iop
/
superset
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[api] Fix, related fields need to be explicitly defined (#9283) 

* [api] Fix, related fields need to be explicitly defined

* [api] Fix, lint

* Update superset/datasets/api.py

Co-Authored-By: ʈᵃᵢ <tdupreetan@gmail.com>

Co-authored-by: ʈᵃᵢ <tdupreetan@gmail.com>
This commit is contained in:
Daniel Vaz Gaspar 2020-03-12 18:55:33 +00:00 committed by GitHub
parent 78ba7d52f6
commit 0c8c4d6895
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
superset/datasets/api.py
View File

@ -98,6 +98,7 @@ class DatasetRestApi(BaseSupersetModelRestApi):
filter_rel_fields_field = {"owners": "first_name", "database": "database_name"}
filter_rel_fields = {"database": [["id", DatabaseFilter, lambda: []]]}
allowed_rel_fields = {"database", "owners"}
@expose("/", methods=["POST"])
@protect()

5
superset/views/base_api.py
View File

@ -16,7 +16,7 @@
# under the License.
import functools
import logging
from typing import Dict, Tuple
from typing import Dict, Set, Tuple
from flask import request
from flask_appbuilder import ModelRestApi
@ -101,6 +101,7 @@ class BaseSupersetModelRestApi(ModelRestApi):
"<RELATED_FIELD>": "<FILTER>")
}
""" # pylint: disable=pointless-string-statement
allowed_rel_fields: Set[str] = set()
def __init__(self):
super().__init__()
@ -191,6 +192,8 @@ class BaseSupersetModelRestApi(ModelRestApi):
500:
$ref: '#/components/responses/500'
"""
if column_name not in self.allowed_rel_fields:
return self.response_404()
args = kwargs.get("rison", {})
# handle pagination
page, page_size = self._handle_page_args(args)

3
superset/views/chart/api.py
View File

@ -178,4 +178,5 @@ class ChartRestApi(SliceMixin, BaseOwnedModelRestApi):
"slices": ("slice_name", "asc"),
"owners": ("first_name", "asc"),
}
filter_rel_fields_field = {"owners": "first_name", "dashboards": "dashboard_title"}
filter_rel_fields_field = {"owners": "first_name"}
allowed_rel_fields = {"owners"}

3
superset/views/dashboard/api.py
View File

@ -173,7 +173,8 @@ class DashboardRestApi(DashboardMixin, BaseOwnedModelRestApi):
"slices": ("slice_name", "asc"),
"owners": ("first_name", "asc"),
}
filter_rel_fields_field = {"owners": "first_name", "slices": "slice_name"}
filter_rel_fields_field = {"owners": "first_name"}
allowed_rel_fields = {"owners"}
@expose("/", methods=["DELETE"])
@protect()