4565](https://github.com/apache/incubator-superset/pull/4565)
diff --git a/superset/__init__.py b/superset/__init__.py
@@ -154,8 +154,8 @@ def index(self):
 if not issubclass(custom_sm, SupersetSecurityManager):
     raise Exception(
         """Your CUSTOM_SECURITY_MANAGER must now extend SupersetSecurityManager,
-         not FAB's security manager. 
-         See https://github.com/apache/incubator-superset/pull/4565""")
+         not FAB's security manager.
+         See [4565] in UPDATING.md""")
 
 appbuilder = AppBuilder(
     app,

diff --git a/superset/cli.py b/superset/cli.py
@@ -16,7 +16,7 @@
 from pathlib2 import Path
 import yaml
 
-from superset import app, data, db, dict_import_export_util, sm, utils
+from superset import app, data, db, dict_import_export_util, security_manager, utils
 
 config = app.config
 celery_app = utils.get_celery_app(config)
@@ -29,7 +29,7 @@
 def init():
     """Inits the Superset application"""
     utils.get_or_create_main_db()
-    sm.sync_role_definitions()
+    security_manager.sync_role_definitions()
 
 
 @manager.option(

diff --git a/superset/connectors/druid/models.py b/superset/connectors/druid/models.py
@@ -33,7 +33,7 @@
 )
 from sqlalchemy.orm import backref, relationship
 
-from superset import conf, db, import_util, sm, utils
+from superset import conf, db, import_util, security_manager, utils
 from superset.connectors.base.models import BaseColumn, BaseDatasource, BaseMetric
 from superset.exceptions import MetricPermException
 from superset.models.helpers import (
@@ -465,7 +465,7 @@ class DruidDatasource(Model, BaseDatasource):
         'DruidCluster', backref='datasources', foreign_keys=[cluster_name])
     user_id = Column(Integer, ForeignKey('ab_user.id'))
     owner = relationship(
-        sm.user_model,
+        security_manager.user_model,
         backref=backref('datasources', cascade='all, delete-orphan'),
         foreign_keys=[user_id])
     UniqueConstraint('cluster_name', 'datasource_name')
@@ -506,7 +506,7 @@ def schema(self):
     @property
     def schema_perm(self):
         """Returns schema permission if present, cluster one otherwise."""
-        return sm.get_schema_perm(self.cluster, self.schema)
+        return security_manager.get_schema_perm(self.cluster, self.schema)
 
     def get_perm(self):
         return (
@@ -980,7 +980,7 @@ def check_restricted_metrics(self, aggregations):
             m.metric_name for m in self.metrics
             if m.is_restricted and
             m.metric_name in aggregations.keys() and
-            not sm.has_access('metric_access', m.perm)
+            not security_manager.has_access('metric_access', m.perm)
         ]
         if rejected_metrics:
             raise MetricPermException(

diff --git a/superset/connectors/druid/views.py b/superset/connectors/druid/views.py
@@ -14,7 +14,7 @@
 from flask_babel import gettext as __
 from flask_babel import lazy_gettext as _
 
-from superset import appbuilder, db, sm, utils
+from superset import appbuilder, db, security_manager, utils
 from superset.connectors.base.views import DatasourceModelView
 from superset.connectors.connector_registry import ConnectorRegistry
 from superset.utils import has_access
@@ -140,11 +140,11 @@ class DruidMetricInlineView(CompactCRUDMixin, SupersetModelView):  # noqa
 
     def post_add(self, metric):
         if metric.is_restricted:
-            sm.merge_perm('metric_access', metric.get_perm())
+            security_manager.merge_perm('metric_access', metric.get_perm())
 
     def post_update(self, metric):
         if metric.is_restricted:
-            sm.merge_perm('metric_access', metric.get_perm())
+            security_manager.merge_perm('metric_access', metric.get_perm())
 
 
 appbuilder.add_view_no_menu(DruidMetricInlineView)
@@ -177,7 +177,7 @@ class DruidClusterModelView(SupersetModelView, DeleteMixin, YamlExportMixin):  #
     }
 
