New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security] Fix, let admin's be able to reset user passwords on AUTH_DB #9232
Conversation
Codecov Report
@@ Coverage Diff @@
## master #9232 +/- ##
=======================================
Coverage 58.93% 58.93%
=======================================
Files 373 373
Lines 12014 12014
Branches 2945 2945
=======================================
Hits 7080 7080
Misses 4755 4755
Partials 179 179 Continue to review full report at Codecov.
|
superset/security/manager.py
Outdated
UserModelView.include_route_methods = RouteMethod.CRUD_SET | { | ||
"userinfo", | ||
"action_post", | ||
"action", | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we be using constants.RouteMethod.ACTION_POST
etc here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh! yes, right you are
UserModelView.include_route_methods = RouteMethod.CRUD_SET | { | ||
RouteMethod.ACTION, | ||
RouteMethod.ACTION_POST, | ||
"userinfo", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The userinfo
looks lonely here with the constants. Wondering if we should collect these somewhere, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can of course, did a quick search and found a bunch of "lonely" routes. Like download_dashboards
, bulk_delete
, table_metadata
. Would say that the idea here is that non repeatable ones, get referenced in place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps not something that needs to be addressed now (not really sure which is better). LGTM
UserModelView.include_route_methods = RouteMethod.CRUD_SET | { | ||
RouteMethod.ACTION, | ||
RouteMethod.ACTION_POST, | ||
"userinfo", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps not something that needs to be addressed now (not really sure which is better). LGTM
CATEGORY
SUMMARY
Let Admin user's be able to reset password when on AUTH_DB
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
Before:
After:
TEST PLAN
ADDITIONAL INFORMATION
REVIEWERS