This is an automated email from the ASF dual-hosted git repository.
maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new 36a219d Allow Gamma and Alpha to access '/users/userinfo/' (#6936)
36a219d is described below
commit 36a219da7f81c0e65a259049896bb77fd66edbe2
Author: Maxime Beauchemin <[email protected]>
AuthorDate: Mon Apr 22 11:23:54 2019 -0700
Allow Gamma and Alpha to access '/users/userinfo/' (#6936)
* Allow Gamma and Alpha to access '/users/userinfo/'
closes https://github.com/apache/incubator-superset/issues/4919
* Fix unit test
* Fix test
---
superset/security.py | 22 ++++++++++++++++------
tests/core_tests.py | 1 -
tests/security_tests.py | 2 ++
3 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/superset/security.py b/superset/security.py
index df835b0..b30b2e5 100644
--- a/superset/security.py
+++ b/superset/security.py
@@ -81,19 +81,23 @@ class SupersetSecurityManager(SecurityManager):
'can_list',
}
- ALPHA_ONLY_PERMISSIONS = set([
+ ALPHA_ONLY_PERMISSIONS = {
'muldelete',
'all_database_access',
'all_datasource_access',
- ])
+ }
- OBJECT_SPEC_PERMISSIONS = set([
+ OBJECT_SPEC_PERMISSIONS = {
'database_access',
'schema_access',
'datasource_access',
'metric_access',
'can_only_access_owned_queries',
- ])
+ }
+
+ ACCESSIBLE_PERMS = {
+ 'can_userinfo',
+ }
def get_schema_perm(self, database, schema):
if schema:
@@ -386,15 +390,21 @@ class SupersetSecurityManager(SecurityManager):
pvm.permission.name in self.ALPHA_ONLY_PERMISSIONS
)
+ def is_accessible_to_all(self, pvm):
+ return pvm.permission.name in self.ACCESSIBLE_PERMS
+
def is_admin_pvm(self, pvm):
return not self.is_user_defined_permission(pvm)
def is_alpha_pvm(self, pvm):
- return not (self.is_user_defined_permission(pvm) or
self.is_admin_only(pvm))
+ return (
+ not (self.is_user_defined_permission(pvm) or
self.is_admin_only(pvm)) or
+ self.is_accessible_to_all(pvm)
+ )
def is_gamma_pvm(self, pvm):
return not (self.is_user_defined_permission(pvm) or
self.is_admin_only(pvm) or
- self.is_alpha_only(pvm))
+ self.is_alpha_only(pvm)) or self.is_accessible_to_all(pvm)
def is_sql_lab_pvm(self, pvm):
return (
diff --git a/tests/core_tests.py b/tests/core_tests.py
index 00e83ac..f021e92 100644
--- a/tests/core_tests.py
+++ b/tests/core_tests.py
@@ -189,7 +189,6 @@ class CoreTests(SupersetTestCase):
assert_func('ResetPasswordView', view_menus)
assert_func('RoleModelView', view_menus)
assert_func('Security', view_menus)
- assert_func('UserDBModelView', view_menus)
assert_func('SQL Lab',
view_menus)
diff --git a/tests/security_tests.py b/tests/security_tests.py
index 063f1e8..57b790c 100644
--- a/tests/security_tests.py
+++ b/tests/security_tests.py
@@ -76,6 +76,7 @@ class RolePermissionTests(SupersetTestCase):
self.assertIn(('can_slice', 'Superset'), perm_set)
self.assertIn(('can_explore', 'Superset'), perm_set)
self.assertIn(('can_explore_json', 'Superset'), perm_set)
+ self.assertIn(('can_userinfo', 'UserDBModelView'), perm_set)
def assert_can_alpha(self, perm_set):
self.assert_can_all('SqlMetricInlineView', perm_set)
@@ -231,6 +232,7 @@ class RolePermissionTests(SupersetTestCase):
self.assertIn(('can_fave_slices', 'Superset'), gamma_perm_set)
self.assertIn(('can_save_dash', 'Superset'), gamma_perm_set)
self.assertIn(('can_slice', 'Superset'), gamma_perm_set)
+ self.assertIn(('can_userinfo', 'UserDBModelView'), gamma_perm_set)
def test_views_are_secured(self):
"""Preventing the addition of unsecured views without has_access
decorator"""
