apache · mistercrunch · Jun 5, 2019 · May 29, 2019 · Jun 5, 2019 · dflionis
diff --git a/superset/security.py b/superset/security.py
@@ -127,12 +127,13 @@ def all_datasource_access(self):
         return self.can_access(
             'all_datasource_access', 'all_datasource_access')
 
+    def all_database_access(self):
+        return self.can_access('all_database_access', 'all_database_access')
+
     def database_access(self, database):
-        return (
-            self.can_access(
-                'all_database_access', 'all_database_access') or
-            self.can_access('database_access', database.perm)
-        )
+        return (self.all_database_access() or
+                self.can_access('database_access', database.perm) or
+                self.all_datasource_access)
 
     def schema_access(self, datasource):
         return (

diff --git a/superset/views/core.py b/superset/views/core.py
@@ -152,6 +152,14 @@ def apply(self, query, func):  # noqa
         return query.filter(self.model.perm.in_(perms))
 
 
+class DatabaseFilter(SupersetFilter):
+    def apply(self, query, func): # noqa
+        if security_manager.all_database_access():
+            return query
+        perms = self.get_view_menus('database_access')
+        return query.filter(self.model.perm.in_(perms))
+
+
 class DashboardFilter(SupersetFilter):
 
     """List dashboards for which users have access to at least one slice or are owners"""
@@ -287,6 +295,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin):  # noqa
         'allow_csv_upload': _(
             'If selected, please set the schemas allowed for csv upload in Extra.'),
     }
+    base_filters = [['id', DatabaseFilter, lambda: []]]
     label_columns = {
         'expose_in_sqllab': _('Expose in SQL Lab'),
         'allow_ctas': _('Allow CREATE TABLE AS'),