john-bodley commented on a change in pull request #15184:
URL: https://github.com/apache/superset/pull/15184#discussion_r657430908
##########
File path: superset/connectors/connector_registry.py
##########
@@ -99,6 +100,41 @@ def get_datasource_by_id( # pylint:
disable=too-many-arguments
pass
raise NoResultFound(_("Datasource id not found: %(id)s",
id=datasource_id))
+ @classmethod
+ def get_user_datasources(cls, session: Session) -> List["BaseDatasource"]:
+ from superset import security_manager
+
+ # collect datasources which the user has explicit permissions to
+ user_perms = security_manager.user_view_menu_names("datasource_access")
+ schema_perms = security_manager.user_view_menu_names("schema_access")
+ user_datasources = set()
+ for datasource_class in ConnectorRegistry.sources.values():
+ user_datasources.update(
+ session.query(datasource_class)
Review comment:
@betodealmeida @dpgaspar I believe this logic, i.e., relying on the
fragile `perm` and `schema_perm` columns in the database, breaks if people are
using a custom security manager. Should we be calling
[get_datasources_accessible_by_user](https://github.com/apache/superset/blob/a06a2f30af02820189450b2264fa6bb734507ed8/superset/security/manager.py#L508)
instead?
Note I sense currently Superset doesn't do a great job of differentiating
between metadata and data access. The `get_datasources_accessible_by_user` is
somewhat of a misnomer as it is merely used for metadata access (for an
awareness perspective).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
