Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CRUD Security API for permissions-resources endpoint: columns not allowed to filter #2074

Closed
2 tasks
nhan34 opened this issue Jul 3, 2023 · 2 comments
Closed
2 tasks

Comments

@nhan34
Copy link

nhan34 commented Jul 3, 2023

I am using the latest version of Superset and have enabled the FAB_ADD_SECURITY_API flag to expose and use the endpoints for the Security permissions CRUD API #1801.

I am using Postman to GET from the /api/v1/security/permissions-resources/ endpoint with the following query filter parameter:

{"filters": [ {"col" : "permission.name", "opr" : "eq", "value" : "database_access"} ]}

However, instead of receiving permission-resource entries that fulfill this parameter, I get the message: "Filter column: permission.name not allowed to filter". This applies to all three columns in the permissions-resources endpoint, including id and view_menu.name.

Notes

  • I have tried the same query and filter on different endpoints, including /api/v1/security/permissions/, /api/v1/security/resources/, and /api/v1/security/users/, but do not get the same error as the permissions-resource endpoint (the queries work).
  • I am logged in as the superuser of the Superset application (admin), which has the most auth possible, when making these calls.

Steps to reproduce

  • Expose the Security API endpoints for FAB
  • Test the /api/v1/security/permissions-resources/ endpoint with the given query filter parameter

Thank you!

@dpgaspar
Copy link
Owner

Unfortunately this is currently not supported, you have to make 2 API calls:

One to fetch the permission id, and a final to api/v1/security/permissions-resources/ with:

{
  "filters": [
    {
      "col": "permission",
      "opr": "rel_o_m",
      "value": 1
    }
  ]
}

@dpgaspar
Copy link
Owner

Closing this issue, feel free to reopen if you need more info

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants