mistercrunch commented on a change in pull request #4689: Move has access to
superset security manager
URL:
https://github.com/apache/incubator-superset/pull/4689#discussion_r177930072
##########
File path: superset/security.py
##########
@@ -92,6 +99,42 @@ def can_access(self, permission_name, view_name, user=None):
return self.is_item_public(permission_name, view_name)
return self._has_view_access(user, permission_name, view_name)
+ def has_method_access(self, f):
+ """
+ Use this decorator to enable granular security permissions to your
+ methods. Permissions will be associated to a role, and roles are
+ associated to users.
+
+ By default the permission's name is the methods name.
+
+ Forked from the flask_appbuilder.security.decorators
+ TODO(bkyryliuk): contribute it back to FAB
+ """
+ if hasattr(f, '_permission_name'):
+ permission_str = f._permission_name
+ else:
+ permission_str = f.__name__
+
+ def wraps(self, *args, **kwargs):
+ from superset import security_manager
+ permission_str = PERMISSION_PREFIX + f._permission_name
+ if security_manager.has_access(permission_str,
+ self.__class__.__name__):
+ return f(self, *args, **kwargs)
+ else:
+ logging.warning(
+ LOGMSG_ERR_SEC_ACCESS_DENIED.format(permission_str,
+
self.__class__.__name__))
+ flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), 'danger')
+ # adds next arg to forward to the original path once user is
logged in.
+ return redirect(
+ url_for(
+ security_manager.auth_view.__class__.__name__ + '.login',
+ next=request.full_path))
Review comment:
Looked it up and the only difference from the orignal is this one line
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
