royce-hpcnt closed pull request #4554: Merge with dbi-superset
URL: https://github.com/apache/incubator-superset/pull/4554
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/.gitignore b/.gitignore
index 9109bf1497..0437878125 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,7 +35,7 @@ node_modules
 npm-debug.log*
 yarn.lock
 superset/assets/version_info.json
-
 # IntelliJ
 *.iml
 venv
+superset-dev/*
diff --git a/superset/config.py b/superset/config.py
index ae81cfcb6e..920b662b2d 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -376,6 +376,7 @@ class CeleryConfig(object):
 # geospatial ones) by inputing javascript in controls. This exposes
 # an XSS security vulnerability
 ENABLE_JAVASCRIPT_CONTROLS = False
+VISUALIZE_ACCESS_ROLE = 'visualize_access'
 
 try:
     if CONFIG_PATH_ENV_VAR in os.environ:
diff --git a/superset/views/core.py b/superset/views/core.py
index 5b0ee5f3bc..1305f14fb0 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -2131,14 +2131,23 @@ def sqllab_viz(self):
         SqlaTable = ConnectorRegistry.sources['table']
         data = json.loads(request.form.get('data'))
         table_name = data.get('datasourceName')
+        db_id = data.get('dbId')
+
         table = (
             db.session.query(SqlaTable)
-            .filter_by(table_name=table_name)
-            .first()
+                .filter_by(table_name=table_name, database_id=db_id)
+                .first()
         )
+
+        database = (
+            db.session.query(models.Database)
+                .filter_by(id=db_id)
+                .first()
+        )
+
         if not table:
-            table = SqlaTable(table_name=table_name)
-        table.database_id = data.get('dbId')
+            table = SqlaTable(table_name=table_name, database_id=db_id, 
database=database)
+
         q = SupersetQuery(data.get('sql'))
         table.sql = q.stripped()
         db.session.add(table)
@@ -2181,6 +2190,16 @@ def sqllab_viz(self):
         table.columns = cols
         table.metrics = metrics
         db.session.commit()
+
+        role_name = app.config.get('VISUALIZE_ACCESS_ROLE')
+        if role_name is not None:
+            view_menu_perm = sm.find_permission_view_menu(
+                view_menu_name=table.get_perm(),
+                permission_name='datasource_access')
+
+            role = sm.find_role(role_name)
+            sm.add_permission_role(role, view_menu_perm)
+            
         return self.json_response(json.dumps({
             'table_id': table.id,
         }))


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to