New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix issues around Database permissions #7009
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -109,18 +109,27 @@ def is_owner(obj, user): | |
extend_existing=True) | ||
|
||
|
||
class DatabaseFilter(SupersetFilter): | ||
def apply(self, query, func): # noqa | ||
if security_manager.all_database_access(): | ||
return query | ||
database_perms = self.get_view_menus('database_access') | ||
return query.filter(self.model.perm.in_(database_perms)) | ||
|
||
|
||
class SliceFilter(SupersetFilter): | ||
def apply(self, query, func): # noqa | ||
if security_manager.all_datasource_access(): | ||
return query | ||
|
||
# TODO(bogdan): add `schema_access` support here | ||
datasource_perms = self.get_view_menus('datasource_access') | ||
database_perms = self.get_view_menus('database_access') | ||
query = ( | ||
query.outerjoin(SQLTable, self.model.datasource_id == SQLTable.c.id) | ||
.outerjoin(models.Database, models.Database.id == SQLTable.c.database_id) | ||
.filter(or_( | ||
models.Database.perm.in_(datasource_perms), | ||
models.Database.perm.in_(database_perms), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This appears to be using the wrong entry. |
||
self.model.perm.in_(datasource_perms), | ||
)) | ||
) | ||
|
@@ -285,6 +294,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin): # noqa | |
'allow_multi_schema_metadata_fetch': _('Allow Multi Schema Metadata Fetch'), | ||
'backend': _('Backend'), | ||
} | ||
base_filters = [['id', DatabaseFilter, lambda: []]] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this broke stuff on our end, users can't see DBs in SQL Lab. I commented it out and permissions work correctly. (edited to say "can't") There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mean "can't see" (you wrote "can see"). This may require adding There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
|
||
def pre_add(self, db): | ||
self.check_extra(db) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI ,
superset init
would create the properdatabase_access
(one for each database), but the code here (executed on update/insert) would create/update adatasource_access
entry for the database