fix: datasource payload is incorrect

[betodealmeida]

SUMMARY

We currently return all datasources in the /datasources/ and /chart/add endpoints. This PR changes the payload to have only user-accessible datasources.

The PR adds a new method get_user_datasources, which replaces get_all_datasources in the two views.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A

TESTING INSTRUCTIONS

Will add unit tests, wanted to check the approach first.

ADDITIONAL INFORMATION

• Has associated issue:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #15184 (7c5f217) into master (ab153e6) will increase coverage by 0.08%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master   #15184      +/-   ##
==========================================
+ Coverage   77.14%   77.23%   +0.08%     
==========================================
  Files         973      973              
  Lines       50473    50496      +23     
  Branches     6183     6183              
==========================================
+ Hits        38938    39000      +62     
+ Misses      11329    11290      -39     
  Partials      206      206              

Flag	Coverage Δ
hive	81.42% <100.00%> (+<0.01%)	⬆️
mysql	81.69% <100.00%> (+<0.01%)	⬆️
postgres	81.71% <100.00%> (+<0.01%)	⬆️
presto	81.41% <100.00%> (?)
python	82.24% <100.00%> (+0.16%)	⬆️
sqlite	81.34% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset/views/chart/views.py	88.63% <ø> (ø)
superset/views/core.py	75.54% <ø> (-0.04%)	⬇️
superset/connectors/connector_registry.py	83.33% <100.00%> (+4.64%)	⬆️
superset/views/sql_lab.py	60.68% <0.00%> (ø)
superset/models/core.py	90.02% <0.00%> (+0.26%)	⬆️
superset/connectors/sqla/models.py	89.87% <0.00%> (+1.41%)	⬆️
superset/db_engine_specs/presto.py	90.31% <0.00%> (+5.89%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ab153e6...7c5f217. Read the comment docs.

[dpgaspar]

Looking good, we should add some tests for get_user_datasources

[dpgaspar]

oh! this makes me question the validity of the get methods on the MVC and API, they both depend on: https://github.com/apache/superset/blob/master/superset/views/base.py#L581

[betodealmeida]

Hmmm, do you think I also need to check for security_manager.can_access_all_datasources() here?

[dpgaspar]

can_access_database handles it

[dpgaspar]

LGTM

[john-bodley]

@betodealmeida @dpgaspar I believe this logic, i.e., relying on the fragile perm and schema_perm columns in the database, breaks if people are using a custom security manager. Should we be calling get_datasources_accessible_by_user instead?

Note I sense currently Superset doesn't do a great job of differentiating between metadata and data access. The get_datasources_accessible_by_user is somewhat of a misnomer as it is merely used for metadata access (for an awareness perspective).

[betodealmeida]

@john-bodley, get_datasources_accessible_by_user calls ConnectorRegistry.query_datasources_by_permissions, which uses the same logic I'm using here.

Since we're getting user_perms and schema_perms from the security manager (lines 108, 109) doesn't it means this works with custom security managers?

[dpgaspar]

@betodealmeida @john-bodley I think that the question here is that AirBnb totally overrides the DB permissions, they do that by overriding the security manager, their permission "backend" is something totally different. So that's possible if all permission checks are done on the security manager.

Makes me think how can that work on the REST API defined filters

[john-bodley]

@dpgaspar that's correct. We actually don't use any of the FAB logic and thus we completely bypass the securiy_manager.user_view_menu_names and reliance of the datasource_class.perm and datasource_class.schema_perm database columns.

[john-bodley]

@betodealmeida if the get_datasources_accessible_by_user method isn't ideal, then I think the alternatively would be to move the get_user_datasources method to the security manager so deployments can overwrite the logic if necessary.