     def pre_add(self, cluster):
-        sm.merge_perm('database_access', cluster.perm)
+        security_manager.merge_perm('database_access', cluster.perm)
 
     def pre_update(self, cluster):
         self.pre_add(cluster)
@@ -278,9 +278,9 @@ def pre_add(self, datasource):
 
     def post_add(self, datasource):
         datasource.refresh_metrics()
-        sm.merge_perm('datasource_access', datasource.get_perm())
+        security_manager.merge_perm('datasource_access', datasource.get_perm())
         if datasource.schema:
-            sm.merge_perm('schema_access', datasource.schema_perm)
+            security_manager.merge_perm('schema_access', datasource.schema_perm)
 
     def post_update(self, datasource):
         self.post_add(datasource)

diff --git a/superset/connectors/sqla/models.py b/superset/connectors/sqla/models.py
@@ -24,7 +24,7 @@
 from sqlalchemy.sql.expression import TextAsFrom
 import sqlparse
 
-from superset import db, import_util, sm, utils
+from superset import db, import_util, security_manager, utils
 from superset.connectors.base.models import BaseColumn, BaseDatasource, BaseMetric
 from superset.jinja_context import get_template_processor
 from superset.models.annotations import Annotation
@@ -259,7 +259,7 @@ class SqlaTable(Model, BaseDatasource):
     fetch_values_predicate = Column(String(1000))
     user_id = Column(Integer, ForeignKey('ab_user.id'))
     owner = relationship(
-        sm.user_model,
+        security_manager.user_model,
         backref='tables',
         foreign_keys=[user_id])
     database = relationship(
@@ -298,7 +298,7 @@ def link(self):
     @property
     def schema_perm(self):
         """Returns schema permission if present, database one otherwise."""
-        return sm.get_schema_perm(self.database, self.schema)
+        return security_manager.get_schema_perm(self.database, self.schema)
 
     def get_perm(self):
         return (

diff --git a/superset/connectors/sqla/views.py b/superset/connectors/sqla/views.py
@@ -13,7 +13,7 @@
 from flask_babel import lazy_gettext as _
 from past.builtins import basestring
 
-from superset import appbuilder, db, sm, utils
+from superset import appbuilder, db, security_manager, utils
 from superset.connectors.base.views import DatasourceModelView
 from superset.utils import has_access
 from superset.views.base import (
@@ -144,11 +144,11 @@ class SqlMetricInlineView(CompactCRUDMixin, SupersetModelView):  # noqa
 
     def post_add(self, metric):
         if metric.is_restricted:
-            sm.merge_perm('metric_access', metric.get_perm())
+            security_manager.merge_perm('metric_access', metric.get_perm())
 
     def post_update(self, metric):
         if metric.is_restricted:
-            sm.merge_perm('metric_access', metric.get_perm())
+            security_manager.merge_perm('metric_access', metric.get_perm())
 
 
 appbuilder.add_view_no_menu(SqlMetricInlineView)
@@ -253,9 +253,9 @@ def pre_add(self, table):
 
     def post_add(self, table, flash_message=True):
         table.fetch_metadata()
-        sm.merge_perm('datasource_access', table.get_perm())
+        security_manager.merge_perm('datasource_access', table.get_perm())
         if table.schema:
-            sm.merge_perm('schema_access', table.schema_perm)
+            security_manager.merge_perm('schema_access', table.schema_perm)
 
         if flash_message:
             flash(_(

diff --git a/superset/data/__init__.py b/superset/data/__init__.py
@@ -16,7 +16,7 @@
 import geohash
 import polyline
 
-from superset import app, db, sm, utils
+from superset import app, db, security_manager, utils
 from superset.connectors.connector_registry import ConnectorRegistry
 from superset.models import core as models
 

diff --git a/superset/models/core.py b/superset/models/core.py
@@ -33,7 +33,7 @@
 from sqlalchemy.sql.expression import TextAsFrom
 from sqlalchemy_utils import EncryptedType
 
