Skip to content

Commit

Permalink
progrss
Browse files Browse the repository at this point in the history
  • Loading branch information
mistercrunch committed Nov 15, 2016
1 parent 2cff55a commit 0d05dd1
Show file tree
Hide file tree
Showing 9 changed files with 258 additions and 137 deletions.
3 changes: 0 additions & 3 deletions superset/data/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -891,11 +891,8 @@ def load_unicode_test_data():
dash.position_json = json.dumps([pos], indent=4)
dash.slug = "unicode-test"
dash.slices = [slc]
print('merge')
db.session.merge(dash)
print('commit')
db.session.commit()
print('after')


def load_random_time_series_data():
Expand Down
27 changes: 27 additions & 0 deletions superset/migrations/versions/e46f2d27a08e_materialize_perms.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
"""materialize perms
Revision ID: e46f2d27a08e
Revises: c611f2b591b8
Create Date: 2016-11-14 15:23:32.594898
"""

# revision identifiers, used by Alembic.
revision = 'e46f2d27a08e'
down_revision = 'c611f2b591b8'

from alembic import op
import sqlalchemy as sa


def upgrade():
op.add_column('datasources', sa.Column('perm', sa.String(length=1000), nullable=True))
op.add_column('dbs', sa.Column('perm', sa.String(length=1000), nullable=True))
op.add_column('tables', sa.Column('perm', sa.String(length=1000), nullable=True))


def downgrade():
op.drop_column('tables', 'perm')
op.drop_column('datasources', 'perm')
op.drop_column('dbs', 'perm')

27 changes: 20 additions & 7 deletions superset/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,10 @@
FillterPattern = re.compile(r'''((?:[^,"']|"[^"]*"|'[^']*')+)''')


def set_perm(mapper, connection, target): # noqa
target.perm = target.get_perm()


def init_metrics_perm(metrics=None):
"""Create permissions for restricted metrics
Expand Down Expand Up @@ -216,7 +220,7 @@ class Slice(Model, AuditMixinNullable, ImportMixin):
params = Column(Text)
description = Column(Text)
cache_timeout = Column(Integer)
perm = Column(String(2000), unique=True)
perm = Column(String(1000))
owners = relationship("User", secondary=slice_user)

export_fields = ('slice_name', 'datasource_type', 'datasource_name',
Expand Down Expand Up @@ -383,14 +387,14 @@ def import_obj(cls, slc_to_import, import_time=None):
return slc_to_import.id


def set_perm(mapper, connection, target): # noqa
def set_related_perm(mapper, connection, target): # noqa
src_class = target.cls_model
id_ = target.datasource_id
ds = db.session.query(src_class).filter_by(id=int(id_)).first()
target.perm = ds.perm

sqla.event.listen(Slice, 'before_insert', set_perm)
sqla.event.listen(Slice, 'before_update', set_perm)
sqla.event.listen(Slice, 'before_insert', set_related_perm)
sqla.event.listen(Slice, 'before_update', set_related_perm)


dashboard_slices = Table(
Expand Down Expand Up @@ -681,7 +685,7 @@ class Database(Model, AuditMixinNullable):
"engine_params": {}
}
"""))
perm = Column(String(2000), unique=True)
perm = Column(String(1000))

def __repr__(self):
return self.database_name
Expand Down Expand Up @@ -849,6 +853,9 @@ def get_perm(self):
return (
"[{obj.database_name}].(id:{obj.id})").format(obj=self)

sqla.event.listen(Database, 'before_insert', set_perm)
sqla.event.listen(Database, 'before_update', set_perm)


class SqlaTable(Model, Queryable, AuditMixinNullable, ImportMixin):

Expand All @@ -875,7 +882,7 @@ class SqlaTable(Model, Queryable, AuditMixinNullable, ImportMixin):
schema = Column(String(255))
sql = Column(Text)
params = Column(Text)
perm = Column(String(2000), unique=True)
perm = Column(String(1000))

baselink = "tablemodelview"
export_fields = (
Expand Down Expand Up @@ -1317,6 +1324,9 @@ def import_obj(cls, datasource_to_import, import_time=None):

return datasource.id

sqla.event.listen(SqlaTable, 'before_insert', set_perm)
sqla.event.listen(SqlaTable, 'before_update', set_perm)


class SqlMetric(Model, AuditMixinNullable, ImportMixin):

Expand Down Expand Up @@ -1592,7 +1602,7 @@ class DruidDatasource(Model, AuditMixinNullable, Queryable):
'DruidCluster', backref='datasources', foreign_keys=[cluster_name])
offset = Column(Integer, default=0)
cache_timeout = Column(Integer)
perm = Column(String(2000), unique=True)
perm = Column(String(1000))

@property
def database(self):
Expand Down Expand Up @@ -2196,6 +2206,9 @@ def get_having_filters(self, raw_filters):
filters = cond
return filters

sqla.event.listen(DruidDatasource, 'before_insert', set_perm)
sqla.event.listen(DruidDatasource, 'before_update', set_perm)


class Log(Model):

Expand Down
33 changes: 23 additions & 10 deletions superset/security.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
'AccessRequestsModelView',
'Manage',
'SQL Lab',
'Queries',
'Refresh Druid Metadata',
'ResetPasswordView',
'RoleModelView',
Expand Down Expand Up @@ -76,13 +77,15 @@ def get_or_create_main_db():

def sync_role_definitions():
"""Inits the Superset application with security roles and such"""
logging.info("Syncing role definition")

