diff --git a/docs/installation.rst b/docs/installation.rst index 716afe5ac6d59..40318199fc82d 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -167,6 +167,27 @@ work on Windows so the `superset runserver` command is not expected to work in that context. Also note that the development web server (`superset runserver -d`) is not intended for production use. +Flask-AppBuilder Permissions +---------------------------- + +By default every time the Flask-AppBuilder (FAB) app is initialized the +permissions and views are added automatically to the backend and associated with +the ‘Admin’ role. The issue however is when you are running multiple concurrent +workers this creates a lot of contention and race conditions when defining +permissions and views. + +To alleviate this issue, the automatic updating of permissions can be disabled +by setting the :envvar:`SUPERSET_UPDATE_PERMS` environment variable to `0`. +The value `1` enables it, `0` disables it. Note if undefined the functionality +is enabled to maintain backwards compatibility. + +In a production environment initialization could take on the following form: + + export SUPERSET_UPDATE_PERMS=1 + superset init + + export SUPERSET_UPDATE_PERMS=0 + gunicorn -w 10 ... superset:app Configuration behind a load balancer ------------------------------------ @@ -181,7 +202,7 @@ If the load balancer is inserting X-Forwarded-For/X-Forwarded-Proto headers, you should set `ENABLE_PROXY_FIX = True` in the superset config file to extract and use the headers. -In case that the reverse proxy is used for providing ssl encryption, +In case that the reverse proxy is used for providing ssl encryption, an explicit definition of the `X-Forwarded-Proto` may be required. For the Apache webserver this can be set as follows: :: diff --git a/setup.py b/setup.py index f662e885c36ac..00b56d2df9d55 100644 --- a/setup.py +++ b/setup.py @@ -49,7 +49,7 @@ def get_git_sha(): 'colorama==0.3.9', 'cryptography==1.9', 'flask==0.12.2', - 'flask-appbuilder==1.9.4', + 'flask-appbuilder==1.9.5', 'flask-cache==0.13.1', 'flask-migrate==2.0.3', 'flask-script==2.0.5', diff --git a/superset/__init__.py b/superset/__init__.py index 5d0c674a8dd90..8aabca403cc63 100644 --- a/superset/__init__.py +++ b/superset/__init__.py @@ -152,7 +152,9 @@ def index(self): db.session, base_template='superset/base.html', indexview=MyIndexView, - security_manager_class=app.config.get('CUSTOM_SECURITY_MANAGER')) + security_manager_class=app.config.get('CUSTOM_SECURITY_MANAGER'), + update_perms=utils.get_update_perms_flag(), +) sm = appbuilder.sm diff --git a/superset/utils.py b/superset/utils.py index c64e8cf4eeafc..ee81af512049c 100644 --- a/superset/utils.py +++ b/superset/utils.py @@ -767,3 +767,8 @@ def get_filter_key(f): form_data['filters'] += [filtr] # Remove extra filters from the form data since no longer needed del form_data['extra_filters'] + + +def get_update_perms_flag(): + val = os.environ.get('SUPERSET_UPDATE_PERMS') + return val.lower() not in ('0', 'false', 'no') if val else True