Skip to content

Show charts and dashboards based also on database permissions #6933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
betodealmeida merged 5 commits into from
Feb 28, 2019
+28 −5
Merged

Show charts and dashboards based also on database permissions #6933

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
212f880
Per database policies for slices
betodealmeida Feb 21, 2019
f74151b
Show charts and dashboards based on DB perms as well
betodealmeida Feb 22, 2019
50a0102
Revert indentation change
betodealmeida Feb 22, 2019
d8c3939
Fix reference
betodealmeida Feb 25, 2019
c14fe44
Fix pylint
betodealmeida Feb 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 28 additions & 5 deletions superset/views/core.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
from flask import (
abort, flash, g, Markup, redirect, render_template, request, Response, url_for,
)
from flask_appbuilder import expose, SimpleFormView
from flask_appbuilder import expose, Model, SimpleFormView
from flask_appbuilder.actions import action
from flask_appbuilder.models.sqla.interface import SQLAInterface
from flask_appbuilder.security.decorators import has_access, has_access_api
Expand All @@ -36,7 +36,8 @@
import pandas as pd
import simplejson as json
import sqlalchemy as sqla
from sqlalchemy import and_, create_engine, MetaData, or_, update
from sqlalchemy import (
and_, Column, create_engine, ForeignKey, Integer, MetaData, or_, Table, update)
from sqlalchemy.engine.url import make_url
from sqlalchemy.exc import IntegrityError
from werkzeug.routing import BaseConverter
Expand Down Expand Up @@ -100,13 +101,30 @@ def is_owner(obj, user):
return obj and user in obj.owners


SQLTable = Table(
'tables',
Model.metadata, # pylint: disable=no-member
Column('id', Integer, primary_key=True),
Column('database_id', Integer, ForeignKey('dbs.id')),
extend_existing=True)


class SliceFilter(SupersetFilter):
def apply(self, query, func): # noqa
if security_manager.all_datasource_access():
return query
perms = self.get_view_menus('datasource_access')

# TODO(bogdan): add `schema_access` support here
return query.filter(self.model.perm.in_(perms))
datasource_perms = self.get_view_menus('datasource_access')
query = (
query.outerjoin(SQLTable, self.model.datasource_id == SQLTable.c.id)
.outerjoin(models.Database, models.Database.id == SQLTable.c.database_id)
.filter(or_(
models.Database.perm.in_(datasource_perms),
self.model.perm.in_(datasource_perms),
))
)
return query


class DashboardFilter(SupersetFilter):
Expand All @@ -124,7 +142,12 @@ def apply(self, query, func): # noqa
slice_ids_qry = (
db.session
.query(Slice.id)
.filter(Slice.perm.in_(datasource_perms))
.outerjoin(SQLTable, Slice.datasource_id == SQLTable.c.id)
.outerjoin(models.Database, models.Database.id == SQLTable.c.database_id)
.filter(or_(
models.Database.perm.in_(datasource_perms),
Slice.perm.in_(datasource_perms),
))
)
owner_ids_qry = (
db.session
Expand Down