# Creating default roles
alpha = sm.add_role("Alpha")
admin = sm.add_role("Admin")
gamma = sm.add_role("Gamma")
public = sm.add_role("Public")
sql_lab = sm.add_role("sql_lab")
granter = sm.add_role("granter")

get_or_create_main_db()

Expand All @@ -94,11 +97,11 @@ def sync_role_definitions():
perms = db.session.query(ab_models.PermissionView).all()
perms = [p for p in perms if p.permission and p.view_menu]

# set admin perms
logging.info("Syncing admin perms")
for p in perms:
sm.add_permission_role(admin, p)

# set alpha perms
logging.info("Syncing alpha perms")
for p in perms:
if (
(
Expand All @@ -111,7 +114,7 @@ def sync_role_definitions():
else:
sm.del_permission_role(alpha, p)

# set gamma permissions and public to be alike if specified
logging.info("Syncing gamma perms and public if specified")
PUBLIC_ROLE_LIKE_GAMMA = conf.get('PUBLIC_ROLE_LIKE_GAMMA', False)
for p in perms:
if (
Expand All @@ -129,7 +132,7 @@ def sync_role_definitions():
sm.del_permission_role(gamma, p)
sm.del_permission_role(public, p)

# Managing the sql_lab role
logging.info("Syncing sql_lab perms")
for p in perms:
if (
p.view_menu.name in {'SQL Lab'} or
Expand All @@ -140,26 +143,36 @@ def sync_role_definitions():
else:
sm.del_permission_role(sql_lab, p)

# Making sure all data source perms have been created
logging.info("Syncing granter perms")
for p in perms:
if (
p.permission.name in {
'can_override_role_permissions', 'can_aprove'}
):
sm.add_permission_role(granter, p)
else:
sm.del_permission_role(granter, p)

logging.info("Making sure all data source perms have been created")
session = db.session()
datasources = [
table.perm for table in session.query(models.SqlaTable).all()]
o for o in session.query(models.SqlaTable).all()]
datasources += [
table.perm for table in session.query(models.DruidDatasource).all()]
o for o in session.query(models.DruidDatasource).all()]
for datasource in datasources:
perm = datasource.get_perm()
sm.add_permission_view_menu('datasource_access', perm)
if perm != datasource.perm:
datasource.perm = perm

# Making sure all database perms have been created
databases = [o.perm for o in session.query(models.Database).all()]
logging.info("Making sure all database perms have been created")
databases = [o for o in session.query(models.Database).all()]
for database in databases:
perm = database.get_perm()
if perm != database.perm:
database.perm = perm
sm.add_permission_view_menu('database_access', perm)
session.commit()

# Creating metric perms
logging.info("Making sure all metrics perms exist")
models.init_metrics_perm()
25 changes: 18 additions & 7 deletions superset/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -240,11 +240,7 @@ def apply(self, query, func): # noqa
self.has_perm('all_database_access', 'all_database_access')):
return query
perms = self.get_view_menus('database_access')
ids = [
o.id for o in db.session.query(self.model).all()
if o.perm in perms
]
return query.filter(self.model.id.in_(ids))
return query.filter(self.model.perm.in_(perms))


class DatasourceFilter(SupersetFilter):
Expand Down Expand Up @@ -518,10 +514,11 @@ class DatabaseView(SupersetModelView, DeleteMixin): # noqa
'extra',
'database_name',
'sqlalchemy_uri',
'perm',
'created_by',
'created_on',
'changed_by',
'changed_on'
'changed_on',
]
add_template = "superset/models/database/add.html"
edit_template = "superset/models/database/edit.html"
Expand Down Expand Up @@ -630,6 +627,7 @@ class TableModelView(SupersetModelView, DeleteMixin): # noqa
'table_name', 'sql', 'is_featured', 'database', 'schema',
'description', 'owner',
'main_dttm_col', 'default_endpoint', 'offset', 'cache_timeout']
show_columns = edit_columns + ['perm']
related_views = [TableColumnInlineView, SqlMetricInlineView]
base_order = ('changed_on', 'desc')
description_columns = {
Expand Down Expand Up @@ -985,6 +983,19 @@ class LogModelView(SupersetModelView):
icon="fa-list-ol")


class QueryView(SupersetModelView):
datamodel = SQLAInterface(models.Query)
list_columns = ['user', 'database', 'status', 'start_time', 'start_time']

appbuilder.add_view(
QueryView,
"Queries",
label=__("Queries"),
category="Manage",
category_label=__("Manage"),
icon="fa-search")


class DruidDatasourceModelView(SupersetModelView, DeleteMixin): # noqa
datamodel = SQLAInterface(models.DruidDatasource)
list_widget = ListWidgetWithCheckboxes
Expand All @@ -998,6 +1009,7 @@ class DruidDatasourceModelView(SupersetModelView, DeleteMixin): # noqa
'is_featured', 'is_hidden', 'default_endpoint', 'offset',
'cache_timeout']
add_columns = edit_columns
show_columns = add_columns + ['perm']
page_size = 500
base_order = ('datasource_name', 'asc')
description_columns = {
Expand Down Expand Up @@ -2261,7 +2273,6 @@ def show_traceback(self):
title=ascii_art.stacktrace,
art=ascii_art.error), 500

@has_access
@expose("/welcome")
def welcome(self):
"""Personalized welcome page"""
Expand Down

0 comments on commit 0d05dd1

Please sign in to comment.