altef commented on a change in pull request #8699: [SIP-29] Add support for
row-level security
URL:
https://github.com/apache/incubator-superset/pull/8699#discussion_r358661125
##########
File path: superset/security/manager.py
##########
@@ -877,3 +878,39 @@ def assert_viz_permission(self, viz: "BaseViz") -> None:
"""
self.assert_datasource_permission(viz.datasource)
+
+ def get_rls_filters(self, table):
+ """
+ Retrieves the appropriate row level security filters for the current
user and the passed table.
+
+ :param table: The table to check against
+ :returns: A list of clause strings.
+ """
+ try:
+ roles = [role.id for role in g.user.roles]
+ return [
+ f.clause
+ for f in table.row_level_security_filters
+ if any(r.id in roles for r in f.roles)
+ ]
+ except AttributeError:
+ return []
+
+ def get_rls_ids(self, table) -> List[int]:
+ """
+ Retrieves the appropriate row level security filters IDs for the
current user and the passed table.
+
+ :param table: The table to check against
+ :returns: A list of IDs.
+ """
+ try:
+ roles = [role.id for role in g.user.roles]
+ ids = [
+ f.id
+ for f in table.row_level_security_filters
+ if any(r.id in roles for r in f.roles)
+ ]
+ ids.sort()
Review comment:
It's used to add to the cache key, where presumably we care which roles
they're assigned rather than the order they've been assigned them. The sort
could be done where the RLS IDs are added to the cache keys, but then it'd be
in two places rather than one.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