-from superset import app, db, db_engine_specs, sm, utils
+from superset import app, db, db_engine_specs, security_manager, utils
 from superset.connectors.connector_registry import ConnectorRegistry
 from superset.models.helpers import AuditMixinNullable, ImportMixin, set_perm
 from superset.viz import viz_types
@@ -104,7 +104,7 @@ class Slice(Model, AuditMixinNullable, ImportMixin):
     description = Column(Text)
     cache_timeout = Column(Integer)
     perm = Column(String(1000))
-    owners = relationship(sm.user_model, secondary=slice_user)
+    owners = relationship(security_manager.user_model, secondary=slice_user)
 
     export_fields = ('slice_name', 'datasource_type', 'datasource_name',
                      'viz_type', 'params', 'cache_timeout')
@@ -322,7 +322,7 @@ class Dashboard(Model, AuditMixinNullable, ImportMixin):
     slug = Column(String(255), unique=True)
     slices = relationship(
         'Slice', secondary=dashboard_slices, backref='dashboards')
-    owners = relationship(sm.user_model, secondary=dashboard_user)
+    owners = relationship(security_manager.user_model, secondary=dashboard_user)
 
     export_fields = ('dashboard_title', 'position_json', 'json_metadata',
                      'description', 'css', 'slug')
@@ -681,7 +681,7 @@ def get_sqla_engine(self, schema=None, nullpool=True, user_name=None):
         DB_CONNECTION_MUTATOR = config.get('DB_CONNECTION_MUTATOR')
         if DB_CONNECTION_MUTATOR:
             url, params = DB_CONNECTION_MUTATOR(
-                url, params, effective_username, sm)
+                url, params, effective_username, security_manager)
         return create_engine(url, **params)
 
     def get_reserved_words(self):
@@ -862,7 +862,8 @@ class Log(Model):
     dashboard_id = Column(Integer)
     slice_id = Column(Integer)
     json = Column(Text)
-    user = relationship(sm.user_model, backref='logs', foreign_keys=[user_id])
+    user = relationship(
+        security_manager.user_model, backref='logs', foreign_keys=[user_id])
     dttm = Column(DateTime, default=datetime.utcnow)
     dt = Column(Date, default=date.today())
     duration_ms = Column(Integer)
@@ -961,7 +962,7 @@ def datasource_link(self):
     def roles_with_datasource(self):
         action_list = ''
         perm = self.datasource.perm  # pylint: disable=no-member
-        pv = sm.find_permission_view_menu('datasource_access', perm)
+        pv = security_manager.find_permission_view_menu('datasource_access', perm)
         for r in pv.role:
             if r.name in self.ROLES_BLACKLIST:
                 continue

diff --git a/superset/models/helpers.py b/superset/models/helpers.py
@@ -20,7 +20,7 @@
 from sqlalchemy.orm.exc import MultipleResultsFound
 import yaml
 
-from superset import sm
+from superset import security_manager
 from superset.utils import QueryStatus
 
 
@@ -353,4 +353,4 @@ def set_perm(mapper, connection, target):  # noqa
         )
 
     # add to view menu if not already exists
-    merge_perm(sm, 'datasource_access', target.get_perm(), connection)
+    merge_perm(security_manager, 'datasource_access', target.get_perm(), connection)
diff --git a/superset/models/sql_lab.py b/superset/models/sql_lab.py
@@ -17,7 +17,7 @@
 )
 from sqlalchemy.orm import backref, relationship
 
-from superset import sm
+from superset import security_manager
 from superset.models.helpers import AuditMixinNullable
 from superset.utils import QueryStatus, user_label
 
@@ -76,7 +76,7 @@ class Query(Model):
         'Database',
         foreign_keys=[database_id],
         backref=backref('queries', cascade='all, delete-orphan'))
-    user = relationship(sm.user_model, foreign_keys=[user_id])
+    user = relationship(security_manager.user_model, foreign_keys=[user_id])
 
