betodealmeida commented on a change in pull request #5186: Implement a
React-based table editor
URL:
https://github.com/apache/incubator-superset/pull/5186#discussion_r206956464
##########
File path: superset/views/base.py
##########
@@ -266,3 +274,49 @@ class CsvResponse(Response):
Override Response to take into account csv encoding from config.py
"""
charset = conf.get('CSV_EXPORT').get('encoding', 'utf-8')
+
+
+def check_ownership(obj, raise_if_false=True):
+ """Meant to be used in `pre_update` hooks on models to enforce ownership
+
+ Admin have all access, and other users need to be referenced on either
+ the created_by field that comes with the ``AuditMixin``, or in a field
+ named ``owners`` which is expected to be a one-to-many with the User
+ model. It is meant to be used in the ModelView's pre_update hook in
+ which raising will abort the update.
+ """
+ if not obj:
+ return False
+
+ security_exception = SupersetSecurityException(
+ "You don't have the rights to alter [{}]".format(obj))
+
+ if g.user.is_anonymous():
+ if raise_if_false:
+ raise security_exception
+ return False
+ roles = (r.name for r in get_user_roles())
Review comment:
It works here, but it might be better to use a list comprehension here
instead of a generator expression. The check in line 299 will exhaust the
generator, and it you try to access `roles` after it will be empty.
```python
>>> a = (i for i in range(10))
>>> 1 in a
True
>>> 1 in a
False
>>> list(a)
[]
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
