This is an automated email from the ASF dual-hosted git repository.
beto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new 41041f2 Show charts and dashboards based also on database permissions
(#6933)
41041f2 is described below
commit 41041f21137f7e496fe23b3688e3dbbaaeb9a5e5
Author: Beto Dealmeida <[email protected]>
AuthorDate: Thu Feb 28 10:05:28 2019 -0800
Show charts and dashboards based also on database permissions (#6933)
* Per database policies for slices
* Show charts and dashboards based on DB perms as well
* Revert indentation change
* Fix reference
* Fix pylint
---
superset/views/core.py | 33 ++++++++++++++++++++++++++++-----
1 file changed, 28 insertions(+), 5 deletions(-)
diff --git a/superset/views/core.py b/superset/views/core.py
index 053ed93..48f8324 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -27,7 +27,7 @@ from urllib import parse
from flask import (
abort, flash, g, Markup, redirect, render_template, request, Response,
url_for,
)
-from flask_appbuilder import expose, SimpleFormView
+from flask_appbuilder import expose, Model, SimpleFormView
from flask_appbuilder.actions import action
from flask_appbuilder.models.sqla.interface import SQLAInterface
from flask_appbuilder.security.decorators import has_access, has_access_api
@@ -36,7 +36,8 @@ from flask_babel import lazy_gettext as _
import pandas as pd
import simplejson as json
import sqlalchemy as sqla
-from sqlalchemy import and_, create_engine, MetaData, or_, update
+from sqlalchemy import (
+ and_, Column, create_engine, ForeignKey, Integer, MetaData, or_, Table,
update)
from sqlalchemy.engine.url import make_url
from sqlalchemy.exc import IntegrityError
from werkzeug.routing import BaseConverter
@@ -100,13 +101,30 @@ def is_owner(obj, user):
return obj and user in obj.owners
+SQLTable = Table(
+ 'tables',
+ Model.metadata, # pylint: disable=no-member
+ Column('id', Integer, primary_key=True),
+ Column('database_id', Integer, ForeignKey('dbs.id')),
+ extend_existing=True)
+
+
class SliceFilter(SupersetFilter):
def apply(self, query, func): # noqa
if security_manager.all_datasource_access():
return query
- perms = self.get_view_menus('datasource_access')
+
# TODO(bogdan): add `schema_access` support here
- return query.filter(self.model.perm.in_(perms))
+ datasource_perms = self.get_view_menus('datasource_access')
+ query = (
+ query.outerjoin(SQLTable, self.model.datasource_id ==
SQLTable.c.id)
+ .outerjoin(models.Database, models.Database.id ==
SQLTable.c.database_id)
+ .filter(or_(
+ models.Database.perm.in_(datasource_perms),
+ self.model.perm.in_(datasource_perms),
+ ))
+ )
+ return query
class DashboardFilter(SupersetFilter):
@@ -124,7 +142,12 @@ class DashboardFilter(SupersetFilter):
slice_ids_qry = (
db.session
.query(Slice.id)
- .filter(Slice.perm.in_(datasource_perms))
+ .outerjoin(SQLTable, Slice.datasource_id == SQLTable.c.id)
+ .outerjoin(models.Database, models.Database.id ==
SQLTable.c.database_id)
+ .filter(or_(
+ models.Database.perm.in_(datasource_perms),
+ Slice.perm.in_(datasource_perms),
+ ))
)
owner_ids_qry = (
db.session