     __table_args__ = (
         sqla.Index('ti_user_id_changed_on', user_id, changed_on),
@@ -138,7 +138,7 @@ class SavedQuery(Model, AuditMixinNullable):
     description = Column(Text)
     sql = Column(Text)
     user = relationship(
-        sm.user_model,
+        security_manager.user_model,
         backref=backref('saved_queries', cascade='all, delete-orphan'),
         foreign_keys=[user_id])
     database = relationship(

diff --git a/superset/sql_lab.py b/superset/sql_lab.py
@@ -17,7 +17,7 @@
 from sqlalchemy.orm import sessionmaker
 from sqlalchemy.pool import NullPool
 
-from superset import app, dataframe, db, results_backend, sm, utils
+from superset import app, dataframe, db, results_backend, security_manager, utils
 from superset.db_engine_specs import LimitMethod
 from superset.jinja_context import get_template_processor
 from superset.models.sql_lab import Query
@@ -196,7 +196,8 @@ def handle_error(msg):
     # Hook to allow environment-specific mutation (usually comments) to the SQL
     SQL_QUERY_MUTATOR = config.get('SQL_QUERY_MUTATOR')
     if SQL_QUERY_MUTATOR:
-        executed_sql = SQL_QUERY_MUTATOR(executed_sql, user_name, sm, database)
+        executed_sql = SQL_QUERY_MUTATOR(
+            executed_sql, user_name, security_manager, database)
 
     query.executed_sql = executed_sql
     query.status = QueryStatus.RUNNING

diff --git a/superset/views/base.py b/superset/views/base.py
@@ -20,7 +20,7 @@
 from flask_babel import lazy_gettext as _
 import yaml
 
-from superset import appbuilder, conf, sm, utils
+from superset import conf, security_manager, utils
 from superset.translations.utils import get_language_pack
 
 FRONTEND_CONF_KEYS = (
@@ -81,7 +81,7 @@ def get_datasource_exist_error_mgs(full_name):
 def get_user_roles():
     if g.user.is_anonymous():
         public_role = conf.get('AUTH_ROLE_PUBLIC')
-        return [appbuilder.sm.find_role(public_role)] if public_role else []
+        return [security_manager.find_role(public_role)] if public_role else []
     return g.user.roles
 
 
@@ -152,31 +152,32 @@ def _delete(self, pk):
         except Exception as e:
             flash(str(e), 'danger')
         else:
-            view_menu = sm.find_view_menu(item.get_perm())
-            pvs = sm.get_session.query(sm.permissionview_model).filter_by(
+            view_menu = security_manager.find_view_menu(item.get_perm())
+            pvs = security_manager.get_session.query(
+                security_manager.permissionview_model).filter_by(
                 view_menu=view_menu).all()
 
             schema_view_menu = None
             if hasattr(item, 'schema_perm'):
-                schema_view_menu = sm.find_view_menu(item.schema_perm)
+                schema_view_menu = security_manager.find_view_menu(item.schema_perm)
 
-                pvs.extend(sm.get_session.query(
-                    sm.permissionview_model).filter_by(
+                pvs.extend(security_manager.get_session.query(
+                    security_manager.permissionview_model).filter_by(
                     view_menu=schema_view_menu).all())
 
             if self.datamodel.delete(item):
                 self.post_delete(item)
 
                 for pv in pvs:
-                    sm.get_session.delete(pv)
+                    security_manager.get_session.delete(pv)
 
                 if view_menu:
-                    sm.get_session.delete(view_menu)
+                    security_manager.get_session.delete(view_menu)
 
                 if schema_view_menu:
-                    sm.get_session.delete(schema_view_menu)
+                    security_manager.get_session.delete(schema_view_menu)
 
-                sm.get_session.commit()
+                security_manager.get_session.commit()
 
             flash(*self.datamodel.message)
             self.update_redirect()