rusackas commented on code in PR #41301:
URL: https://github.com/apache/superset/pull/41301#discussion_r3478559488
##########
superset/views/base.py:
##########
@@ -280,8 +280,16 @@ def menu_data(user: User) -> dict[str, Any]:
if callable(brand_text := app.config["LOGO_RIGHT_TEXT"]):
brand_text = brand_text()
- # Get centralized version metadata
- version_metadata = get_version_metadata()
+ # Get centralized version metadata. Precise build details (git SHA and
+ # build number) let a viewer map the deployment to a specific commit/build,
+ # so expose them only to admins unless the deployment opts in via
+ # EXPOSE_BUILD_DETAILS_TO_USERS. The release version string is always
shown.
+ expose_build_details = (
+ app.config["EXPOSE_BUILD_DETAILS_TO_USERS"] or
security_manager.is_admin()
+ )
+ version_metadata = visible_version_metadata(
Review Comment:
Good catch — empty `version_sha` was producing an empty path segment rather
than hitting the `unknownSHA` default. Coalesced both to `undefined` at the
call site so the component defaults apply when redacted.
##########
tests/unit_tests/utils/version_test.py:
##########
@@ -0,0 +1,60 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""Tests for superset.utils.version helpers."""
+
+from typing import Any
+
+from superset.utils.version import visible_version_metadata
+
+
+def _metadata() -> dict[str, Any]:
+ """Build a sample version-metadata dict for the redaction tests."""
+ return {
+ "version_string": "4.0.0",
+ "version_sha": "abcdef12",
+ "build_number": "build-42",
+ }
+
+
+def test_visible_version_metadata_hides_build_details_when_not_exposed() ->
None:
Review Comment:
Added tests around `menu_data` asserting admin/config opt-in sees the SHA
and non-admin gets the redacted values.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
