Fix issues around Database permissions

superset/security.py

@@ -107,8 +107,10 @@ def can_access(self, permission_name, view_name):
         return self._has_view_access(user, permission_name, view_name)
 
     def all_datasource_access(self):
-        return self.can_access(
-            'all_datasource_access', 'all_datasource_access')
+        return self.can_access('all_datasource_access', 'all_datasource_access')
+
+    def all_database_access(self):
+        return self.can_access('all_database_access', 'all_database_access')
 
     def database_access(self, database):
         return (
@@ -410,8 +412,12 @@ def set_perm(self, mapper, connection, target):  # noqa
                 .values(perm=target.get_perm()),
             )
 
-        # add to view menu if not already exists
         permission_name = 'datasource_access'
+        from superset.models.core import Database
+        if mapper.class_ == Database:
+            permission_name = 'database_access'
+
+        # add to view menu if not already exists
         view_menu_name = target.get_perm()
         permission = self.find_permission(permission_name)
         view_menu = self.find_view_menu(view_menu_name)

superset/views/core.py

@@ -109,18 +109,27 @@ def is_owner(obj, user):
     extend_existing=True)
 
 
+class DatabaseFilter(SupersetFilter):
+    def apply(self, query, func):  # noqa
+        if security_manager.all_database_access():
+            return query
+        database_perms = self.get_view_menus('database_access')
+        return query.filter(self.model.perm.in_(database_perms))
+
+
 class SliceFilter(SupersetFilter):
     def apply(self, query, func):  # noqa
         if security_manager.all_datasource_access():
             return query
 
         # TODO(bogdan): add `schema_access` support here
         datasource_perms = self.get_view_menus('datasource_access')
+        database_perms = self.get_view_menus('database_access')
         query = (
             query.outerjoin(SQLTable, self.model.datasource_id == SQLTable.c.id)
             .outerjoin(models.Database, models.Database.id == SQLTable.c.database_id)
             .filter(or_(
-                models.Database.perm.in_(datasource_perms),
+                models.Database.perm.in_(database_perms),
                 self.model.perm.in_(datasource_perms),
             ))
         )
@@ -285,6 +294,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin):  # noqa
         'allow_multi_schema_metadata_fetch': _('Allow Multi Schema Metadata Fetch'),
         'backend': _('Backend'),
     }
+    base_filters = [['id', DatabaseFilter, lambda: []]]
 
     def pre_add(self, db):
         self.check_extra(db)