Expose hook to inject database connection logic on the fly

superset/config.py

@@ -377,6 +377,22 @@ class CeleryConfig(object):
 # an XSS security vulnerability
 ENABLE_JAVASCRIPT_CONTROLS = False
 
+# A callable that allows altering the database conneciton URL and params
+# on the fly, at runtime. This allows for things like impersonation or
+# arbitrary logic. For instance you could wired different users to
+# use different connection parameters, or pass their email address as the
+# username. The function receives the connection uri object, connection
+# params, and user object, and returns the mutated uri and params objects.
+# Example:
+#   def DB_CONNECTION_MUTATOR(uri, params, user):
+#       if user and user.email:
+#           uri.username = user.email
+#       return uri, params
+#
+# Note that the returned uri and params are passed directly to sqlalchemy's
+# as such `create_engine(url, **params)`
+DB_CONNECTION_MUTATOR = None
+
 try:
     if CONFIG_PATH_ENV_VAR in os.environ:
         # Explicitly import config module that is not in pythonpath; useful

superset/models/core.py

@@ -675,6 +675,8 @@ def get_sqla_engine(self, schema=None, nullpool=True, user_name=None):
         if configuration:
             params['connect_args'] = {'configuration': configuration}
 
+        if config.DB_CONNECTION_MUTATOR:
+            url, params = config.DB_CONNECTION_MUTATOR(url, params, g.user)
         return create_engine(url, **params)
 
     def get_reserved_words(self):