From a581bc6f8661545f2f6c40b24cee5f97fbe4c6a0 Mon Sep 17 00:00:00 2001 From: Timi Fasubaa Date: Sun, 5 Aug 2018 01:04:41 -0700 Subject: [PATCH 1/2] make filters use security manager --- superset/security.py | 9 +++++++++ superset/views/base.py | 8 ++------ superset/views/core.py | 6 ++++-- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/superset/security.py b/superset/security.py index 0bfca36e9e371..f87d60bbad4f9 100644 --- a/superset/security.py +++ b/superset/security.py @@ -85,6 +85,15 @@ def get_schema_perm(self, database, schema): if schema: return '[{}].[{}]'.format(database, schema) + def always_list_all_dashboards(self): + return False + + def always_list_all_slices(self): + return False + + def always_list_all_datasources(self): + return False + def can_access(self, permission_name, view_name, user=None): """Protecting from has_access failing from missing perms/view""" if not user: diff --git a/superset/views/base.py b/superset/views/base.py index 8bcdee44f9a06..d075a14aa4a97 100644 --- a/superset/views/base.py +++ b/superset/views/base.py @@ -248,15 +248,11 @@ def get_view_menus(self, permission_name): vm.add(vm_name) return vm - def has_all_datasource_access(self): - return ( - self.has_role(['Admin', 'Alpha']) or - self.has_perm('all_datasource_access', 'all_datasource_access')) - class DatasourceFilter(SupersetFilter): def apply(self, query, func): # noqa - if self.has_all_datasource_access(): + if (security_manager.all_datasource_access() or + security_manager.always_list_all_datasources()): return query perms = self.get_view_menus('datasource_access') # TODO(bogdan): add `schema_access` support here diff --git a/superset/views/core.py b/superset/views/core.py index 09904f71d69e7..637d620ddedf2 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -136,7 +136,8 @@ def check_ownership(obj, raise_if_false=True): class SliceFilter(SupersetFilter): def apply(self, query, func): # noqa - if self.has_all_datasource_access(): + if (security_manager.all_datasource_access() or + security_manager.always_list_all_slices()): return query perms = self.get_view_menus('datasource_access') # TODO(bogdan): add `schema_access` support here @@ -148,7 +149,8 @@ class DashboardFilter(SupersetFilter): """List dashboards for which users have access to at least one slice or are owners""" def apply(self, query, func): # noqa - if self.has_all_datasource_access(): + if (security_manager.all_datasource_access() or + security_manager.always_list_all_dashboards()): return query Slice = models.Slice # noqa Dash = models.Dashboard # noqa From 8be397a1ba3128c6bfbb509e11b2e8743d1e9160 Mon Sep 17 00:00:00 2001 From: Timi Fasubaa Date: Wed, 15 Aug 2018 17:26:03 -0700 Subject: [PATCH 2/2] remove the superset short-circuit --- superset/security.py | 9 --------- superset/views/base.py | 3 +-- superset/views/core.py | 6 ++---- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/superset/security.py b/superset/security.py index f87d60bbad4f9..0bfca36e9e371 100644 --- a/superset/security.py +++ b/superset/security.py @@ -85,15 +85,6 @@ def get_schema_perm(self, database, schema): if schema: return '[{}].[{}]'.format(database, schema) - def always_list_all_dashboards(self): - return False - - def always_list_all_slices(self): - return False - - def always_list_all_datasources(self): - return False - def can_access(self, permission_name, view_name, user=None): """Protecting from has_access failing from missing perms/view""" if not user: diff --git a/superset/views/base.py b/superset/views/base.py index d075a14aa4a97..785e880ea8e65 100644 --- a/superset/views/base.py +++ b/superset/views/base.py @@ -251,8 +251,7 @@ def get_view_menus(self, permission_name): class DatasourceFilter(SupersetFilter): def apply(self, query, func): # noqa - if (security_manager.all_datasource_access() or - security_manager.always_list_all_datasources()): + if security_manager.all_datasource_access(): return query perms = self.get_view_menus('datasource_access') # TODO(bogdan): add `schema_access` support here diff --git a/superset/views/core.py b/superset/views/core.py index 637d620ddedf2..517fb6af500b1 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -136,8 +136,7 @@ def check_ownership(obj, raise_if_false=True): class SliceFilter(SupersetFilter): def apply(self, query, func): # noqa - if (security_manager.all_datasource_access() or - security_manager.always_list_all_slices()): + if security_manager.all_datasource_access(): return query perms = self.get_view_menus('datasource_access') # TODO(bogdan): add `schema_access` support here @@ -149,8 +148,7 @@ class DashboardFilter(SupersetFilter): """List dashboards for which users have access to at least one slice or are owners""" def apply(self, query, func): # noqa - if (security_manager.all_datasource_access() or - security_manager.always_list_all_dashboards()): + if security_manager.all_datasource_access(): return query Slice = models.Slice # noqa Dash = models.Dashboard # noqa