Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): can_access with None crashes on builtin roles #10039

Merged
merged 1 commit into from
Jun 11, 2020
Merged

fix(security): can_access with None crashes on builtin roles #10039

merged 1 commit into from
Jun 11, 2020

Conversation

dpgaspar
Copy link
Member

SUMMARY

Calling can_access with None values causes an exception when using builtin roles. Will make this more resilient on FAB, but this should be fixed here also.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Requires DB Migration.
  • Confirm DB Migration upgrade and downgrade tested.
  • Introduces new feature or API
  • Removes existing feature or API

@dpgaspar dpgaspar requested a review from villebro June 11, 2020 14:43
@codecov-commenter
Copy link

codecov-commenter commented Jun 11, 2020
edited
Loading

Codecov Report

Merging #10039 into master will increase coverage by 3.29%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #10039      +/-   ##
==========================================
+ Coverage   65.59%   68.89%   +3.29%     
==========================================
  Files         585      584       -1     
  Lines       31046    31058      +12     
  Branches     3277     3180      -97     
==========================================
+ Hits        20364    21396    +1032     
+ Misses      10501     9553     -948     
+ Partials      181      109      -72
Flag Coverage Δ
#cypress 53.85% <ø> (?)
#javascript 59.48% <ø> (+0.11%) ⬆️
#python 67.34% <100.00%> (-2.64%) ⬇️
Impacted Files Coverage Δ
superset/security/manager.py 89.11% <100.00%> (+0.07%) ⬆️
superset/connectors/druid/models.py 28.16% <0.00%> (-54.36%) ⬇️
superset/connectors/base/models.py 86.42% <0.00%> (-2.51%) ⬇️
superset/views/datasource.py 91.80% <0.00%> (-1.64%) ⬇️
superset/views/core.py 75.39% <0.00%> (-0.89%) ⬇️
superset/db_engine_specs/hive.py 48.27% <0.00%> (-0.16%) ⬇️
superset/viz.py 57.06% <0.00%> (-0.09%) ⬇️
superset/sql_parse.py 99.29% <0.00%> (-0.01%) ⬇️
superset/viz_sip38.py 0.00% <0.00%> (ø)
superset/datasets/api.py 92.56% <0.00%> (ø)
... and 157 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 91517a5...e81167e. Read the comment docs.

villebro
villebro approved these changes Jun 11, 2020
View reviewed changes
Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. It would be great to have type checking here to do this work for us.

@dpgaspar
Copy link
Member Author

True, I'm incrementally adding them on FAB also

@dpgaspar dpgaspar merged commit c9ee598 into apache:master Jun 11, 2020
auxten pushed a commit to auxten/incubator-superset that referenced this pull request Nov 20, 2020
@dpgaspar @auxten
fix(security): can_access with None crashes on builtin roles (apache#…
3b7c3d2 
…10039)
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.37.0 labels Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@villebro villebro villebro approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/XS 🚢 0.37.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dpgaspar @codecov-commenter @villebro @mistercrunch